scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard
verified publisher icon aboutcode-org

Use of deprecated field to state relationships in SBOM

Open Moullisha opened this issue 2 months ago • 0 comments

Describe the bug documentDescribes is a deprecated field and should not be used to describe relationships in SBOM. Instead relationships array should be used.

System configuration

  • Which version of ScanCode.io are you running?
  • Are you running the app using Docker?
  • On which OS?
  • What inputs are you using?
  • Which pipeline are you running?

To Reproduce Steps to reproduce the behavior:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

Expected behavior As per SPDX schema, documentDescribes is a deprecated field and relationships array should be used to describe relationship b/w different packages of the SBOM.

https://github.com/spdx/spdx-spec/blob/support/2.3.1/schemas/spdx-schema.json

Screenshots If applicable, add screenshots to help explain your problem.

Moullisha avatar Nov 18 '25 11:11 Moullisha