SPDX Document File

A package manager that uses SPDX documents as definition files.

Configuration

Example

Use the following syntax to configure this plugin globally as part of config.yml:

ort:
  analyzer:
    packageManagers:
      SpdxDocumentFile:
        options:
          deduceOrtIdFromPurl: false

Use the following syntax to configure this plugin in a repository's .ort.yml:

analyzer:
  package_managers:
    SpdxDocumentFile:
      options:
        deduceOrtIdFromPurl: false

If the plugin is configured in both locations, the configurations are merged, with options from .ort.yml taking precedence over those from config.yml.

Options

deduceOrtIdFromPurl

If this option is enabled and an SPDX package has a PURL as an external reference, the ORT [Package]'s [Identifier] is deduced from that PURL instead of from the [SpdxPackage]'s [ID][SpdxPackage.spdxId].

Configuration​

Example​

Options​

deduceOrtIdFromPurl​

Configuration

Example

Options

deduceOrtIdFromPurl