Expand description
§sbom-model-spdx
spdx adapter for sbom-model.
parses spdx json documents into the format-agnostic Sbom type.
§usage
use sbom_model::Sbom;
use sbom_model_spdx::SpdxReader;
let json = r#"{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "example",
"documentNamespace": "https://example.com/sbom",
"creationInfo": {
"creators": ["Tool: example"],
"created": "2024-01-01T00:00:00Z"
},
"packages": [
{
"name": "serde",
"SPDXID": "SPDXRef-serde",
"downloadLocation": "https://crates.io/crates/serde",
"licenseConcluded": "MIT"
}
],
"relationships": []
}"#;
let sbom: Sbom = SpdxReader::read_json(json.as_bytes()).unwrap();
assert_eq!(sbom.components.len(), 1);
assert_eq!(sbom.components[0].name, "serde");§supported features
- spdx 2.3 json format (rdf/xml/tag-value not supported)
- packages with name, version, licenses, checksums
- supplier information
- purl extraction from external references
- relationship-based dependency graph (DEPENDS_ON, CONTAINS, DESCRIBES)
- creation info (timestamps, tools, authors)
§error handling
use sbom_model_spdx::{SpdxReader, Error};
fn parse(data: &[u8]) -> Result<(), Error> {
let sbom = SpdxReader::read_json(data)?;
// ...
Ok(())
}the Error type wraps parse errors from serde_json.
§related crates
sbom-model- the core data modelsbom-model-cyclonedx- cyclonedx format adaptersbom-diff- diff engine and cli
Structs§
- Spdx
Reader - Parser for SPDX JSON documents.
Enums§
- Error
- Errors that can occur when parsing SPDX documents.