Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add elements array to the example for SpdxPackage and SBOM #1054

Merged
merged 4 commits into from
Aug 12, 2024
Merged

Add elements array to the example for SpdxPackage and SBOM #1054

merged 4 commits into from
Aug 12, 2024

Conversation

goneall
Copy link
Member

@goneall goneall commented Aug 11, 2024

Per the discussion on the tech call, there was consensus that elements should have a minimum of 1 for both SpdxPackage and SBOM.

Fixes #1013

@goneall
Add elements array to the example for SpdxPackage and SBOM
3ba15f7 
Per the discussion on the tech call, there was consensus that elements should have a minimum of 1 for both SpdxPackage and SBOM.

Fixes #1013

Signed-off-by: Gary O'Neall <[email protected]>
@goneall goneall added this to the 3.0.1 milestone Aug 11, 2024
@goneall
Copy link
Member Author

goneall commented Aug 11, 2024

@JPEWdev - Please review

@NorioKobota
Copy link
Contributor

NorioKobota commented Aug 12, 2024
edited
Loading

If this is the correct specification, wouldn't it also be necessary to change External properties restrictions of Sbom class?
https://github.com/spdx/spdx-3-model/blob/main/model/Software/Classes/Sbom.md

## External properties restrictions

- /Core/ElementCollection/element
  - minCount: 1
- /Core/ElementCollection/rootElement
  - minCount: 1

Also, I think we need to discuss whether Bom and SpdxDocument classes should have at least one element, rootElement. In the end, the discussion will be whether element, rootElement in ElementCollection class should be minCount == 1.

@goneall
Copy link
Member Author

goneall commented Aug 12, 2024

If this is the correct specification, wouldn't it also be necessary to change External properties restrictions of Sbom class? https://github.com/spdx/spdx-3-model/blob/main/model/Software/Classes/Sbom.md

## External properties restrictions

- /Core/ElementCollection/element
  - minCount: 1
- /Core/ElementCollection/rootElement
  - minCount: 1

Thanks for providing the syntax for adding this - I created an issue in the model repo to add the restrictions, but I didn't have the information on how to modify the markdown files. See spdx/spdx-3-model#841

Also, I think we need to discuss whether Bom and SpdxDocument classes should have at least one element, rootElement. In the end, the discussion will be whether element, rootElement in ElementCollection class should be minCount == 1.

For ElementCollection we discussed on a tech call and agreed that an empty collection was acceptable, so having a minCount == 0 was OK. However, in a more recent tech call we reached a consensus that Bom and SpdxDocument (both subclasses of ElementCollection) should have a minimum of 1.

@zvr
Copy link
Member

zvr commented Aug 12, 2024

Please see my comment.
What do we decide for rootElement ?

This was triggered by SPDX Lite by @NorioKobota , which I am now updating to take into effect this new change.

kestewart
kestewart approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@kestewart kestewart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This aligns with decision in the model.

@goneall goneall merged commit 4e3f4d6 into development/v3.0.1 Aug 12, 2024
4 checks passed
@goneall goneall deleted the elements-to-example branch August 12, 2024 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bact bact bact approved these changes

@zvr zvr zvr approved these changes

@kestewart kestewart kestewart approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.0.1
Development

Successfully merging this pull request may close these issues.

Should the SPDX V3 sbom contain a list of elements?
5 participants
@goneall @NorioKobota @zvr @bact @kestewart