### Prepare Maven Release Source: https://github.com/spdx/spdx-java-library/blob/master/RELEASE-CHECKLIST.md This Maven command initiates the release preparation process. It will prompt the user for details such as the release version, and typically defaults can be accepted for a standard release. This step involves version bumping, tag creation, and preparing the project for deployment. Maven must be installed. ```shell mvn release:prepare ``` -------------------------------- ### Maven Dependency for SPDX Java Library Source: https://github.com/spdx/spdx-java-library/blob/master/GETTING-STARTED.md Add this XML snippet to your Maven POM file to include the SPDX Java library. Ensure you use a compatible version; this example specifies versions up to 2.0. ```xml org.spdx java-spdx-library (,2.0] ``` -------------------------------- ### Initialize SPDX Model Source: https://github.com/spdx/spdx-java-library/blob/master/GETTING-STARTED.md Call SpdxModelFactory.init() to initialize the library's models. This is a prerequisite for using most of the library's functionalities for SPDX data manipulation. ```java SpdxModelFactory.init(); ``` -------------------------------- ### Create SPDX 3.0 SBOM from Scratch Source: https://context7.com/spdx/spdx-java-library/llms.txt Demonstrates how to build a Software Bill of Materials (SBOM) conforming to the SPDX 3.0 specification. This involves initializing the library, creating creation information, and then constructing an SBOM object with packages. It requires the `org.spdx:java-spdx-library` dependency and utilizes `SpdxModelFactory`, `SpdxModelClassFactoryV3`, and `InMemSpdxStore`. ```java import org.spdx.library.SpdxModelFactory; import org.spdx.library.model.v3_0_1.SpdxModelClassFactoryV3; import org.spdx.library.model.v3_0_1.core.CreationInfo; import org.spdx.library.model.v3_0_1.software.Sbom; import org.spdx.library.model.v3_0_1.software.SpdxPackage; import org.spdx.storage.simple.InMemSpdxStore; import org.spdx.library.ModelCopyManager; import org.spdx.core.InvalidSPDXAnalysisException; public class CreateSbomExample { public static Sbom createSbom() throws InvalidSPDXAnalysisException { // Initialize library SpdxModelFactory.init(); InMemSpdxStore modelStore = new InMemSpdxStore(); ModelCopyManager copyManager = new ModelCopyManager(); // Create unique URI prefix for this session String prefix = "https://org.spdx.spdxdata/899b1918-f72a-4755-9215-6262b3c346df/"; // Create creation info with agent information CreationInfo creationInfo = SpdxModelClassFactoryV3.createCreationInfo( modelStore, prefix + "Agent/Gary01123", "Gary O'Neall", copyManager); // Build SBOM with builder pattern Sbom sbom = creationInfo.createSbom(prefix + "sbom/mysbom") .setName("My Application SBOM") .build(); // Create and add a package to the SBOM SpdxPackage pkg = sbom.createSpdxPackage(prefix + "package/mypackage") .setName("com.example:my-application") .setVersion("1.0.0") .build(); // Add package as both element and root element sbom.getElements().add(pkg); sbom.getRootElements().add(pkg); return sbom; } } ``` -------------------------------- ### Convert Between SPDX Versions with Java Source: https://context7.com/spdx/spdx-java-library/llms.txt This example demonstrates how to convert an SPDX 2.x document to the SPDX 3.x format using the SPDX Java library's migration utility. It involves setting up source and destination stores, a copy manager, and a converter instance. The conversion process takes the source document URI and a target prefix for the new SPDX 3.0 objects. ```java import org.spdx.library.conversion.Spdx2to3Converter; import org.spdx.library.model.v2.SpdxDocument; import org.spdx.library.model.v3_0_1.core.SpdxDocument as SpdxDocumentV3; import org.spdx.storage.simple.InMemSpdxStore; import org.spdx.library.ModelCopyManager; import org.spdx.core.InvalidSPDXAnalysisException; public class ConversionExample { public static SpdxDocumentV3 convertDocument(SpdxDocument spdx2Doc) throws InvalidSPDXAnalysisException { // Create target store for SPDX 3.0 data InMemSpdxStore targetStore = new InMemSpdxStore(); ModelCopyManager copyManager = new ModelCopyManager(); // Create converter instance String targetPrefix = "https://example.com/spdx3/"; Spdx2to3Converter converter = new Spdx2to3Converter( spdx2Doc.getModelStore(), // source store targetStore, // destination store copyManager, // copy manager targetPrefix); // URI prefix for SPDX 3.0 objects // Perform conversion String spdx3DocumentUri = converter.convert( spdx2Doc.getDocumentUri(), // source document URI targetPrefix + "document/converted"); // Retrieve converted document SpdxDocumentV3 spdx3Doc = (SpdxDocumentV3) SpdxModelFactory.inflateModelObject( targetStore, spdx3DocumentUri, "SpdxDocument", copyManager, SpdxModelFactory.getLatestSpecVersion(), false, null); System.out.println("Conversion complete. SPDX 3.0 document URI: " + spdx3DocumentUri); return spdx3Doc; } } ``` -------------------------------- ### Initialize Default Model Store Source: https://github.com/spdx/spdx-java-library/blob/master/GETTING-STARTED.md Optionally, initialize a custom default model store and copy manager. This must be done before or immediately after SpdxModelFactory.init() to avoid data loss. ```java DefaultModelStore.initialize(IModelStore newModelStore, String newDefaultDocumentUri, IModelCopyManager newDefaultCopyManager); ```