Skip to main content

SPDX parser and tools.

Project description

Python SPDX Library to parse, validate and create SPDX documents

Linux macOS Windows
Linux build status macOS build status Windows build status

This library implements an SPDX tag/value and RDF parser, validator and handler in Python. This is the result of an initial GSoC contribution by @ah450 (or https://github.com/a-h-i) and is maintained by a community of SPDX adopters and enthusiasts.

Home: https://github.com/spdx/tools-python

Issues: https://github.com/spdx/tools-python/issues

Pypi: https://pypi.python.org/pypi/spdx-tools

License

Apache-2.0

Features

  • API to create and manipulate SPDX documents.
  • Parse and create Tag/Value, RDF, JSON, YAML, XML format SPDX files

TODOs

  • Update to full SPDX v2.1
  • Add to full license expression support

How to use

Example tag/value parsing usage:

    from spdx.parsers.tagvalue import Parser
    from spdx.parsers.tagvaluebuilders import Builder
    from spdx.parsers.loggers import StandardLogger
    p = Parser(Builder(), StandardLogger())
    p.build()
    # data is a string containing the SPDX file.
    document, error = p.parse(data)

The examples directory contains several code samples. Here some of them:

  • parse_tv.py is an example tag/value parsing usage. Try running python parse_tv.py ../data/SPDXSimpleTag.tag

  • write_tv.py provides an example of writing tag/value files. Run python write_tv.py sample.tag to test it.

  • pp_tv.py demonstrates how to pretty-print a tag/value file. To test it run python pp_tv.py ../data/SPDXTagExample.tag pretty.tag.

  • parse_rdf.py demonstrates how to parse an RDF file and print out document information. To test it run python parse_rdf.py ../data/SPDXRdfExample.rdf

  • rdf_to_tv.py demonstrates how to convert an RDF file to a tag/value one. To test it run python rdf_to_tv.py ../data/SPDXRdfExample.rdf converted.tag

  • pp_rdf.py demonstrates how to pretty-print an RDF file, to test it run python pp_rdf.py ../data/SPDXRdfExample.rdf pretty.rdf

Installation

As always you should work in a virtualenv or venv. You can install a local clone of this repo with yourenv/bin/pip install . or install from PyPI with yourenv/bin/pip install spdx-tools. Note that on Windows it would be Scripts instead of bin.

How to run tests

From the project root directory run: python setup.py test. You can use another test runner such as pytest or nose at your preference.

Development process

We use the GitHub flow that is described here: https://guides.github.com/introduction/flow/

So, whenever we have to make some changes to the code, we should follow these steps:

  1. Create a new branch: git checkout -b fix-or-improve-something
  2. Make some changes and the first commit(s) to the branch: git commit --signoff -m 'What changes we did'
  3. Push the branch to GitHub: git push origin fix-or-improve-something
  4. Make a pull request on GitHub.
  5. Continue making more changes and commits on the branch, with git commit --signoff and git push.
  6. When done, write a comment on the PR asking for a code review.
  7. Some other developer will review your changes and accept your PR. The merge should be done with rebase, if possible, or with squash.
  8. The temporary branch on GitHub should be deleted (there is a button for deleting it).
  9. Delete the local branch as well:
    git checkout master
    git pull -p
    git branch -a
    git branch -d fix-or-improve-something
    

Besides this, another requirement is that every change should be made to fix or close an issue: https://guides.github.com/features/issues/ If there is no issue for the changes that you want to make, create first an issue about it that describes what needs to be done, assign it to yourself, and then start working for closing it.

Dependencies

Support

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spdx-tools-multiple-packages-0.6.1.tar.gz (145.3 kB view details)

Uploaded Source

File details

Details for the file spdx-tools-multiple-packages-0.6.1.tar.gz.

File metadata

  • Download URL: spdx-tools-multiple-packages-0.6.1.tar.gz
  • Upload date:
  • Size: 145.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.7.9

File hashes

Hashes for spdx-tools-multiple-packages-0.6.1.tar.gz
Algorithm Hash digest
SHA256 cb5cf98ea88635a4db95fabaf5a52c177c49ef462903d3543851d1cb965d691d
MD5 d1e632b372a17549f001e9df9bfb98e3
BLAKE2b-256 b0ee23211da27e0aef623b5052cc2f9b9d0a55c276b7497d32e04ca1fb0eaa5d

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page