That could be difficult to achieve as V 2.2 file objects do not contain “version” information, making it difficult to determine the version info when changing from a file object into a V 2.3 Package Object with a Primary Purpose = “File”
I don’t think it would help much to convert Files to Package’s with a Primary Purpose = “File” if the version field always contains “NO ASSERTION”. Just my 0.02. At REA, we just decided to create SPDX V 2.3 SBOM’s from scratch, but we also found it very easy to convert a CycloneDX SBOM into an SPDX V 2.3 SBOM, and vice versa. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Benedicte Presse Sent: Friday, November 3, 2023 10:40 AM To: [email protected] Subject: [spdx-tech] Conversion spdx files from 2.2 to 2.3 Hello, Is there a tool that converts spdx files from 2.2 to 2.3 release ? I find no tool in github. Thank in advance for your answer, Best regards, Bénédicte -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5413): https://lists.spdx.org/g/Spdx-tech/message/5413 Mute This Topic: https://lists.spdx.org/mt/102365235/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
