Checksum is 0 for spdx files

**What happened**:

An SPDX json report contains a 0 value for the file checksum. It looks like it is not adding/using the path. If you give me some pointers I can take a look at a PR.

```
"files": [
  {
   "fileName": "/activemq-osgi-5.18.2.jar",
   "SPDXID": "SPDXRef-File-activemq-osgi-5.18.2.jar-57d3ba18b01bbbb8",
   "checksums": [
    {
     "algorithm": "SHA1",
     "checksumValue": "0000000000000000000000000000000000000000"
    }
   ],
   "licenseConcluded": "NOASSERTION",
   "copyrightText": ""
  }
 ],
```

**What you expected to happen**:

Correct file checksum, like in the packages section.

**Steps to reproduce the issue**:

- wget https://repo1.maven.org/maven2/org/apache/activemq/activemq-osgi/5.18.2/activemq-osgi-5.18.2.jar
- syft packages ./activemq-osgi-5.18.2.jar -o spdx-json > activemq.json

**Anything else we need to know?**:

**Environment**:
- syft 0.95.0


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Checksum is 0 for spdx files #2307

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Checksum is 0 for spdx files #2307

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions