That's in general the right approach, Maira.
However, for the first part (of ingesting data),
you should look at what we already have,
rather then work at the lowest level
with JSON and rdflib directly.
I mean, from the model definition we automatically produce
code that handles the SPDX entities like Python classes.
Take a look at:
https://github.com/JPEWdev/shacl2code
and
https://github.com/spdx/spdx-python-model
On Fri, Mar 6, 2026, at 10:50, Maira Papadopoulou wrote:
> Hello Alexios,
>
> After studying the SPDX v3 model more closely, I started experimenting
> with a few small demos to better understand the scope of the project.
> Based on this exploration, I then tried to outline a possible
> methodology for implementing the ingestion and reconstruction pipeline.
>
> My current idea is the following:
>
> First, implement a set of functions that parse SPDX JSON documents and
> map their contents into an RDF model using the rdflib library. Although
> SPDX contains many classes and properties, the mapping itself seems
> manageable once the basic structure (elements, relationships,
> identifiers) is defined.
>
> During the ingestion step, entities that share the same spdxId would be
> merged so that common elements across different SBOMs are reused rather
> than duplicated, as you mentioned in your previous email. The resulting
> triples would then be stored in a triplestore.
>
> Next, I would implement the reverse process: exporting the stored RDF
> triples back into a valid SPDX JSON document. To ensure the correctness
> of this round-trip process, the reconstructed SBOM could be validated
> and compared semantically with the original input, verifying that the
> information content remains equivalent.
>
> I would greatly appreciate your thoughts on whether this approach
> aligns with the intended direction of the project. Do you think
> something important is missing from this outline, or that any part of
> it should be reconsidered?
>
> Also, if you happen to have any additional resources or references that
> would be useful to study at this stage, I would be very happy to take a
> look at them.
>
> Your feedback would help me significantly as I start preparing my
> proposal for the project.
>
> Best regards,
> Maira Papadopoulou
> ----
> Λαμβάνετε αυτό το μήνυμα απο την λίστα: Λίστα αλληλογραφίας και
> συζητήσεων που απευθύνεται σε φοιτητές developers \& mentors έργων του
> Google Summer of Code - A discussion list for student developers and
> mentors of Google Summer of Code projects.,
> https://lists.ellak.gr/gsoc-developers/listinfo.html
> Μπορείτε να απεγγραφείτε από τη λίστα στέλνοντας κενό μήνυμα ηλ.
> ταχυδρομείου στη διεύθυνση <gsoc-developers+unsubscribe [ at ] ellak [ dot ] gr
> <mailto:gsoc-developers%2Bunsubscribe [ at ] ellak [ dot ] gr>>.
--
-- zvr -
----
Λαμβάνετε αυτό το μήνυμα απο την λίστα: Λίστα αλληλογραφίας και συζητήσεων που απευθύνεται σε φοιτητές developers \& mentors έργων του Google Summer of Code - A discussion list for student developers and mentors of Google Summer of Code projects.,
https://lists.ellak.gr/gsoc-developers/listinfo.html
Μπορείτε να απεγγραφείτε από τη λίστα στέλνοντας κενό μήνυμα ηλ. ταχυδρομείου στη διεύθυνση <gsoc-developers+unsubscribe [ at ] ellak [ dot ] gr>.