DirectorySecurity advisories
Sign in

Directory

spdx-tools logo

spdx-tools

Last changed
Get started with latest for free
docker pull cgr.dev/chainguard/spdx-tools

Need access to a specific version? Contact us.

Sign in for updates

Get notified of upcoming product changes, critical vulnerability notifications and patches and more.

Sign in
Versions
Overview
Provenance
Specifications
SBOM
Vulnerabilities
Advisories

Check SPDX SBOM for validity

Download this Image

The image is available on cgr.dev:

docker pull cgr.dev/chainguard/spdx-tools:latest

This image contains the SPDX tool available from here: https://github.com/spdx/tools-java

Using this tool you can verify the SPDX SBOM for validity:

docker run -v $(pwd):/tmp cgr.dev/chainguard/spdx-tools:latest Verify /tmp/sbom.json

You can also compare docs, "pretty-print" an SPDX SBOM, and more.

Licenses

Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:

  • Apache-2.0

  • BSD-3-Clause

  • FTL

  • GPL-2.0-only

  • GPL-2.0-or-later

  • LGPL-2.1-or-later

  • Libpng

View more

For a complete list of licenses, please refer to this Image's SBOM.

Software license agreement

Category
application

Products

Chainguard Images

© 2024 Chainguard, Inc.