Inconsistent warnings for including verification code when files not analyzed while validating SBOM

Question

Inconsistent warnings for including verification code when files not analyzed while validating SBOM

JohnnyHobbs opened this issue a year ago · 2 comments

In the attached, 52 of the 65 packages have filesAnalyzed set to false and have a packageVerificationCode, but only 4 get a warning, while jquery.cookie also has filesAnalyzed set to false and does not have a packageVerificationCode, but does get the warning, " Verification code must not be included when files not analyzed."
Inconsistencies.json

Answer 1 · 2023-12-09T05:31:54.000Z

Thanks @JohnnyHobbs for reporting this. It looks like this issue has been fixed in the spdx-java-library which is used by the online tool.

We just need to update to the latest version. I'm hoping to do a release over the next week or so.

Answer 2 · 2024-01-19T19:38:05.000Z

Fixed with PR #517