TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations.
This repository is an open playground to experiment with different serialization formats and approaches for the SPDX 3.0 spec.
Once we have decided on the officially supported SPDX serializations, they will be documented in other repositories and this repository will be deleted.
Each serialization approach will be in a separate sub-directory. The sub-directory will contain a README.md file with background on the serialization approach, a description on the different examples, and a link to any tools that can parse these files.
All contributions are licensed under CC0 - please sign-off any commits.
New serialization approaches should be in their own directories with an appropriate README.md file.
We will do a minimum review of new proposals before merging.
Suggestions to existing serialization approaches will be reviewed by the contributors of the original serializations approach before merging.
- The logical model is the single authoritative source for SPDXv3 content. All examples submitted to the playground should correspond to the given model examples to allow for easy comparison. The initial set of examples is from the SPDX v3 serialization README (see use cases).
- The contributor for each serialization method is responsible for creating the examples and test code for that method.
- The barrier to entry should be minimal. A contributor may create as many or as few examples as they deem appropriate for defining the method.
- Although examples may be initially submitted to illustrate ideas before code has been developed to process them, serializing and parsing code will eventually be necessary to demonstrate that the examples correctly reflect the model.
See USING for more detail on the creation and use of model templates, logical examples, and serialized examples.
- The code for each serialization method translates between the logical examples and the corresponding serialized examples in both directions, demonstrating the ability of the serialization method to correctly implement the model. This enables translation of serialized data from any format to any other by reading and writing logical values.
| Logical Examples | RDF | XML | JSON-LD | JSON1 | JSON2 | JSON3 | Protobuf | CBOR | YAML | Text1 |
|---|---|---|---|---|---|---|---|---|---|---|
| --- Agents --- | ||||||||||
| Agent1 | o | o | ||||||||
| Person1 with minimal CreationInfo | o | o | ||||||||
| Person2 with full CreationInfo | o | o | ||||||||
| Person3 with no CreationInfo??? | o | o | ||||||||
| Organization1 | o | o | ||||||||
| Tool1 not an Agent | o | o | ||||||||
| --- Annotations --- | ||||||||||
| Annotation1 | o | o | ||||||||
| --- Artifacts --- | ||||||||||
| Package1 | o | o | ||||||||
| Package2 with ExternalIdentifier | o | |||||||||
| Package3 with ExternalReference | o | |||||||||
| File1 | o | o | ||||||||
| File2 | o | o | ||||||||
| Snippet1 | o | |||||||||
| --- Relationships --- | ||||||||||
| Relationship1 Pkg1, File1, File2 | o | |||||||||
| Relationship2 with time properties | ||||||||||
| LifecycleScopeRelationship1 | ||||||||||
| AssessmentRelationship1 | ||||||||||
| SoftwareDependencyRelationship1 | ||||||||||
| --- Collections --- | ||||||||||
| Bom2 | ||||||||||
| Sbom1 with two Files | ||||||||||
| Sbom2 with Pkg1, File1, File2, Rel1 | o | |||||||||
| Bundle1 | ||||||||||
| Bundle2 of Person1, Person2 | ||||||||||
| --- SpdxDocuments --- | ||||||||||
| SpdxDocument1 with two Files | o | |||||||||
| SpdxDocument2 with two Sboms | o | |||||||||
| SpdxDocument3 with NamespaceMap | ||||||||||
| SpdxDocument4 with ExternalMap | ||||||||||
| SpdxDocument5 v2.3 example | o | |||||||||
| --- Licensing --- | ||||||||||
| License1 single artifact | ||||||||||
| CustomLicense1 single artifact | ||||||||||
| LicenseExpression1 single artifact | ||||||||||
| LicenseExpression2 single artifact | ||||||||||
| LicenseExpression3 two artifacts | ||||||||||
| --- Security --- | ||||||||||
| --- Build --- | ||||||||||
NOTE: need list of element types required by each licensing use case, specify which artifact examples
- An element set is the list of individual element example values that are included in a Payload.
- A Payload is the result of combining the element set into serialized data in a method-specific manner.
- The code for a method translates between the Payload and its element set in both directions.
| Example | RDF | XML | JSON-LD | JSON1 | JSON2 | JSON3 | Protobuf | CBOR | YAML | Text1 |
|---|---|---|---|---|---|---|---|---|---|---|
| Payload1 - File1, File2 | o | |||||||||
| Payload2 - Sbom1, Sbom2 | o | |||||||||
| Payload3 - v2.3 | o |
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent