Invalid SPDX document

[nikpivkin]

Hi!

The SPDX document that is written to the image is not valid because some required fields are missing:

The following warning(s) were raised:
[object has missing required properties (["creationInfo","dataLicense"]) for {"pointer":""}, object has missing required properties (["downloadLocation"]) for {"pointer":"/packages/0"}, Missing required Creator, Missing required data license, Document must have at least one relationship of type DOCUMENT_DESCRIBES]

Validation tool: https://tools.spdx.org/app/validate/

[yosifkit]

It is not meant to be consumed as-is, but extracted and expanded with a tool like Syft.