received unknown tag ExternalDocumentRef in CreationInfo section #3107
Description
What happened:
We tried to check the SBOMs of Qt (https://doc.qt.io/qt-6/sbom.html) and got those errors.
$ grype sbom:qtconnectivity-6.9.2.spdx
[0000] ERROR failed to catalog: unable to decode sbom: unable to decode spdx tag-value: received unknown tag ExternalDocumentRef in CreationInfo section
What you expected to happen:
No error
How to reproduce it (as minimally and precisely as possible):
qtdeclarative-6.9.2.json (rename to spdx... used json because of github)
Environment:
$ grype version
Application: grype
Version: 0.104.2
BuildDate: 2025-12-09T23:03:07Z
GitCommit: b47060229fe05c654a7f0615a131db6cb3bc27f6
GitDescription: v0.104.2
Platform: linux/amd64
GoVersion: go1.25.4
Compiler: gc
Syft Version: v1.38.2
Supported DB Schema: 6
$ cat /etc/os-release
NAME="Arch Linux"
PRETTY_NAME="Arch Linux"
ID=arch
BUILD_ID=rolling
ANSI_COLOR="38;2;23;147;209"
HOME_URL="https://archlinux.org/"
DOCUMENTATION_URL="https://wiki.archlinux.org/"
SUPPORT_URL="https://bbs.archlinux.org/"
BUG_REPORT_URL="https://gitlab.archlinux.org/groups/archlinux/-/issues"
PRIVACY_POLICY_URL="https://terms.archlinux.org/docs/privacy-policy/"
LOGO=archlinux-logo