TrustSource allows you to import data from external sources. This might be manual collections or 3rd party scanning tools. As of today you have to upload such data manually. The roadmap plans an API allowing to upload SPDX-files automatically.
To upload an SPDX file, you need to have the project manager role. Go to the project you want to add the module to and select the "import"-Button.
The Import SPDX dialogue appears and you may select an RDF, XLS or TXT file to upload. Confirm your selection with the "import" button once more and the file will be uploaded. After a successful upload you will see an ID as well as a processing status. After you uploaded a file successfully, and the import has been completed. Automatically a scan will be initiated. You will see the completion of the scan, when a scan ID is provided.
If there have been errors in processing the document, the error message will be found in the status-section as well.
You may download the uploaded file again to review the structure or format, in case you want to verfiy that the correct document has been processed.
To upload a new version of a module, just upload a new version. TrustSource will identify the module name as existing and add the uploaded structure as a new scan to the same module.
PLEASE NOTE: We currently support SPDX v2.0. The difference to v2.1 is not huge, but there are a few new attributes added. Unfortunately the import of v2.1 documents does not always succeed. Sometimes it does, but is somehow depending on the structure provided.
We are about to close this gap but this feature request has been shifted down the timeline already a few times. If you feel the need for v2.1 import, so please create a ticket at the support to push this feature. Thank you!