You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for the suggestion. What is the use case? Do you want to annotate licenses? If so, the annotations feature can provide this functionality today. See https://cyclonedx.org/docs/1.6/json/#annotations
If you’re looking to store data, what kind of data is it?
We are in the process of adopting CycloneDX as an internal DTO; there are a few edge cases where we would like to stuff prioprietary data into the documents. For the sake of illustration, let's say we'd like to attach a createdAt value to a license. It would be great if there could be something like:
For any consuming application of this document it would be easy to look this information up. Looking in other parts of the document would increase complexity ever so slightly.
I understand that this is a "it's not you, it's me" problem: if we have certain feature requests because we'd like to use them internally, we should not force that onto the specification. However, since other license definition option afford the "properties" feature, maybe an SPDX license expression could, too?
Describe the feature
When defining a component's licenses, one has three options to choose from:
While options 1 & 2 afford the possibility of a
"properties"
attribute (key-value store), this is not available on option 3, the SPDX expression. See https://cyclonedx.org/docs/1.6/json/#tab-pane_components_items_licenses_oneOf_i1.Would it make sense to also add
"properties"
to an SPDX-expression license?Possible solutions
Add
"properties"
as an optional attribute to SPDX-expression licenses.Alternatives
n.a.
Additional context
We are looking to store custom data plus an SPDX expression on a license definition.
The text was updated successfully, but these errors were encountered: