def add_package(package, parent=None): """ Function to recursively add a package and it's deps""" spdxpackage = SpdxPackage(name=package.package_name, version=package.version) spdxpackage.spdx_id = f'SPDXRef-{id_count[0]}' id_count[0] += 1 spdxpackage.homepage = SPDXNone() spdxpackage.cr_text = NoAssert() spdxpackage.download_location = UnKnown() spdxpackage.files_analyzed = False spdxpackage.conc_lics = NoAssert() spdxpackage.license_declared = NoAssert() spdxpackage.licenses_from_files = [NoAssert()] # if we have a parent be sure to list the relationship if parent != None: spdxpackage.add_relationship( Relationship(spdxpackage, RelationshipOptions.PACKAGE_OF, parent)) # go through the same process for depenedencies for dep in package.dependencies: add_package(dep, parent=spdxpackage) # finally add it to the document doc.add_package(spdxpackage)
testfile2 = File('TestFile2') testfile2.type = FileType.SOURCE testfile2.comment = 'This is a test file.' testfile2.chk_sum = Algorithm('SHA1', 'bb154f28d1cf0646ae21bb0bec6c669a2b90e113') testfile2.conc_lics = License.from_identifier('Apache-2.0') testfile2.add_lics(License.from_identifier('Apache-2.0')) testfile2.copyright = NoAssert() # Package package = Package() package.name = 'TagWriteTest' package.version = '1.0' package.file_name = 'twt.jar' package.download_location = 'http://www.tagwritetest.test/download' package.homepage = SPDXNone() package.verif_code = '4e3211c67a2d28fced849ee1bb76e7391b93feba' license_set = LicenseConjuction(License.from_identifier('Apache-2.0'), License.from_identifier('BSD-2-Clause')) package.conc_lics = license_set package.license_declared = license_set package.add_lics_from_file(License.from_identifier('Apache-2.0')) package.add_lics_from_file(License.from_identifier('BSD-2-Clause')) package.cr_text = NoAssert() package.summary = 'Simple package.' package.description = 'Really simple package.' package.add_file(testfile1) package.add_file(testfile2) doc.package = package