Open
Description
/sig cli
What would you like to be added:
A command to dump the .spdx DAG as a dotlang .dot file for easy visualization with graphviz.
Why is this needed:
The current .spdx visualization command outline is limited by the cli environment the result is rendered in. It is unable to appropriately display the DAG when a node has 2 or more parents. Consider the following example:
SPDXVersion: SPDX-2.2
SPDXID: Document
DocumentName: Document
##### Package: glib
PackageName: glib
SPDXID: glib
##### Package: gnome
PackageName: gnome
SPDXID: gnome
##### Package: python
PackageName: python
SPDXID: python
##### Package: sqlite
PackageName: sqlite
SPDXID: sqlite
Relationship: glib CONTAINS python
Relationship: gnome CONTAINS python
Relationship: python CONTAINS sqlite
This file creates a graph that looks something like this
However when visualized with document outline the output is like this.
_
___ _ __ __| |_ __
/ __| '_ \ / _` \ \/ /
\__ \ |_) | (_| |> <
|___/ .__/ \__,_/_/\_\
|_|
📂 SPDX Document SPDX
│
│ 📦 DESCRIBES 2 Packages
│
├ glib
│ │ 🔗 1 Relationships
│ └ CONTAINS PACKAGE python
│ │ │ 🔗 1 Relationships
│ │ └ CONTAINS PACKAGE sqlite
│ │
│
├ gnome
│ │ 🔗 1 Relationships
│ └ CONTAINS PACKAGE python
│
└ 📄 DESCRIBES 0 Files
This is missleading.
- Python appears twice in the graph even though there is only one package with that name.
- In the gnome branch of the graph sqlite does not appear despite being a direct descendant of python.
Outputting the graph as a dot file will allow for the use of third party tools such as graph-viz to provide a more accurate visualization. Dot is also used for representing graphs in a variety of other applications. I'm sure other uses of this feature can be found.