Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix spdxVersion for bsi and oct #351

Merged
merged 2 commits into from
Nov 11, 2024
Merged

fix spdxVersion for bsi and oct #351

merged 2 commits into from
Nov 11, 2024

Conversation

viveksahu26
Copy link
Collaborator

closes #349

This PR fixes parsing of SPDX Version correctly for bsi and oct compliance. Whereas no changes in score.

For bsi:

go run main.go compliance --bsi   samples/photon.spdx.json 
BSI TR-03183-2 v1.1 Compliance Report 
Compliance score by Interlynk Score:2.5 RequiredScore:5.0 OptionalScore:0.0 for samples/photon.spdx.json
* indicates optional fields
+-------------------------------------+---------+--------------------------------+------------------------------------------------------------------+-------+
|              ELEMENTID              | SECTION |           DATAFIELD            |                          ELEMENT RESULT                          | SCORE |
+-------------------------------------+---------+--------------------------------+------------------------------------------------------------------+-------+
| SBOM                                |       4 | specification                  | spdx                                                             |  10.0 |
+                                     +---------+--------------------------------+------------------------------------------------------------------+-------+
|                                     |       4 | specification version          | SPDX-2.2                                                         |  10.0 |
+                                     +---------+--------------------------------+------------------------------------------------------------------+-------+

For oct:

go run main.go compliance --oct   samples/photon.spdx.json 
OpenChain Telco Report
Compliance score by Interlynk Score:2.9 RequiredScore:2.9 OptionalScore:0.0 for samples/photon.spdx.json
* indicates optional fields
+-------------------------------------+---------+------------------------------+------------------------------------------------------------------+-------+
|              ELEMENTID              | SECTION |          DATAFIELD           |                          ELEMENT RESULT                          | SCORE |
+-------------------------------------+---------+------------------------------+------------------------------------------------------------------+-------+
| SPDX Elements                       | 3.1.1   | SBOM data format             | spdx                                                             |  10.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.10  | SBOM creator tool            | tern                                                             |  10.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.11  | SBOM machine readable format | spdx, json                                                       |  10.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.12  | SBOM human readable format   | json                                                             |  10.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.14  | SBOM delivery time           | unknown                                                          |   0.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.15  | SBOM delivery method         | unknown                                                          |   0.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.16  | SBOM scope                   | unknown                                                          |   0.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+
|                                     | 3.1.2   | Spec version                 | SPDX-2.2                                                         |  10.0 |
+                                     +---------+------------------------------+------------------------------------------------------------------+-------+

@viveksahu26
fix spdxversion for bsi and oct
82a100b 
Signed-off-by: Vivek Kumar Sahu <[email protected]>
riteshnoronha
riteshnoronha reviewed Nov 11, 2024
View reviewed changes
pkg/compliance/bsi.go
@@ -27,7 +27,7 @@ import (
)

var (
validBsiSpdxVersions = []string{"SPDX-2.3"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is incorrect for BSI 1.1 its SPDX-2.3 only.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

addressed it !!

@viveksahu26
update score
419cb06 
Signed-off-by: Vivek Kumar Sahu <[email protected]>
@riteshnoronha riteshnoronha merged commit b82f436 into interlynk-io:main Nov 11, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@riteshnoronha riteshnoronha riteshnoronha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SPDX Version always return SPDX-2.3
2 participants
@viveksahu26 @riteshnoronha