Hi Manav, thanks for your interest.
Regarding validation, the SPDX project produces SHACL rules,
together with the schema for SPDXv3.
It might be useful to perform a validation check on ingestion,
if only to exit/warn the caller that an "invalid SBOM" was encountered.
On the other hand, one can say that it's not part of the storage/retrieval
mechanism which handles whatever data it gets.
Probably it would be more useful to check (validate)
the reconstructed SBOM, once exported from the database,
to verify its integrity.
On Tue, Feb 24, 2026, at 12:01, Manav Gupta wrote:
> Hi Alexios,
>
> I hope you are doing well.
>
> Over the past couple of days, I’ve been studying the SPDX v3 core model
> more closely and experimenting with representing a small SBOM sample
> using RDFLib. While modeling basic elements like Artifact, Package, and
> Relationship as triples, I started thinking more concretely about how
> ingestion and validation might work within the abstraction layer.
>
> One question that came up during experimentation is about enforcing
> structural correctness. Since RDF stores themselves don’t inherently
> enforce schema-level constraints (e.g., required properties or
> cardinality), would you recommend incorporating SHACL-based validation
> during SBOM ingestion? Or would the abstraction layer itself be
> responsible for ensuring SPDX compliance before persisting triples?
>
> I’m also exploring the export direction — reconstructing a valid SPDX
> document from stored triples as a way to validate whether the graph
> structure captures enough semantic detail. It seems like round-trip
> consistency (SBOM then store then SBOM) could serve as a strong
> correctness benchmark early on.
>
> If there are particular components of the triplestore abstraction
> library or SPDX v3 model that you think would be most impactful to
> explore first, I’d be happy to focus there and share findings.
>
> Looking forward to your thoughts.
>
> Best regards,
> Manav Gupta
>
> ----
> Λαμβάνετε αυτό το μήνυμα απο την λίστα: Λίστα αλληλογραφίας και
> συζητήσεων που απευθύνεται σε φοιτητές developers \& mentors έργων του
> Google Summer of Code - A discussion list for student developers and
> mentors of Google Summer of Code projects.,
> https://lists.ellak.gr/gsoc-developers/listinfo.html
> Μπορείτε να απεγγραφείτε από τη λίστα στέλνοντας κενό μήνυμα ηλ.
> ταχυδρομείου στη διεύθυνση <gsoc-developers+unsubscribe [ at ] ellak [ dot ] gr
> <mailto:gsoc-developers%2Bunsubscribe [ at ] ellak [ dot ] gr>>.
--
-- zvr -
----
Λαμβάνετε αυτό το μήνυμα απο την λίστα: Λίστα αλληλογραφίας και συζητήσεων που απευθύνεται σε φοιτητές developers \& mentors έργων του Google Summer of Code - A discussion list for student developers and mentors of Google Summer of Code projects.,
https://lists.ellak.gr/gsoc-developers/listinfo.html
Μπορείτε να απεγγραφείτε από τη λίστα στέλνοντας κενό μήνυμα ηλ. ταχυδρομείου στη διεύθυνση <gsoc-developers+unsubscribe [ at ] ellak [ dot ] gr>.