Uploaded image for project: 'Image Builder'
  1. Image Builder
  2. COMPOSER-2386

Make sure that SBOM license fields contain valid SPDX license expressions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • osbuild
    • None

      The osbuild-depsolve-dnf currently produces SBOMs that use license strings from the RPM header as is. If the license string is not a valid SPDX license expression, the validation and parsing of the SBOM may fail.

      The goal is to fix the implementation to always use valid license strings according to the SPDX specification.

              thozza@redhat.com Tomas Hozza
              thozza@redhat.com Tomas Hozza
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: