DemaConsulting.SpdxTool
0.1.0-alpha.2
Prefix Reserved
This is a prerelease version of DemaConsulting.SpdxTool.
There is a newer version of this package available.
See the version list below for details.
See the version list below for details.
dotnet tool install --global DemaConsulting.SpdxTool --version 0.1.0-alpha.2
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo dotnet tool install --local DemaConsulting.SpdxTool --version 0.1.0-alpha.2
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=DemaConsulting.SpdxTool&version=0.1.0-alpha.2&prerelease
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
nuke :add-package DemaConsulting.SpdxTool --version 0.1.0-alpha.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
SPDX Tool
Dotnet tool for manipulating SPDX SBOM files
Installation
The following will add SpdxTool to a Dotnet tool manifest file:
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local DemaConsulting.SpdxTool
The tool can then be executed by:
dotnet spdx-tool <arguments>
Usage
The following shows the command-line usage of SpdxTool:
Usage: spdx-tool [options] <command> [arguments]
Options:
-h, --help Show this help message and exit
-v, --version Show version information and exit
Commands:
help <command> Display extended help about a command
add-package Add package to SPDX document (workflow only).
copy-package <arguments> Copy package information from one SPDX document to another.
query <pattern> <command> [arguments] Query program output for value
rename-id <arguments> Rename an element ID in an SPDX document.
run-workflow <workflow.yaml> Runs the workflow file
sha256 <operation> <file> Generate or verify sha256 hashes of files
to-markdown <spdx.yaml> <out.md> Create Markdown summary for SPDX document
Workflow YAML Files
The SpdxTool can be driven using workflow yaml files of the following format:
# Workflow parameters
parameters:
parameter-name: value
# Workflow steps
steps:
- command: <command-name>
inputs:
<arguments mapping>
- command: <command-name>
inputs:
input1: value
input2: ${{ parameter-name }}
YAML Variables
Variables are specified at the top of the workflow file in a parameters section:
# Workflow parameters
parameters:
parameter1: value1
parameter2: value2
Variables can be expanded in step inputs using the dollar expansion syntax
# Workflow steps
steps:
- command: <command-name>
inputs:
input1: ${{ parameter1 }}
input2: Insert ${{ parameter2 }} in the middle
Variables can be overridden on the command line:
spdx-tool run-workflow workflow.yaml parameter1=command parameter2=line
Variables can be changed at runtime by some steps:
# Workflow parameters
parameters:
dotnet-version: unknown
steps:
- command: query
inputs:
output: dotnet-version
pattern: '(?<value>\d+\.\d+\.\d+)'
program: dotnet
arguments:
- '--version'
YAML Commands
The following are the supported commands and their formats:
steps:
# Add a package to an SPDX document
- command: add-package
inputs:
package:
id: <id>
name: <name>
copyright: <copyright>
version: <version>
download: <download-url>
license: <license> # optional
purl: <package-url> # optional
cpe23: <cpe-identifier> # optional
spdx: <spdx.json>
relationship: <relationship>
element: <element>
# Copy a package from one SPDX document to another SPDX document
- command: copy-package
inputs:
from: <from.spdx.json>
to: <to.spdx.json>
package: <package>
relationship: <relationship>
element: <element>
# Query information from the output of a program
- command: query
inputs:
output: <variable>
pattern: <regex with 'value' capture>
program: <program>
arguments:
- <argument>
- <argument>
# Rename the SPDX-ID of an element in an SPDX document
- command: rename-id
inputs:
spdx: <spdx.json>
old: <old-id>
new: <new-id>
# Run a separate workflow file
- command: run-workflow
inputs:
file: other-workflow-file.yaml
parameters:
<optional parameters>
# Perform Sha256 operations on the specified file
- command: help
inputs:
operation: generate | verify
file: <file>
# Create a summary markdown from the specified SPDX document
- command: to-markdown
inputs:
spdx: input.spdx.json
markdown: output.md
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
This package has no dependencies.
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.0 | 74 | 6/24/2024 |
| 0.1.0-beta.1 | 34 | 6/24/2024 |
| 0.1.0-alpha.10 | 81 | 6/6/2024 |
| 0.1.0-alpha.9 | 45 | 6/6/2024 |
| 0.1.0-alpha.8 | 92 | 6/5/2024 |
| 0.1.0-alpha.7 | 44 | 6/3/2024 |
| 0.1.0-alpha.6 | 82 | 5/29/2024 |
| 0.1.0-alpha.5 | 81 | 5/27/2024 |
| 0.1.0-alpha.4 | 40 | 5/27/2024 |
| 0.1.0-alpha.3 | 51 | 5/25/2024 |
| 0.1.0-alpha.2 | 53 | 5/20/2024 |
| 0.1.0-alpha.1 | 48 | 5/19/2024 |