{"id":30760791,"url":"https://github.com/bact/spdx3reader","last_synced_at":"2025-09-13T07:42:21.601Z","repository":{"id":305999302,"uuid":"1001143931","full_name":"bact/spdx3reader","owner":"bact","description":"Print SPDX 3 information","archived":false,"fork":false,"pushed_at":"2025-08-22T12:11:24.000Z","size":46,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-01T12:15:58.082Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bact.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-12T22:30:38.000Z","updated_at":"2025-08-23T21:58:15.000Z","dependencies_parsed_at":"2025-07-23T05:30:48.019Z","dependency_job_id":"5a3371ad-a094-423b-b785-bbea7424e62d","html_url":"https://github.com/bact/spdx3reader","commit_stats":null,"previous_names":["bact/spdx3reader"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bact/spdx3reader","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bact%2Fspdx3reader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bact%2Fspdx3reader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bact%2Fspdx3reader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bact%2Fspdx3reader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bact","download_url":"https://codeload.github.com/bact/spdx3reader/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bact%2Fspdx3reader/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273619703,"owners_count":25138238,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-09-04T13:50:16.683Z","updated_at":"2025-09-04T13:50:22.781Z","avatar_url":"https://github.com/bact.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"---\nSPDX-FileCopyrightText: 2025-present Arthit Suriyawongkul \u003csuriyawa@tcd.ie\u003e\nSPDX-FileType: DOCUMENTATION\nSPDX-License-Identifier: Apache-2.0\n---\n\n# SPDX 3 Reader\n\nSBOM compliance experimentation for [GSoC 2025](https://summerofcode.withgoogle.com/myprojects/details/CeR3hQTq).\n\nRead SPDX 3 JSON file, get SPDX 3 document as Python objects,\nand look for NTIA minimum elements.\n\nTo install the library:\n\n```shell\npip install -e .\n```\n\nTo print all relationships in an SPDX 3 JSON file:\n\n```shell\npython scripts/spdx3read.py --rel tests/data/dataset-example01.json\n```\n\nOutput will look like this:\n\n```text\nRelationships:\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n┃ dataset_DatasetPackage\n┃  - name: Our World in Data CO2 and Greenhouse Gas Emissions dataset\n┃  - spdxId: https://spdx.org/spdxdocs/DatasetPackage1-035470d9-3ede-4952-91c8-c2abb943c90b\n┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n    │\n  hasDeclaredLicense\n    ↓\n  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┃ simplelicensing_LicenseExpression\n  ┃  - name: None\n  ┃  - spdxId: https://spdx.org/licenses/CC-BY-4.0\n  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n┃ dataset_DatasetPackage\n┃  - name: Our World in Data CO2 and Greenhouse Gas Emissions dataset\n┃  - spdxId: https://spdx.org/spdxdocs/DatasetPackage1-035470d9-3ede-4952-91c8-c2abb943c90b\n┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n    │\n  hasConcludedLicense\n    ↓\n  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┃ simplelicensing_LicenseExpression\n  ┃  - name: None\n  ┃  - spdxId: https://spdx.org/licenses/CC-BY-4.0\n  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n┃ software_File\n┃  - name: codebook.csv\n┃  - spdxId: https://spdx.org/spdxdocs/File2-caf55baf-cd02-406a-b7ec-838842ca869f\n┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n    │\n  describes\n    ↓\n  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┃ software_File\n  ┃  - name: data.csv\n  ┃  - spdxId: https://spdx.org/spdxdocs/File1-d029fccb-7ee9-42be-a445-5e2066db0de8\n  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n\n┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n┃ dataset_DatasetPackage\n┃  - name: Our World in Data CO2 and Greenhouse Gas Emissions dataset\n┃  - spdxId: https://spdx.org/spdxdocs/DatasetPackage1-035470d9-3ede-4952-91c8-c2abb943c90b\n┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n    │\n  contains\n    ↓\n  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┃ software_File\n  ┃  - name: data.csv\n  ┃  - spdxId: https://spdx.org/spdxdocs/File1-d029fccb-7ee9-42be-a445-5e2066db0de8\n  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n  ┃ software_File\n  ┃  - name: codebook.csv\n  ┃  - spdxId: https://spdx.org/spdxdocs/File2-caf55baf-cd02-406a-b7ec-838842ca869f\n  ┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┅\n\n4 relationships found.\nNot compliant with FSCT Baseline Attribute requirements.\n```\n\nTo print the baseline attributes:\n\n```shell\npython scripts/spdx3read.py --print tests/data/dataset-example01.json\n```\n\nOutput will look like this:\n\n```text\nFSCTBaselineAttribute:\n- SBOM Author Name: ['Arthit Suriyawongkul']\n- SBOM Timestamp: 2024-05-31 00:00:00+00:00\n- SBOM Type: ['analyzed']\n- SBOM Primary Component: True\n- Primary Component Name: Our World in Data CO2 and Greenhouse Gas Emissions dataset\n- Primary Component Version String: 2024-04-15\n- Primary Component Supplier Name: Our World in Data\n- Primary Component Cryptographic Hash: [('sha1', '32657f0d033fc07a7420be36a6af9083c6a63489'), ('sha256', '434d75c84cf86456c16193dbc53beef31eb63f3387425882ddb2ef6acb9d472c')]\n- Primary Component Unique Identifiers: [('spdxId', 'https://spdx.org/spdxdocs/DatasetPackage1-035470d9-3ede-4952-91c8-c2abb943c90b')]\n- Primary Component Relationships: None\n- Primary Component License: ['CC-BY-4.0']\n- Primary Component Copyright Holder: Copyright Our World in Data\n- All components have Name: True\n- All components have Version String: True\n- All components have Supplier Name: False\n- All components have Cryptographic Hash: False\n- All components have Unique Identifiers: True\n- All components have Relationships: False\n- All components have License: False\n- All components have Copyright Holder: False\nNot compliant with FSCT Baseline Attribute requirements.\n```\n\nThe current code can check all the existence of all minimum elements/baseline attributes\nbut not yet the relationships (like licenses).\n\nTo be integrated into `ntia-conformance-checker`.\n\nNote: see the SPDX 3.0 - NTIA Minimum Elements mapping from this\n[design document](https://docs.google.com/document/d/1pueRxlxoM9n1eG9g6AihjLvybEBTd77m22mRYBQltpg/edit?tab=t.0#heading=h.qtqmj6afdw8r).\n\nSome of the code was originally from this [spdx-python-model tutorial](https://gist.github.com/bact/7227ad858500c2097a25344a4af015d6).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbact%2Fspdx3reader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbact%2Fspdx3reader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbact%2Fspdx3reader/lists"}