#spdx #serde #sbom

serde-spdx

Serde serialization for SPDX files

15 releases (8 breaking)

new 0.9.1 Jul 9, 2024
0.8.4 Jul 13, 2023
0.7.2 Jul 10, 2023

#514 in Encoding

Download history 605/week @ 2024-03-13 523/week @ 2024-03-20 471/week @ 2024-03-27 759/week @ 2024-04-03 1051/week @ 2024-04-10 680/week @ 2024-04-17 594/week @ 2024-04-24 633/week @ 2024-05-01 518/week @ 2024-05-08 438/week @ 2024-05-15 860/week @ 2024-05-22 604/week @ 2024-05-29 743/week @ 2024-06-05 478/week @ 2024-06-12 377/week @ 2024-06-19 593/week @ 2024-06-26

2,369 downloads per month
Used in cargo-sbom

MIT license

12KB
80 lines

Workflow Status

serde-spdx

This crate provides a type safe serde compatible SPDX format. It is intended for use in Rust code which may need to read or write SPDX files.

The latest documentation can be found here.

serde is a popular serialization framework for Rust. More information can be found on the official repository: https://github.com/serde-rs/serde

SDPX is an industry standard format for maintaining a Software Bill of Materials (SBOM). More information can be found on the official website: https://spdx.dev/.

Usage

For most cases, simply use the root spdx::v_2_3::Spdx struct with [serde] to read and write to and from the struct.

Example

use serde_spdx::spdx::v_2_3::Spdx;

let data = fs::read_to_string("sbom.spdx.json");
let spdx: Spdx = serde_json::from_str(&data).unwrap();

Because many of the spdx::v_2_3::Spdx structures contain a lot of optional fields, it is often convenient to use the builder pattern to contstruct these structs. Each structure has a builder with a default.

Example

use serde_spdx::spdx::v_2_3::SpdxCreationInfoBuilder;

let creation_info = SpdxCreationInfoBuilder::default()
  .created("created")
  .creators(vec![])
  .build()
  .unwrap();

Internal Implementation Details

The root struct is automatically generated from the parsed SPDX JSON schema, this is done at build time (via the buildscript).

License: MIT

Dependencies

~1.3–2.2MB
~46K SLoC