DemaConsulting.SpdxModel 2.6.0

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. 
dotnet add package DemaConsulting.SpdxModel --version 2.6.0
                    


                    

                
NuGet\Install-Package DemaConsulting.SpdxModel -Version 2.6.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DemaConsulting.SpdxModel" Version="2.6.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="DemaConsulting.SpdxModel" Version="2.6.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="DemaConsulting.SpdxModel" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add DemaConsulting.SpdxModel --version 2.6.0
                    


                    

                
#r "nuget: DemaConsulting.SpdxModel, 2.6.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package DemaConsulting.SpdxModel@2.6.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=DemaConsulting.SpdxModel&version=2.6.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=DemaConsulting.SpdxModel&version=2.6.0
                    


                            Install as a Cake Tool

SPDX Model

GitHub forks GitHub Repo stars GitHub contributors GitHub Build Quality Gate Status Security Rating NuGet

A modern C# library for working with SPDX (Software Package Data Exchange) documents. This library provides a comprehensive in-memory model for reading, manipulating, and writing SPDX Software Bill of Materials (SBOM) files.

Features

  • ๐Ÿš€ Full SPDX 2.2 and 2.3 Support - Complete implementation of SPDX specifications
  • ๐Ÿ“ฆ In-Memory Model - Efficient object model for SPDX documents
  • ๐Ÿ”„ JSON Serialization - Read and write SPDX documents in JSON format
  • ๐ŸŽฏ Type-Safe - Strongly-typed C# API with nullable reference types
  • ๐Ÿ” Transform Support - Built-in utilities for manipulating SPDX relationships
  • โšก Multi-Target - Supports .NET 8, 9, and 10
  • ๐Ÿ–ฅ๏ธ Multi-Platform - Builds and runs on Windows, Linux, and macOS
  • ๐Ÿงช Well-Tested - Comprehensive test suite with high code coverage
  • ๐Ÿ“š Well-Documented - XML documentation for all public APIs
  • ๐Ÿ”’ Continuous Compliance - Compliance evidence generated automatically on every CI run, following the Continuous Compliance methodology

Installation

Install the package via NuGet:

dotnet add package DemaConsulting.SpdxModel

Or via the Package Manager Console:

Install-Package DemaConsulting.SpdxModel

Quick Start

Reading an SPDX Document

using DemaConsulting.SpdxModel;
using DemaConsulting.SpdxModel.IO;

// Read SPDX document from JSON
var json = File.ReadAllText("sbom.spdx.json");
var document = Spdx2JsonDeserializer.Deserialize(json);

// Access document properties
Console.WriteLine($"Document: {document.Name}");
Console.WriteLine($"Version: {document.Version}");
Console.WriteLine($"Packages: {document.Packages.Length}");

Creating an SPDX Document

using DemaConsulting.SpdxModel;
using DemaConsulting.SpdxModel.IO;

// Create a new SPDX document
var document = new SpdxDocument
{
    Id = "SPDXRef-DOCUMENT",
    Name = "My Software",
    Version = "SPDX-2.3",
    DocumentNamespace = "https://example.com/my-software",
    CreationInformation = new SpdxCreationInformation
    {
        Created = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ"),
        Creators = ["Tool: MyTool-1.0"]
    },
    Packages =
    [
        new SpdxPackage
        {
            Id = "SPDXRef-Package",
            Name = "MyPackage",
            Version = "1.0.0",
            DownloadLocation = "https://example.com/package",
            FilesAnalyzed = false,
            LicenseConcluded = "MIT",
            LicenseDeclared = "MIT",
            CopyrightText = "Copyright (c) 2024 Example Corp"
        }
    ]
};

// Serialize to JSON
var json = Spdx2JsonSerializer.Serialize(document);
File.WriteAllText("output.spdx.json", json);

Working with Relationships

using DemaConsulting.SpdxModel;
using DemaConsulting.SpdxModel.Transform;

// Add relationships to a document
var relationship = new SpdxRelationship
{
    Id = "SPDXRef-DOCUMENT",
    RelationshipType = SpdxRelationshipType.Describes,
    RelatedSpdxElement = "SPDXRef-Package"
};

SpdxRelationships.Add(document, relationship);

// Get root packages from a document
var rootPackages = document.GetRootPackages();

API Overview

Core Classes

  • SpdxDocument - Represents an SPDX document
  • SpdxPackage - Represents a software package
  • SpdxFile - Represents a file
  • SpdxSnippet - Represents a code snippet
  • SpdxRelationship - Represents relationships between elements
  • SpdxCreationInformation - Document creation metadata

Serialization

  • Spdx2JsonSerializer - Serialize SPDX documents to JSON
  • Spdx2JsonDeserializer - Deserialize SPDX documents from JSON

Transforms

  • SpdxRelationships - Utilities for managing relationships

Documentation

Requirements

  • .NET 8.0, 9.0, or 10.0
  • C# 12 or later

Development

Building from Source

# Clone the repository
git clone https://github.com/demaconsulting/SpdxModel.git
cd SpdxModel

# Restore tools
dotnet tool restore

# Build
dotnet build

# Run tests
dotnet test

Running Tests with Coverage

dotnet test --collect:"XPlat Code Coverage;Format=opencover"

Contributing

We welcome contributions! Please see our Contributing Guide for details on:

  • Setting up your development environment
  • Coding standards and guidelines
  • Submitting pull requests
  • Reporting bugs and requesting features

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

Acknowledgments

This project follows the SPDX specification maintained by the Linux Foundation.

Made with โค๏ธ by DEMA Consulting

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2.6.0 223 4/3/2026
2.5.0 909 2/20/2026
2.4.0 812 12/15/2025
2.3.1 694 12/9/2025
2.3.0 324 12/4/2025
2.2.1 265 7/6/2025
2.2.0 203 7/6/2025
2.1.1 280 5/4/2025
2.1.0 365 10/9/2024
2.0.0 217 9/13/2024
1.4.0 246 7/29/2024
1.3.2 230 7/24/2024
1.3.1 234 7/22/2024
1.3.0 200 7/21/2024
1.2.0 199 7/15/2024
1.1.0 231 7/10/2024
1.0.0 195 6/29/2024
0.1.0-alpha.7 287 6/2/2024
0.1.0-alpha.6 157 6/2/2024
0.1.0-alpha.5 145 5/29/2024
Loading failed