Tag-Value does not parse ExternalDocumentRef in CreationInfo properly

Reported [in Grype](https://github.com/anchore/grype/issues/3107), an SPDX Tag-Value results in an error when containing `ExternalDocumentRef` properties following `CreationInfo`, e.g.:
```
SPDXVersion: SPDX-2.3
DataLicense: CC0-1.0
SPDXID: SPDXRef-DOCUMENT
DocumentName: qtdeclarative-6.9.2
DocumentNamespace: https://qt.io/spdxdocs/qtdeclarative-6.9.2
Creator: Organization: TheQtCompany
Creator: Tool: Qt Build System
CreatorComment: <text>This SPDX document was created from CMake 4.2.1, using the qt
build system from https://code.qt.io/cgit/qt/qtbase.git/tree/cmake/QtPublicSbomHelpers.cmake</text>
Created: 2025-12-10T14:36:14Z
ExternalDocumentRef: DocumentRef-qtbase https://qt.io/spdxdocs/qtbase-6.9.2 SHA1: ff0fb8281a7c2c2ce4878e5b353f6cff68c20ae1
ExternalDocumentRef: DocumentRef-qtsvg https://qt.io/spdxdocs/qtsvg-6.9.2 SHA1: acaa8ba43bfe23afb2b4e137044d20a2e1147462

PackageName: GNU
SPDXID: SPDXRef-compiler
PackageVersion: 15.2.1
PackageDownloadLocation: NOASSERTION
PackageLicenseConcluded: NOASSERTION
...
```

I suspect this is due to [not handling it here](https://github.com/spdx/tools-golang/blob/main/spdx/v2/v2_3/tagvalue/reader/parse_creation_info.go#L49)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Tag-Value does not parse ExternalDocumentRef in CreationInfo properly #273

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Tag-Value does not parse ExternalDocumentRef in CreationInfo properly #273

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions