LicenseRef lost when converting from SPDX to CycloneDX #476
Description
simplejson-3.20.2-from-cdx.spdx.json
simplejson-3.20.2.spdx.json is an SPDX file that contains a custom license:
{
"extractedText": "License :: OSI Approved :: Academic Free License (AFL)",
"licenseId": "LicenseRef-unknown-License-OSI-Approved-Academic-Free-License-AFL",
"name": "unknown-License-OSI-Approved-Academic-Free-License-AFL"
}
When converted to CycloneDX, the LicenseRef information is lost, so when converting back to SPDX, you get invalid SPDX.
cyclonedx --version
0.29.2+09de64f86951325836c701dfbf9dde9b5d8fcf7d
cyclonedx convert --input-file simplejson-3.20.2.spdx.json --input-format spdxjson --output-file simplejson-3.20.2.cdx.json --output-format json
cyclonedx validate --input-file simplejson-3.20.2.cdx.json
BOM validated successfully.
cyclonedx convert --input-file simplejson-3.20.2.cdx.json --input-format json --output-file simplejson-3.20.2-from-cdx.spdx.json --output-format spdxjson
pyspdxtools -i simplejson-3.20.2-from-cdx.spdx.json
ERROR:root:The document is invalid. The following issues have been found:
Unrecognized license reference: LicenseRef-unknown-License-OSI-Approved-Academic-Free-License-AFL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-unknown-License-OSI-Approved-Academic-Free-License-AFL AND MIT
Unrecognized license reference: LicenseRef-unknown-License-OSI-Approved-Academic-Free-License-AFL. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-unknown-License-OSI-Approved-Academic-Free-License-AFL AND MIT