feat(SPDX): Use new SPDX library and New SPDX feature for import/export/edit

[tuannn2]

Signed-off-by: tuan99123 tuan2.nguyennhu@toshiba.co.jp

Please provide a summary of your changes here.

• Which issue is this pull request belonging to and how is it solving it? (Refer to issue here)
• Did you add or update any new dependencies that are required for your change?

Issue: #1171 #1240 #1496

Suggest Reviewer

You can suggest reviewers here with an @mention.

How To Test?

Please refer issue #1171 #1240 #1496

1. Test Import , Export for Project

• Import Project
  
• Export Project
  

2. Test Import, Export for Component

• Import Component
  
• Export Component
  

3. SPDX Documement is New tab in Component Release pages for showing SPDX Full/SPDX Lite data

• View for SPDX Full Page
  
• View for SPDX Lite Page
  
• Edit for SPDX Full Page
  
• Edit for SPDX Lite Page
  

Checklist

Must:

• All related issues are referenced in commit messages and in PR

[tienlee]

@KoukiHama Could you please try to build again?
About "how to test" section, I will add the explanation in the next Monday.

[KoukiHama]

@tienlee I re-run CI, but it failed.

[tienlee]

@tienlee I re-run CI, but it failed.

I will check it tomorrow

[nam-np]

Can run Github action locally for checking
https://github.com/nektos/act

[nam-np]

I think we should be change
sw360/backend/src-common/src/test/resources/bom.spdx.rdf
to
https://github.com/spdx/tools/blob/master/Examples/SPDXRdfExample-v2.1.rdf

Because with new spdx lib, we need more information in spdx file and if spdx file is standard format, it can work normally.

[KoukiHama]

@tuannn2 please rebase branch for running CI

[tuannn2]

Thank you @KoukiHama! I have finished rebase and CI is running successfully. Please check it.

[rudra-superrr]

@tuannn2 , @KoukiHama while testing this PR we tried couple of rdf files and also the example.rdf file (#653) given here, below are the following findings:

• While importing the component, releases are not getting imported
• Not showing proper information of components while importing
• Page not getting reloaded after importing the rdf file through upload SBOM functionality
• Export SBOM functionality not working for components
• After creating a release, spdx document not showing any information regarding that release but if we edit that release's spdx document, then information is getting shown.

or am I missing something? Also can you provide me the rdf files that you used for testing.

Showing details for only 1 component and 1 release but the rdf file that I'm importing contains 4 components and 4 releases.
Also release not getting imported

Spdx Document not showing any information for the release

[tuannn2]

Thank you for checking my PR, @rudra-superrr
I think example.rdf file (#653), itself has some issue. I will provide you with an example.rdf or example.spdx file for you to use for testing.
Let me know if you have any problem testing PR.
Please remove the .txt file extension before testing.

example.spdx.txt
example.rdf.txt

The test file is taken from https://github.com/spdx/tools/tree/master/Examples for new spdx lib.

[KoukiHama]

FYI : This is the validation tool for SPDX file.
https://tools.spdx.org/app/validate/

[arunazhakesan]

@akapti Can you point to the work you did in Dec 2021, where we demonstrated the export of SPDX data at project level. We need to align with TOSHIBA colleagues here and see if there is any redundant work from our side and close the gap at the earliest.

[KoukiHama]

@tienlee could you share latest status about pull request?
Now Toshiba have some branch about SPDX functions.

[tienlee]

This PR should not be merged.
We plan to split this PR into small parts, so it will be easier for you to review.
The first one is PR 1594.

After PR 1594 is merged, we will create the second one. In this one, SPDX document tab function was implemented. In addition, import SPDX (rdf files for project, component and releases) functions are also added. It's ready in branch https://github.com/toshiba/sw360/tree/dev/feature-tab_spdx_document

Then, we will create the next PR for new functions such as import the releases by Json file and export the releases to multiple formats.

[tienlee]

About this PR, there are the following functions:

1. Apply new SPDX library (PR 1594)
   Only upgrade the SPDX library to a newer version.
   The specifications of all functions are not changed.
   However, Importing 4 components and 4 releases does not work. So, we will provide the 2nd PR

2. Import/Export project (multi components, releases) (2nd PR)

3. Import/Export components (multi releases) (2nd PR)

4. SPDX document tab (2nd PR)
   This is a new function.

5. Import releases by rdf/JSON file (3rd PR)
   This is a new function.

6. Export releases to multiple formats (3rd PR)
   This is a new function.

[ag4ums]

closing this as the work is carried to the other PR #1682