diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
index c44c037b..f4ead4d6 100644
--- a/schema/bom-1.7.schema.json
+++ b/schema/bom-1.7.schema.json
@@ -1494,25 +1494,20 @@
},
"expressionDetails": {
"title": "Expression Details",
- "description": "Details for parts of the `expression`.",
- "type": "array",
- "items": {
+ "description": "Details for parts of the `expression`.\n(An SPDX expression may be a compound of license identifiers.)",
+ "$comment": "Property keys are valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.",
+ "type": "object",
+ "examples": [
+ {
+ "Apache-2.0": { "text": "..." },
+ "GPL-3.0-only WITH Classpath-exception-2.0": { "text": "..." },
+ "LicenseRef-my-custom-license": { "text": "..." }
+ }
+ ],
+ "additionalProperties": {
"type": "object",
- "description": "Specifies the details and attributes related to a software license identifier.\n(An SPDX expression may be a compound of license identifiers.)",
- "required": [
- "licenseIdentifier"
- ],
+ "description": "Specifies the details and attributes related to a software license identifier.",
"properties": {
- "licenseIdentifier": {
- "title": "License Identifier",
- "description": "The valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.\nThis property serves as the primary key, which uniquely identifies each record.",
- "type": "string",
- "examples": [
- "Apache-2.0",
- "GPL-3.0-only WITH Classpath-exception-2.0",
- "LicenseRef-my-custom-license"
- ]
- },
"text": {
"title": "License texts",
"description": "An optional way to include the textual content of the license.",
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
index 2b1415c0..b0653290 100644
--- a/schema/bom-1.7.xsd
+++ b/schema/bom-1.7.xsd
@@ -2388,7 +2388,18 @@ limitations under the License.
-
+
+
+
+
+ The attribute `license-identifier` serves as the primary key, which uniquely identifies each record.
+ Therefore, it must be unique.
+
+
+
+
+
+
diff --git a/tools/src/test/resources/1.7/invalid-license-expression-with-text-1.7.xml b/tools/src/test/resources/1.7/invalid-license-expression-with-text-1.7.xml
new file mode 100644
index 00000000..b41ee52d
--- /dev/null
+++ b/tools/src/test/resources/1.7/invalid-license-expression-with-text-1.7.xml
@@ -0,0 +1,30 @@
+
+
+
+
+ Acme Inc
+ com.acme
+ tomcat-catalina
+ 9.0.14
+ Modified version of Apache Catalina
+ required
+
+
+
+
+
+
+ duplicate license-identifier
+
+
+
+ pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar
+
+
+
diff --git a/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json b/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json
index fa4a8b92..cf1a4a3d 100644
--- a/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json
+++ b/tools/src/test/resources/1.7/valid-license-expression-with-text-1.7.json
@@ -18,21 +18,19 @@
"bom-ref": "my-license",
"acknowledgement": "declared",
"expression": "EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0",
- "expressionDetails": [
- {
- "licenseIdentifier": "EPL-2.0",
+ "expressionDetails": {
+ "EPL-2.0": {
"text": {
"content": "Eclipse Public License - v 2.0\n\n THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE\n PUBLIC LICENSE (\"AGREEMENT\"). ANY USE, REPRODUCTION OR DISTRIBUTION\n OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT..."
}
},
- {
- "licenseIdentifier": "GPL-2.0 WITH Classpath-exception-2.0",
+ "GPL-2.0 WITH Classpath-exception-2.0": {
"text": {
"contentType": "text/plain",
"content": " GNU GENERAL PUBLIC LICENSE\n Version 2, June 1991\n\n Copyright (C) 1989, 1991 Free Software Foundation, Inc.,\n \n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed...\n\n...\n\nLinking this library statically or dynamically with other modules is making a combined work based on this library..."
}
}
- ]
+ }
}
],
"purl": "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"