SPDX

Creates software bills of materials (SBOM) in the SPDX format.

Configuration

Example

Use the following syntax to configure this plugin globally as part of config.yml:

ort:
  reporter:
    reporters:
      SpdxDocument:
        options:
          spdxVersion: SPDX-2.2
          creationInfoComment: <OPTIONAL_STRING>
          creationInfoPerson: <OPTIONAL_STRING>
          creationInfoOrganization: <OPTIONAL_STRING>
          documentComment: <OPTIONAL_STRING>
          documentName: "Unnamed document"
          outputFileFormats: YAML
          fileInformationEnabled: true

Options

spdxVersion

Possible values: SPDX-2.2, SPDX-2.3

The SPDX version to use.

creationInfoComment

Alias: creationInfo.comment

The comment to add to the [SpdxDocument.creationInfo].

creationInfoPerson

Alias: creationInfo.person

The person to add to the [SpdxDocument.creationInfo].

creationInfoOrganization

Alias: creationInfo.organization

The organization to add to the [SpdxDocument.creationInfo].

documentComment

Alias: document.comment

The comment to add to the [SpdxDocument].

documentName

Alias: document.name

The name of the generated [SpdxDocument].

outputFileFormats

Alias: output.file.formats

Possible values: JSON, YAML

The list of file formats to generate.

fileInformationEnabled

Alias: file.information.enabled

Toggle whether the output document should contain information on file granularity about files containing findings.

Configuration​

Example​

Options​

spdxVersion​

creationInfoComment​

creationInfoPerson​

creationInfoOrganization​

documentComment​

documentName​

outputFileFormats​

fileInformationEnabled​