Invalid SPDXID (contains a slash) #952
Description
What happened:
The SPDXID for one package is invalid as it contains a slash.
SPDXID: SPDXRef-Package-go-module-sigs.k8s.io/structured-merge-diff/v3-c4d3feaef6209368
What you expected to happen:
The slash "/" should be replaced by a dash "-".
How to reproduce it (as minimally and precisely as possible):
syft docker:danmcni/danm-cni-plugins:latest -o spdx-tag-value
Anything else we need to know?:
Environment:
- Output of
syft version:
Application: syft
Version: 0.44.0
JsonSchemaVersion: 3.2.2
BuildDate: 2022-04-12T18:59:04Z
GitCommit: b46d044d7e3afc2ee09fd5ff26635f783628126e
GitDescription: v0.44.0
Platform: linux/amd64
GoVersion: go1.18
Compiler: gc
- OS (e.g:
cat /etc/os-releaseor similar):
PRETTY_NAME="Ubuntu 21.10"
NAME="Ubuntu"
VERSION_ID="21.10"
VERSION="21.10 (Impish Indri)"
VERSION_CODENAME=impish
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=impish