External document references not used with JSON formatted dependencies

[goneall]

External document references are used for dependencies which have SPDX document as a repository artifact.

XML formatted documents are included. However, .json files are not. This is likely due to how the plugin looks for and finds the dependencies.

[abhishekdumaniya]

Sir @goneall, I am interested in solving this issue, I want to work on it.

[goneall]

@MazeJack - that would be great. Let me know if you need any help understanding the code.

[abhishekdumaniya]

sir @goneall,
I am a new member and would like to contribute to this issue. I came across a file named json-pom-use-artifact.xml. Could you please explain to me which dependencies are included in this .xml file and not in a .json file? do I have to rewrite code in the license.json file or any other .json file?

P.S. I found an externalReferences tag in json-pom-use-artifact.xml. Do I have to rewrite it in license.json or any other .json?

[goneall]

@MazeJack -The Java code that generates the external relationships will probably need to be modified.

The source file SpdxDependencyInformation is responsible for creating the external document references. Here's a link to the method that creates it:

spdx-maven-plugin/src/main/java/org/spdx/maven/utils/SpdxDependencyInformation.java

Line 555 in fad39c1

private SpdxElement createExternalSpdxPackageReference( SpdxDocument externalSpdxDoc,

I would suggest looking for where this method is called and see if it is only looking for XML files and whether it can also search for JSON files.