chore: Add v2.3 data model and JSON support

Signed-off-by: Keith Zantow <kzantow@gmail.com>

14 files changed, 1416 insertions, 3 deletions

diff --git a/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json b/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json
new file mode 100644
index 0000000..b652a54
--- /dev/null
+++ b/examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json
@@ -0,0 +1,404 @@
+{
+  "spdxVersion": "SPDX-2.3",
+  "dataLicense": "CC0-1.0",
+  "SPDXID": "SPDXRef-DOCUMENT",
+  "name": "SPDX-Tools-v2.0",
+  "documentNamespace": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301",
+  "externalDocumentRefs": [
+    {
+      "externalDocumentId": "DocumentRef-spdx-tool-1.2",
+      "spdxDocument": "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301",
+      "checksum": {
+        "algorithm": "SHA1",
+        "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2759"
+      }
+    }
+  ],
+  "comment": "This document was created using SPDX 2.0 using licenses from the web site.",
+  "creationInfo": {
+    "licenseListVersion": "3.9",
+    "creators": [
+      "Tool: LicenseFind-1.0",
+      "Organization: ExampleCodeInspect ()",
+      "Person: Jane Doe ()"
+    ],
+    "created": "2010-01-29T18:30:22Z",
+    "comment": "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries."
+  },
+  "packages": [
+    {
+      "name": "glibc",
+      "SPDXID": "SPDXRef-Package",
+      "versionInfo": "2.11.1",
+      "packageFileName": "glibc-2.11.1.tar.gz",
+      "supplier": "Person: Jane Doe (jane.doe@example.com)",
+      "originator": "Organization: ExampleCodeInspect (contact@example.com)",
+      "downloadLocation": "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz",
+      "filesAnalyzed": true,
+      "packageVerificationCode": {
+        "packageVerificationCodeValue": "d6a770ba38583ed4bb4525bd96e50461655d2758",
+        "packageVerificationCodeExcludedFiles": [
+          "./package.spdx"
+        ]
+      },
+      "checksums": [
+        {
+          "algorithm": "MD5",
+          "checksumValue": "624c1abb3664f4b35547e7c73864ad24"
+        },
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c"
+        },
+        {
+          "algorithm": "SHA256",
+          "checksumValue": "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd"
+        }
+      ],
+      "homepage": "http://ftp.gnu.org/gnu/glibc",
+      "sourceInfo": "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.",
+      "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-3)",
+      "licenseInfoFromFiles": [
+        "GPL-2.0-only",
+        "LicenseRef-2",
+        "LicenseRef-1"
+      ],
+      "licenseDeclared": "(LGPL-2.0-only AND LicenseRef-3)",
+      "licenseComments": "The license for this project changed with the release of version x.y.  The version of the project included here post-dates the license change.",
+      "copyrightText": "Copyright 2008-2010 John Smith",
+      "summary": "GNU C library.",
+      "description": "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.",
+      "externalRefs": [
+        {
+          "referenceCategory": "SECURITY",
+          "referenceType": "cpe23Type",
+          "referenceLocator": "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*",
+          "comment": ""
+        },
+        {
+          "referenceCategory": "OTHER",
+          "referenceType": "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge",
+          "referenceLocator": "acmecorp/acmenator/4.1.3-alpha",
+          "comment": "This is the external ref for Acme"
+        }
+      ],
+      "attributionTexts": [
+        "The GNU C Library is free software.  See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed.  License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually."
+      ],
+      "annotations": [
+        {
+          "annotator": "Person: Package Commenter",
+          "annotationDate": "2011-01-29T18:30:22Z",
+          "annotationType": "OTHER",
+          "comment": "Package level annotation"
+        }
+      ]
+    },
+    {
+      "name": "Apache Commons Lang",
+      "SPDXID": "SPDXRef-fromDoap-1",
+      "downloadLocation": "NOASSERTION",
+      "homepage": "http://commons.apache.org/proper/commons-lang/",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION"
+    },
+    {
+      "name": "Jena",
+      "SPDXID": "SPDXRef-fromDoap-0",
+      "versionInfo": "3.12.0",
+      "downloadLocation": "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz",
+      "homepage": "http://www.openjena.org/",
+      "licenseConcluded": "NOASSERTION",
+      "licenseDeclared": "NOASSERTION",
+      "copyrightText": "NOASSERTION",
+      "externalRefs": [
+        {
+          "referenceCategory": "PACKAGE-MANAGER",
+          "referenceType": "purl",
+          "referenceLocator": "pkg:maven/org.apache.jena/apache-jena@3.12.0",
+          "comment": ""
+        }
+      ]
+    },
+    {
+      "name": "Saxon",
+      "SPDXID": "SPDXRef-Saxon",
+      "versionInfo": "8.8",
+      "packageFileName": "saxonB-8.8.zip",
+      "downloadLocation": "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download",
+      "checksums": [
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "85ed0817af83a24ad8da68c2b5094de69833983c"
+        }
+      ],
+      "homepage": "http://saxon.sourceforge.net/",
+      "licenseConcluded": "MPL-1.0",
+      "licenseDeclared": "MPL-1.0",
+      "licenseComments": "Other versions available for a commercial license",
+      "copyrightText": "Copyright Saxonica Ltd",
+      "description": "The Saxon package is a collection of tools for processing XML documents."
+    },
+    {
+      "name": "centos",
+      "SPDXID": "SPDXRef-CentOS-7",
+      "versionInfo": "centos7.9.2009",
+      "packageFileName": "saxonB-8.8.zip",
+      "downloadLocation": "NOASSERTION",
+      "homepage": "https://www.centos.org/",
+      "copyrightText": "NOASSERTION",
+      "description": "The CentOS container used to run the application.",
+      "primaryPackagePurpose": "CONTAINER",
+      "builtDate": "2021-09-15T02:38:00Z"
+    }
+  ],
+  "files": [
+    {
+      "fileName": "./src/org/spdx/parser/DOAPProject.java",
+      "SPDXID": "SPDXRef-DoapSource",
+      "fileTypes": [
+        "SOURCE"
+      ],
+      "checksums": [
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
+        }
+      ],
+      "licenseConcluded": "Apache-2.0",
+      "licenseInfoInFiles": [
+        "Apache-2.0"
+      ],
+      "copyrightText": "Copyright 2010, 2011 Source Auditor Inc.",
+      "fileContributors": [
+        "Protecode Inc.",
+        "SPDX Technical Team Members",
+        "Open Logic Inc.",
+        "Source Auditor Inc.",
+        "Black Duck Software In.c"
+      ]
+    },
+    {
+      "fileName": "./lib-source/commons-lang3-3.1-sources.jar",
+      "SPDXID": "SPDXRef-CommonsLangSrc",
+      "fileTypes": [
+        "ARCHIVE"
+      ],
+      "checksums": [
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "c2b4e1c67a2d28fced849ee1bb76e7391b93f125"
+        }
+      ],
+      "licenseConcluded": "Apache-2.0",
+      "licenseInfoInFiles": [
+        "Apache-2.0"
+      ],
+      "copyrightText": "Copyright 2001-2011 The Apache Software Foundation",
+      "comment": "This file is used by Jena",
+      "noticeText": "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())",
+      "fileContributors": [
+        "Apache Software Foundation"
+      ]
+    },
+    {
+      "fileName": "./lib-source/jena-2.6.3-sources.jar",
+      "SPDXID": "SPDXRef-JenaLib",
+      "fileTypes": [
+        "ARCHIVE"
+      ],
+      "checksums": [
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "3ab4e1c67a2d28fced849ee1bb76e7391b93f125"
+        }
+      ],
+      "licenseConcluded": "LicenseRef-1",
+      "licenseInfoInFiles": [
+        "LicenseRef-1"
+      ],
+      "licenseComments": "This license is used by Jena",
+      "copyrightText": "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP",
+      "comment": "This file belongs to Jena",
+      "fileContributors": [
+        "Apache Software Foundation",
+        "Hewlett Packard Inc."
+      ]
+    },
+    {
+      "fileName": "./package/foo.c",
+      "SPDXID": "SPDXRef-File",
+      "fileTypes": [
+        "SOURCE"
+      ],
+      "checksums": [
+        {
+          "algorithm": "SHA1",
+          "checksumValue": "d6a770ba38583ed4bb4525bd96e50461655d2758"
+        },
+        {
+          "algorithm": "MD5",
+          "checksumValue": "624c1abb3664f4b35547e7c73864ad24"
+        }
+      ],
+      "licenseConcluded": "(LGPL-2.0-only OR LicenseRef-2)",
+      "licenseInfoInFiles": [
+        "GPL-2.0-only",
+        "LicenseRef-2"
+      ],
+      "licenseComments": "The concluded license was taken from the package level that the file was included in.",
+      "copyrightText": "Copyright 2008-2010 John Smith",
+      "comment": "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.",
+      "noticeText": "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
+      "fileContributors": [
+        "The Regents of the University of California",
+        "Modified by Paul Mundt lethal@linux-sh.org",
+        "IBM Corporation"
+      ],
+      "annotations": [
+        {
+          "annotator": "Person: File Commenter",
+          "annotationDate": "2011-01-29T18:30:22Z",
+          "annotationType": "OTHER",
+          "comment": "File level annotation"
+        }
+      ]
+    }
+  ],
+  "hasExtractedLicensingInfos": [
+    {
+      "licenseId": "LicenseRef-1",
+      "extractedText": "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n *    notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n *    notice, this list of conditions and the following disclaimer in the\n *    documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n *    derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/"
+    },
+    {
+      "licenseId": "LicenseRef-2",
+      "extractedText": "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
+    },
+    {
+      "licenseId": "LicenseRef-4",
+      "extractedText": "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n *    notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n *    notice, this list of conditions and the following disclaimer in the\n *    documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n *    derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/"
+    },
+    {
+      "licenseId": "LicenseRef-Beerware-4.2",
+      "extractedText": "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp",
+      "name": "Beer-Ware License (Version 42)",
+      "seeAlsos": [
+        "http://people.freebsd.org/~phk/"
+      ],
+      "comment": "The beerware license has a couple of other standard variants."
+    },
+    {
+      "licenseId": "LicenseRef-3",
+      "extractedText": "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark.  All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in\n   the documentation and/or other materials provided with the\n   distribution.\n\n3. The end-user documentation included with the redistribution,\n   if any, must include the following acknowledgment:  \n     \"This product includes software developed by Andy Clark.\"\n   Alternately, this acknowledgment may appear in the software itself,\n   if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n   or promote products derived from this software without prior \n   written permission. For written permission, please contact \n   andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n   nor may \"CyberNeko\" appear in their name, without prior written\n   permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
+      "name": "CyberNeko License",
+      "seeAlsos": [
+        "http://people.apache.org/~andyc/neko/LICENSE",
+        "http://justasample.url.com"
+      ],
+      "comment": "This is tye CyperNeko License"
+    }
+  ],
+  "relationships": [
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-Package",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "DocumentRef-spdx-tool-1.2:SPDXRef-ToolsElement",
+      "relationshipType": "COPY_OF"
+    },
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-File",
+      "relationshipType": "DESCRIBES"
+    },
+    {
+      "spdxElementId": "SPDXRef-DOCUMENT",
+      "relatedSpdxElement": "SPDXRef-Package",
+      "relationshipType": "DESCRIBES"
+    },
+    {
+      "spdxElementId": "SPDXRef-Package",
+      "relatedSpdxElement": "SPDXRef-JenaLib",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-Package",
+      "relatedSpdxElement": "SPDXRef-Saxon",
+      "relationshipType": "DYNAMIC_LINK"
+    },
+    {
+      "spdxElementId": "SPDXRef-CommonsLangSrc",
+      "relatedSpdxElement": "NOASSERTION",
+      "relationshipType": "GENERATED_FROM"
+    },
+    {
+      "spdxElementId": "SPDXRef-JenaLib",
+      "relatedSpdxElement": "SPDXRef-Package",
+      "relationshipType": "CONTAINS"
+    },
+    {
+      "spdxElementId": "SPDXRef-File",
+      "relatedSpdxElement": "SPDXRef-fromDoap-0",
+      "relationshipType": "GENERATED_FROM"
+    }
+  ],
+  "annotations": [
+    {
+      "annotator": "Person: Jane Doe ()",
+      "annotationDate": "2010-01-29T18:30:22Z",
+      "annotationType": "OTHER",
+      "comment": "Document level annotation"
+    },
+    {
+      "annotator": "Person: Joe Reviewer",
+      "annotationDate": "2010-02-10T00:00:00Z",
+      "annotationType": "REVIEW",
+      "comment": "This is just an example.  Some of the non-standard licenses look like they are actually BSD 3 clause licenses"
+    },
+    {
+      "annotator": "Person: Suzanne Reviewer",
+      "annotationDate": "2011-03-13T00:00:00Z",
+      "annotationType": "REVIEW",
+      "comment": "Another example reviewer."
+    }
+  ],
+  "snippets": [
+    {
+      "SPDXID": "SPDXRef-Snippet",
+      "snippetFromFile": "SPDXRef-DoapSource",
+      "ranges": [
+        {
+          "startPointer": {
+            "offset": 310,
+            "reference": "SPDXRef-DoapSource"
+          },
+          "endPointer": {
+            "offset": 420,
+            "reference": "SPDXRef-DoapSource"
+          }
+        },
+        {
+          "startPointer": {
+            "lineNumber": 5,
+            "reference": "SPDXRef-DoapSource"
+          },
+          "endPointer": {
+            "lineNumber": 23,
+            "reference": "SPDXRef-DoapSource"
+          }
+        }
+      ],
+      "licenseConcluded": "GPL-2.0-only",
+      "licenseInfoInSnippets": [
+        "GPL-2.0-only"
+      ],
+      "licenseComments": "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.",
+      "copyrightText": "Copyright 2008-2010 John Smith",
+      "comment": "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.",
+      "name": "from linux kernel"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/json/json_test.go b/json/json_v2_2_test.go
index 2c22dcd..01400ec 100644
--- a/json/json_test.go
+++ b/json/json_v2_2_test.go
@@ -27,7 +27,7 @@ func TestLoad2_2(t *testing.T) {
 	}
 
 	// get a copy of the handwritten struct so we don't mutate it on accident
-	handwrittenExample := want
+	handwrittenExample := want2_2
 
 	if cmp.Equal(handwrittenExample, got) {
 		t.Errorf("Got incorrect struct after parsing JSON example")
@@ -38,7 +38,7 @@ func TestLoad2_2(t *testing.T) {
 func TestWrite2_2(t *testing.T) {
 	w := &bytes.Buffer{}
 	// get a copy of the handwritten struct so we don't mutate it on accident
-	handwrittenExample := want
+	handwrittenExample := want2_2
 	if err := Save2_2(&handwrittenExample, w); err != nil {
 		t.Errorf("Save2_2() error = %v", err.Error())
 		return
@@ -60,7 +60,7 @@ func TestWrite2_2(t *testing.T) {
 // want is handwritten translation of the official example JSON SPDX v2.2 document into a Go struct.
 // We expect that the result of parsing the official document should be this value.
 // We expect that the result of writing this struct should match the official example document.
-var want = v2_2.Document{
+var want2_2 = v2_2.Document{
 	DataLicense:       "CC0-1.0",
 	SPDXVersion:       "SPDX-2.2",
 	SPDXIdentifier:    "SPDXRef-DOCUMENT",
diff --git a/json/json_v2_3_test.go b/json/json_v2_3_test.go
new file mode 100644
index 0000000..bcee753
--- /dev/null
+++ b/json/json_v2_3_test.go
@@ -0,0 +1,480 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package spdx_json
+
+import (
+	"bytes"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+
+	"github.com/spdx/tools-golang/spdx/common"
+	"github.com/spdx/tools-golang/spdx/v2_3"
+)
+
+var update = *flag.Bool("update-snapshots", false, "update the example snapshot")
+
+func TestLoad2_3(t *testing.T) {
+	fileName := "../examples/sample-docs/json/SPDXJSONExample-v2.3.spdx.json"
+
+	if update {
+		data, err := json.MarshalIndent(want2_3, "", "  ")
+		if err != nil {
+			t.Errorf("unable to serialize SPDX 2.3 example to JSON: %v", err)
+		}
+		err = os.WriteFile(fileName, data, 0644)
+		if err != nil {
+			t.Errorf("unable to write SPDX 2.3 example to JSON: %v", err)
+		}
+	}
+
+	file, err := os.Open(fileName)
+	if err != nil {
+		panic(fmt.Errorf("error opening File: %s", err))
+	}
+
+	got, err := Load2_3(file)
+	if err != nil {
+		t.Errorf("json.parser.Load2_3() error = %v", err)
+		return
+	}
+
+	// get a copy of the handwritten struct so we don't mutate it on accident
+	handwrittenExample := want2_3
+
+	if cmp.Equal(handwrittenExample, got) {
+		t.Errorf("Got incorrect struct after parsing JSON example")
+		return
+	}
+}
+
+func TestWrite2_3(t *testing.T) {
+	w := &bytes.Buffer{}
+	// get a copy of the handwritten struct so we don't mutate it on accident
+	handwrittenExample := want2_3
+	if err := Save2_3(&handwrittenExample, w); err != nil {
+		t.Errorf("Save2_3() error = %v", err.Error())
+		return
+	}
+
+	// we should be able to parse what the writer wrote, and it should be identical to the original struct we wrote
+	parsedDoc, err := Load2_3(bytes.NewReader(w.Bytes()))
+	if err != nil {
+		t.Errorf("failed to parse written document: %v", err.Error())
+		return
+	}
+
+	if cmp.Equal(handwrittenExample, parsedDoc) {
+		t.Errorf("Got incorrect struct after writing and re-parsing JSON example")
+		return
+	}
+}
+
+// want is handwritten translation of the official example JSON SPDX v2.3 document into a Go struct.
+// We expect that the result of parsing the official document should be this value.
+// We expect that the result of writing this struct should match the official example document.
+var want2_3 = v2_3.Document{
+	DataLicense:       "CC0-1.0",
+	SPDXVersion:       "SPDX-2.3",
+	SPDXIdentifier:    "SPDXRef-DOCUMENT",
+	DocumentName:      "SPDX-Tools-v2.0",
+	DocumentNamespace: "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301",
+	CreationInfo: &v2_3.CreationInfo{
+		LicenseListVersion: "3.9",
+		Creators: []common.Creator{
+			{CreatorType: "Tool", Creator: "LicenseFind-1.0"},
+			{CreatorType: "Organization", Creator: "ExampleCodeInspect ()"},
+			{CreatorType: "Person", Creator: "Jane Doe ()"},
+		},
+		Created:        "2010-01-29T18:30:22Z",
+		CreatorComment: "This package has been shipped in source and binary form.\nThe binaries were created with gcc 4.5.1 and expect to link to\ncompatible system run time libraries.",
+	},
+	DocumentComment: "This document was created using SPDX 2.0 using licenses from the web site.",
+	ExternalDocumentReferences: []v2_3.ExternalDocumentRef{
+		{
+			DocumentRefID: "DocumentRef-spdx-tool-1.2",
+			URI:           "http://spdx.org/spdxdocs/spdx-tools-v1.2-3F2504E0-4F89-41D3-9A0C-0305E82C3301",
+			Checksum: common.Checksum{
+				Algorithm: common.SHA1,
+				Value:     "d6a770ba38583ed4bb4525bd96e50461655d2759",
+			},
+		},
+	},
+	OtherLicenses: []*v2_3.OtherLicense{
+		{
+			LicenseIdentifier: "LicenseRef-1",
+			ExtractedText:     "/*\n * (c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n *    notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n *    notice, this list of conditions and the following disclaimer in the\n *    documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n *    derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/",
+		},
+		{
+			LicenseIdentifier: "LicenseRef-2",
+			ExtractedText:     "This package includes the GRDDL parser developed by Hewlett Packard under the following license:\n� Copyright 2007 Hewlett-Packard Development Company, LP\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: \n\nRedistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. \nRedistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. \nThe name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. \nTHIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
+		},
+		{
+			LicenseIdentifier: "LicenseRef-4",
+			ExtractedText:     "/*\n * (c) Copyright 2009 University of Bristol\n * All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n *    notice, this list of conditions and the following disclaimer.\n * 2. Redistributions in binary form must reproduce the above copyright\n *    notice, this list of conditions and the following disclaimer in the\n *    documentation and/or other materials provided with the distribution.\n * 3. The name of the author may not be used to endorse or promote products\n *    derived from this software without specific prior written permission.\n *\n * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/",
+		},
+		{
+			LicenseIdentifier:      "LicenseRef-Beerware-4.2",
+			ExtractedText:          "\"THE BEER-WARE LICENSE\" (Revision 42):\nphk@FreeBSD.ORG wrote this file. As long as you retain this notice you\ncan do whatever you want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp",
+			LicenseComment:         "The beerware license has a couple of other standard variants.",
+			LicenseName:            "Beer-Ware License (Version 42)",
+			LicenseCrossReferences: []string{"http://people.freebsd.org/~phk/"},
+		},
+		{
+			LicenseIdentifier: "LicenseRef-3",
+			ExtractedText:     "The CyberNeko Software License, Version 1.0\n\n \n(C) Copyright 2002-2005, Andy Clark.  All rights reserved.\n \nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer. \n\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in\n   the documentation and/or other materials provided with the\n   distribution.\n\n3. The end-user documentation included with the redistribution,\n   if any, must include the following acknowledgment:  \n     \"This product includes software developed by Andy Clark.\"\n   Alternately, this acknowledgment may appear in the software itself,\n   if and wherever such third-party acknowledgments normally appear.\n\n4. The names \"CyberNeko\" and \"NekoHTML\" must not be used to endorse\n   or promote products derived from this software without prior \n   written permission. For written permission, please contact \n   andyc@cyberneko.net.\n\n5. Products derived from this software may not be called \"CyberNeko\",\n   nor may \"CyberNeko\" appear in their name, without prior written\n   permission of the author.\n\nTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED\nWARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\nOF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR OTHER CONTRIBUTORS\nBE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, \nOR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT \nOF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR \nBUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE \nOR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, \nEVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.",
+			LicenseName:       "CyberNeko License",
+			LicenseCrossReferences: []string{
+				"http://people.apache.org/~andyc/neko/LICENSE",
+				"http://justasample.url.com",
+			},
+			LicenseComment: "This is tye CyperNeko License",
+		},
+	},
+	Annotations: []*v2_3.Annotation{
+		{
+			Annotator: common.Annotator{
+				Annotator:     "Jane Doe ()",
+				AnnotatorType: "Person",
+			},
+			AnnotationDate:    "2010-01-29T18:30:22Z",
+			AnnotationType:    "OTHER",
+			AnnotationComment: "Document level annotation",
+		},
+		{
+			Annotator: common.Annotator{
+				Annotator:     "Joe Reviewer",
+				AnnotatorType: "Person",
+			},
+			AnnotationDate:    "2010-02-10T00:00:00Z",
+			AnnotationType:    "REVIEW",
+			AnnotationComment: "This is just an example.  Some of the non-standard licenses look like they are actually BSD 3 clause licenses",
+		},
+		{
+			Annotator: common.Annotator{
+				Annotator:     "Suzanne Reviewer",
+				AnnotatorType: "Person",
+			},
+			AnnotationDate:    "2011-03-13T00:00:00Z",
+			AnnotationType:    "REVIEW",
+			AnnotationComment: "Another example reviewer.",
+		},
+	},
+	Packages: []*v2_3.Package{
+		{
+			PackageName:           "glibc",
+			PackageSPDXIdentifier: "SPDXRef-Package",
+			PackageVersion:        "2.11.1",
+			PackageFileName:       "glibc-2.11.1.tar.gz",
+			PackageSupplier: &common.Supplier{
+				Supplier:     "Jane Doe (jane.doe@example.com)",
+				SupplierType: "Person",
+			},
+			PackageOriginator: &common.Originator{
+				Originator:     "ExampleCodeInspect (contact@example.com)",
+				OriginatorType: "Organization",
+			},
+			PackageDownloadLocation: "http://ftp.gnu.org/gnu/glibc/glibc-ports-2.15.tar.gz",
+			FilesAnalyzed:           true,
+			PackageVerificationCode: &common.PackageVerificationCode{
+				Value:         "d6a770ba38583ed4bb4525bd96e50461655d2758",
+				ExcludedFiles: []string{"./package.spdx"},
+			},
+			PackageChecksums: []common.Checksum{
+				{
+					Algorithm: "MD5",
+					Value:     "624c1abb3664f4b35547e7c73864ad24",
+				},
+				{
+					Algorithm: "SHA1",
+					Value:     "85ed0817af83a24ad8da68c2b5094de69833983c",
+				},
+				{
+					Algorithm: "SHA256",
+					Value:     "11b6d3ee554eedf79299905a98f9b9a04e498210b59f15094c916c91d150efcd",
+				},
+			},
+			PackageHomePage:         "http://ftp.gnu.org/gnu/glibc",
+			PackageSourceInfo:       "uses glibc-2_11-branch from git://sourceware.org/git/glibc.git.",
+			PackageLicenseConcluded: "(LGPL-2.0-only OR LicenseRef-3)",
+			PackageLicenseInfoFromFiles: []string{
+				"GPL-2.0-only",
+				"LicenseRef-2",
+				"LicenseRef-1",
+			},
+			PackageLicenseDeclared: "(LGPL-2.0-only AND LicenseRef-3)",
+			PackageLicenseComments: "The license for this project changed with the release of version x.y.  The version of the project included here post-dates the license change.",
+			PackageCopyrightText:   "Copyright 2008-2010 John Smith",
+			PackageSummary:         "GNU C library.",
+			PackageDescription:     "The GNU C Library defines functions that are specified by the ISO C standard, as well as additional features specific to POSIX and other derivatives of the Unix operating system, and extensions specific to GNU systems.",
+			PackageComment:         "",
+			PackageExternalReferences: []*v2_3.PackageExternalReference{
+				{
+					Category: "SECURITY",
+					RefType:  "cpe23Type",
+					Locator:  "cpe:2.3:a:pivotal_software:spring_framework:4.1.0:*:*:*:*:*:*:*",
+				},
+				{
+					Category:           "OTHER",
+					RefType:            "http://spdx.org/spdxdocs/spdx-example-444504E0-4F89-41D3-9A0C-0305E82C3301#LocationRef-acmeforge",
+					Locator:            "acmecorp/acmenator/4.1.3-alpha",
+					ExternalRefComment: "This is the external ref for Acme",
+				},
+			},
+			PackageAttributionTexts: []string{
+				"The GNU C Library is free software.  See the file COPYING.LIB for copying conditions, and LICENSES for notices about a few contributions that require these additional notices to be distributed.  License copyright years may be listed using range notation, e.g., 1996-2015, indicating that every year in the range, inclusive, is a copyrightable year that would otherwise be listed individually.",
+			},
+			Files: nil,
+			Annotations: []v2_3.Annotation{
+				{
+					Annotator: common.Annotator{
+						Annotator:     "Package Commenter",
+						AnnotatorType: "Person",
+					},
+					AnnotationDate:    "2011-01-29T18:30:22Z",
+					AnnotationType:    "OTHER",
+					AnnotationComment: "Package level annotation",
+				},
+			},
+		},
+		{
+			PackageSPDXIdentifier:   "SPDXRef-fromDoap-1",
+			PackageCopyrightText:    "NOASSERTION",
+			PackageDownloadLocation: "NOASSERTION",
+			FilesAnalyzed:           false,
+			PackageHomePage:         "http://commons.apache.org/proper/commons-lang/",
+			PackageLicenseDeclared:  "NOASSERTION",
+			PackageName:             "Apache Commons Lang",
+		},
+		{
+			PackageName:             "Jena",
+			PackageSPDXIdentifier:   "SPDXRef-fromDoap-0",
+			PackageCopyrightText:    "NOASSERTION",
+			PackageDownloadLocation: "https://search.maven.org/remotecontent?filepath=org/apache/jena/apache-jena/3.12.0/apache-jena-3.12.0.tar.gz",
+			PackageExternalReferences: []*v2_3.PackageExternalReference{
+				{
+					Category: "PACKAGE-MANAGER",
+					RefType:  "purl",
+					Locator:  "pkg:maven/org.apache.jena/apache-jena@3.12.0",
+				},
+			},
+			FilesAnalyzed:           false,
+			PackageHomePage:         "http://www.openjena.org/",
+			PackageLicenseConcluded: "NOASSERTION",
+			PackageLicenseDeclared:  "NOASSERTION",
+			PackageVersion:          "3.12.0",
+		},
+		{
+			PackageSPDXIdentifier: "SPDXRef-Saxon",
+			PackageChecksums: []common.Checksum{
+				{
+					Algorithm: "SHA1",
+					Value:     "85ed0817af83a24ad8da68c2b5094de69833983c",
+				},
+			},
+			PackageCopyrightText:    "Copyright Saxonica Ltd",
+			PackageDescription:      "The Saxon package is a collection of tools for processing XML documents.",
+			PackageDownloadLocation: "https://sourceforge.net/projects/saxon/files/Saxon-B/8.8.0.7/saxonb8-8-0-7j.zip/download",
+			FilesAnalyzed:           false,
+			PackageHomePage:         "http://saxon.sourceforge.net/",
+			PackageLicenseComments:  "Other versions available for a commercial license",
+			PackageLicenseConcluded: "MPL-1.0",
+			PackageLicenseDeclared:  "MPL-1.0",
+			PackageName:             "Saxon",
+			PackageFileName:         "saxonB-8.8.zip",
+			PackageVersion:          "8.8",
+		},
+		{
+			PrimaryPackagePurpose:   "CONTAINER",
+			PackageSPDXIdentifier:   "SPDXRef-CentOS-7",
+			PackageCopyrightText:    "NOASSERTION",
+			PackageDescription:      "The CentOS container used to run the application.",
+			PackageDownloadLocation: "NOASSERTION",
+			FilesAnalyzed:           false,
+			PackageHomePage:         "https://www.centos.org/",
+			PackageName:             "centos",
+			PackageFileName:         "saxonB-8.8.zip",
+			PackageVersion:          "centos7.9.2009",
+			BuiltDate:               "2021-09-15T02:38:00Z",
+		},
+	},
+	Files: []*v2_3.File{
+		{
+			FileName:           "./src/org/spdx/parser/DOAPProject.java",
+			FileSPDXIdentifier: "SPDXRef-DoapSource",
+			FileTypes: []string{
+				"SOURCE",
+			},
+			Checksums: []common.Checksum{
+				{
+					Algorithm: "SHA1",
+					Value:     "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+				},
+			},
+			LicenseConcluded: "Apache-2.0",
+			LicenseInfoInFiles: []string{
+				"Apache-2.0",
+			},
+			FileCopyrightText: "Copyright 2010, 2011 Source Auditor Inc.",
+			FileContributors: []string{
+				"Protecode Inc.",
+				"SPDX Technical Team Members",
+				"Open Logic Inc.",
+				"Source Auditor Inc.",
+				"Black Duck Software In.c",
+			},
+		},
+		{
+			FileSPDXIdentifier: "SPDXRef-CommonsLangSrc",
+			Checksums: []common.Checksum{
+				{
+					Algorithm: "SHA1",
+					Value:     "c2b4e1c67a2d28fced849ee1bb76e7391b93f125",
+				},
+			},
+			FileComment:        "This file is used by Jena",
+			FileCopyrightText:  "Copyright 2001-2011 The Apache Software Foundation",
+			FileContributors:   []string{"Apache Software Foundation"},
+			FileName:           "./lib-source/commons-lang3-3.1-sources.jar",
+			FileTypes:          []string{"ARCHIVE"},
+			LicenseConcluded:   "Apache-2.0",
+			LicenseInfoInFiles: []string{"Apache-2.0"},
+			FileNotice:         "Apache Commons Lang\nCopyright 2001-2011 The Apache Software Foundation\n\nThis product includes software developed by\nThe Apache Software Foundation (http://www.apache.org/).\n\nThis product includes software from the Spring Framework,\nunder the Apache License 2.0 (see: StringUtils.containsWhitespace())",
+		},
+		{
+			FileSPDXIdentifier: "SPDXRef-JenaLib",
+			Checksums: []common.Checksum{
+				{
+					Algorithm: "SHA1",
+					Value:     "3ab4e1c67a2d28fced849ee1bb76e7391b93f125",
+				},
+			},
+			FileComment:        "This file belongs to Jena",
+			FileCopyrightText:  "(c) Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Hewlett-Packard Development Company, LP",
+			FileContributors:   []string{"Apache Software Foundation", "Hewlett Packard Inc."},
+			FileName:           "./lib-source/jena-2.6.3-sources.jar",
+			FileTypes:          []string{"ARCHIVE"},
+			LicenseComments:    "This license is used by Jena",
+			LicenseConcluded:   "LicenseRef-1",
+			LicenseInfoInFiles: []string{"LicenseRef-1"},
+		},
+		{
+			FileSPDXIdentifier: "SPDXRef-File",
+			Annotations: []v2_3.Annotation{
+				{
+					Annotator: common.Annotator{
+						Annotator:     "File Commenter",
+						AnnotatorType: "Person",
+					},
+					AnnotationDate:    "2011-01-29T18:30:22Z",
+					AnnotationType:    "OTHER",
+					AnnotationComment: "File level annotation",
+				},
+			},
+			Checksums: []common.Checksum{
+				{
+					Algorithm: "SHA1",
+					Value:     "d6a770ba38583ed4bb4525bd96e50461655d2758",
+				},
+				{
+					Algorithm: "MD5",
+					Value:     "624c1abb3664f4b35547e7c73864ad24",
+				},
+			},
+			FileComment:        "The concluded license was taken from the package level that the file was included in.\nThis information was found in the COPYING.txt file in the xyz directory.",
+			FileCopyrightText:  "Copyright 2008-2010 John Smith",
+			FileContributors:   []string{"The Regents of the University of California", "Modified by Paul Mundt lethal@linux-sh.org", "IBM Corporation"},
+			FileName:           "./package/foo.c",
+			FileTypes:          []string{"SOURCE"},
+			LicenseComments:    "The concluded license was taken from the package level that the file was included in.",
+			LicenseConcluded:   "(LGPL-2.0-only OR LicenseRef-2)",
+			LicenseInfoInFiles: []string{"GPL-2.0-only", "LicenseRef-2"},
+			FileNotice:         "Copyright (c) 2001 Aaron Lehmann aaroni@vitelus.com\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the �Software�), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED �AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.",
+		},
+	},
+	Snippets: []v2_3.Snippet{
+		{
+			SnippetSPDXIdentifier:         "SPDXRef-Snippet",
+			SnippetFromFileSPDXIdentifier: "SPDXRef-DoapSource",
+			Ranges: []common.SnippetRange{
+				{
+					StartPointer: common.SnippetRangePointer{
+						Offset:             310,
+						FileSPDXIdentifier: "SPDXRef-DoapSource",
+					},
+					EndPointer: common.SnippetRangePointer{
+						Offset:             420,
+						FileSPDXIdentifier: "SPDXRef-DoapSource",
+					},
+				},
+				{
+					StartPointer: common.SnippetRangePointer{
+						LineNumber:         5,
+						FileSPDXIdentifier: "SPDXRef-DoapSource",
+					},
+					EndPointer: common.SnippetRangePointer{
+						LineNumber:         23,
+						FileSPDXIdentifier: "SPDXRef-DoapSource",
+					},
+				},
+			},
+			SnippetLicenseConcluded: "GPL-2.0-only",
+			LicenseInfoInSnippet:    []string{"GPL-2.0-only"},
+			SnippetLicenseComments:  "The concluded license was taken from package xyz, from which the snippet was copied into the current file. The concluded license information was found in the COPYING.txt file in package xyz.",
+			SnippetCopyrightText:    "Copyright 2008-2010 John Smith",
+			SnippetComment:          "This snippet was identified as significant and highlighted in this Apache-2.0 file, when a commercial scanner identified it as being derived from file foo.c in package xyz which is licensed under GPL-2.0.",
+			SnippetName:             "from linux kernel",
+		},
+	},
+	Relationships: []*v2_3.Relationship{
+		{
+			RefA:         common.MakeDocElementID("", "DOCUMENT"),
+			RefB:         common.MakeDocElementID("", "Package"),
+			Relationship: "CONTAINS",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "DOCUMENT"),
+			RefB:         common.MakeDocElementID("spdx-tool-1.2", "ToolsElement"),
+			Relationship: "COPY_OF",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "DOCUMENT"),
+			RefB:         common.MakeDocElementID("", "File"),
+			Relationship: "DESCRIBES",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "DOCUMENT"),
+			RefB:         common.MakeDocElementID("", "Package"),
+			Relationship: "DESCRIBES",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "Package"),
+			RefB:         common.MakeDocElementID("", "JenaLib"),
+			Relationship: "CONTAINS",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "Package"),
+			RefB:         common.MakeDocElementID("", "Saxon"),
+			Relationship: "DYNAMIC_LINK",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "CommonsLangSrc"),
+			RefB:         common.MakeDocElementSpecial("NOASSERTION"),
+			Relationship: "GENERATED_FROM",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "JenaLib"),
+			RefB:         common.MakeDocElementID("", "Package"),
+			Relationship: "CONTAINS",
+		},
+		{
+			RefA:         common.MakeDocElementID("", "File"),
+			RefB:         common.MakeDocElementID("", "fromDoap-0"),
+			Relationship: "GENERATED_FROM",
+		},
+	},
+}
diff --git a/json/parser.go b/json/parser.go
index 5c9e6f4..ee7915d 100644
--- a/json/parser.go
+++ b/json/parser.go
@@ -8,6 +8,7 @@ import (
 	"io"
 
 	"github.com/spdx/tools-golang/spdx/v2_2"
+	"github.com/spdx/tools-golang/spdx/v2_3"
 )
 
 // Load2_2 takes in an io.Reader and returns an SPDX document.
@@ -27,3 +28,21 @@ func Load2_2(content io.Reader) (*v2_2.Document, error) {
 
 	return &doc, nil
 }
+
+// Load2_3 takes in an io.Reader and returns an SPDX document.
+func Load2_3(content io.Reader) (*v2_3.Document, error) {
+	// convert io.Reader to a slice of bytes and call the parser
+	buf := new(bytes.Buffer)
+	_, err := buf.ReadFrom(content)
+	if err != nil {
+		return nil, err
+	}
+
+	var doc v2_3.Document
+	err = json.Unmarshal(buf.Bytes(), &doc)
+	if err != nil {
+		return nil, err
+	}
+
+	return &doc, nil
+}
diff --git a/json/writer.go b/json/writer.go
index bcc00a7..8f2b94d 100644
--- a/json/writer.go
+++ b/json/writer.go
@@ -4,6 +4,7 @@ package spdx_json
 
 import (
 	"encoding/json"
+	"github.com/spdx/tools-golang/spdx/v2_3"
 	"io"
 
 	"github.com/spdx/tools-golang/spdx/v2_2"
@@ -23,3 +24,18 @@ func Save2_2(doc *v2_2.Document, w io.Writer) error {
 
 	return nil
 }
+
+// Save2_3 takes an SPDX Document (version 2.2) and an io.Writer, and writes the document to the writer in JSON format.
+func Save2_3(doc *v2_3.Document, w io.Writer) error {
+	buf, err := json.Marshal(doc)
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(buf)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
diff --git a/spdx/v2_3/annotation.go b/spdx/v2_3/annotation.go
new file mode 100644
index 0000000..756aea1
--- /dev/null
+++ b/spdx/v2_3/annotation.go
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Annotation is an Annotation section of an SPDX Document for version 2.3 of the spec.
+type Annotation struct {
+	// 12.1: Annotator
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	Annotator common.Annotator `json:"annotator"`
+
+	// 12.2: Annotation Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationDate string `json:"annotationDate"`
+
+	// 12.3: Annotation Type: "REVIEW" or "OTHER"
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationType string `json:"annotationType"`
+
+	// 12.4: SPDX Identifier Reference
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	// This field is not used in hierarchical data formats where the referenced element is clear, such as JSON or YAML.
+	AnnotationSPDXIdentifier common.DocElementID `json:"-"`
+
+	// 12.5: Annotation Comment
+	// Cardinality: conditional (mandatory, one) if there is an Annotation
+	AnnotationComment string `json:"comment"`
+}
diff --git a/spdx/v2_3/creation_info.go b/spdx/v2_3/creation_info.go
new file mode 100644
index 0000000..55fed3d
--- /dev/null
+++ b/spdx/v2_3/creation_info.go
@@ -0,0 +1,26 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// CreationInfo is a Document Creation Information section of an
+// SPDX Document for version 2.3 of the spec.
+type CreationInfo struct {
+	// 6.7: License List Version
+	// Cardinality: optional, one
+	LicenseListVersion string `json:"licenseListVersion"`
+
+	// 6.8: Creators: may have multiple keys for Person, Organization
+	//      and/or Tool
+	// Cardinality: mandatory, one or many
+	Creators []common.Creator `json:"creators"`
+
+	// 6.9: Created: data format YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: mandatory, one
+	Created string `json:"created"`
+
+	// 6.10: Creator Comment
+	// Cardinality: optional, one
+	CreatorComment string `json:"comment"`
+}
diff --git a/spdx/v2_3/document.go b/spdx/v2_3/document.go
new file mode 100644
index 0000000..f8b5e23
--- /dev/null
+++ b/spdx/v2_3/document.go
@@ -0,0 +1,65 @@
+// Package spdx contains the struct definition for an SPDX Document
+// and its constituent parts.
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// ExternalDocumentRef is a reference to an external SPDX document
+// as defined in section 6.6 for version 2.3 of the spec.
+type ExternalDocumentRef struct {
+	// DocumentRefID is the ID string defined in the start of the
+	// reference. It should _not_ contain the "DocumentRef-" part
+	// of the mandatory ID string.
+	DocumentRefID string `json:"externalDocumentId"`
+
+	// URI is the URI defined for the external document
+	URI string `json:"spdxDocument"`
+
+	// Checksum is the actual hash data
+	Checksum common.Checksum `json:"checksum"`
+}
+
+// Document is an SPDX Document for version 2.3 of the spec.
+// See https://spdx.github.io/spdx-spec/v2.3/document-creation-information
+type Document struct {
+	// 6.1: SPDX Version; should be in the format "SPDX-2.3"
+	// Cardinality: mandatory, one
+	SPDXVersion string `json:"spdxVersion"`
+
+	// 6.2: Data License; should be "CC0-1.0"
+	// Cardinality: mandatory, one
+	DataLicense string `json:"dataLicense"`
+
+	// 6.3: SPDX Identifier; should be "DOCUMENT" to represent
+	//      mandatory identifier of SPDXRef-DOCUMENT
+	// Cardinality: mandatory, one
+	SPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 6.4: Document Name
+	// Cardinality: mandatory, one
+	DocumentName string `json:"name"`
+
+	// 6.5: Document Namespace
+	// Cardinality: mandatory, one
+	DocumentNamespace string `json:"documentNamespace"`
+
+	// 6.6: External Document References
+	// Cardinality: optional, one or many
+	ExternalDocumentReferences []ExternalDocumentRef `json:"externalDocumentRefs,omitempty"`
+
+	// 6.11: Document Comment
+	// Cardinality: optional, one
+	DocumentComment string `json:"comment,omitempty"`
+
+	CreationInfo  *CreationInfo   `json:"creationInfo"`
+	Packages      []*Package      `json:"packages,omitempty"`
+	Files         []*File         `json:"files,omitempty"`
+	OtherLicenses []*OtherLicense `json:"hasExtractedLicensingInfos,omitempty"`
+	Relationships []*Relationship `json:"relationships,omitempty"`
+	Annotations   []*Annotation   `json:"annotations,omitempty"`
+	Snippets      []Snippet       `json:"snippets,omitempty"`
+
+	// DEPRECATED in version 2.0 of spec
+	Reviews []*Review `json:"reviews,omitempty"`
+}
diff --git a/spdx/v2_3/file.go b/spdx/v2_3/file.go
new file mode 100644
index 0000000..3d6e71e
--- /dev/null
+++ b/spdx/v2_3/file.go
@@ -0,0 +1,96 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// File is a File section of an SPDX Document for version 2.3 of the spec.
+type File struct {
+	// 8.1: File Name
+	// Cardinality: mandatory, one
+	FileName string `json:"fileName"`
+
+	// 8.2: File SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	FileSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 8.3: File Types
+	// Cardinality: optional, multiple
+	FileTypes []string `json:"fileTypes,omitempty"`
+
+	// 8.4: File Checksum: may have keys for SHA1, SHA256, MD5, SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32
+	// Cardinality: mandatory, one SHA1, others may be optionally provided
+	Checksums []common.Checksum `json:"checksums"`
+
+	// 8.5: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one
+	LicenseConcluded string `json:"licenseConcluded,omitempty"`
+
+	// 8.6: License Information in File: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many
+	LicenseInfoInFiles []string `json:"licenseInfoInFiles,omitempty"`
+
+	// 8.7: Comments on License
+	// Cardinality: optional, one
+	LicenseComments string `json:"licenseComments,omitempty"`
+
+	// 8.8: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	FileCopyrightText string `json:"copyrightText"`
+
+	// DEPRECATED in version 2.1 of spec
+	// 8.9-8.11: Artifact of Project variables (defined below)
+	// Cardinality: optional, one or many
+	ArtifactOfProjects []ArtifactOfProject `json:"artifactOfs,omitempty"`
+
+	// 8.12: File Comment
+	// Cardinality: optional, one
+	FileComment string `json:"comment,omitempty"`
+
+	// 8.13: File Notice
+	// Cardinality: optional, one
+	FileNotice string `json:"noticeText,omitempty"`
+
+	// 8.14: File Contributor
+	// Cardinality: optional, one or many
+	FileContributors []string `json:"fileContributors,omitempty"`
+
+	// 8.15: File Attribution Text
+	// Cardinality: optional, one or many
+	FileAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+	// DEPRECATED in version 2.0 of spec
+	// 8.16: File Dependencies
+	// Cardinality: optional, one or many
+	FileDependencies []string `json:"fileDependencies,omitempty"`
+
+	// Snippets contained in this File
+	// Note that Snippets could be defined in a different Document! However,
+	// the only ones that _THIS_ document can contain are this ones that are
+	// defined here -- so this should just be an ElementID.
+	Snippets map[common.ElementID]*Snippet `json:"-"`
+
+	Annotations []Annotation `json:"annotations,omitempty"`
+}
+
+// ArtifactOfProject is a DEPRECATED collection of data regarding
+// a Package, as defined in sections 8.9-8.11 in version 2.3 of the spec.
+// NOTE: the JSON schema does not define the structure of this object:
+// https://github.com/spdx/spdx-spec/blob/development/v2.3.1/schemas/spdx-schema.json#L480
+type ArtifactOfProject struct {
+
+	// DEPRECATED in version 2.1 of spec
+	// 8.9: Artifact of Project Name
+	// Cardinality: conditional, required if present, one per AOP
+	Name string `json:"name"`
+
+	// DEPRECATED in version 2.1 of spec
+	// 8.10: Artifact of Project Homepage: URL or "UNKNOWN"
+	// Cardinality: optional, one per AOP
+	HomePage string `json:"homePage"`
+
+	// DEPRECATED in version 2.1 of spec
+	// 8.11: Artifact of Project Uniform Resource Identifier
+	// Cardinality: optional, one per AOP
+	URI string `json:"URI"`
+}
diff --git a/spdx/v2_3/other_license.go b/spdx/v2_3/other_license.go
new file mode 100644
index 0000000..363bb41
--- /dev/null
+++ b/spdx/v2_3/other_license.go
@@ -0,0 +1,31 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+// OtherLicense is an Other License Information section of an
+// SPDX Document for version 2.3 of the spec.
+type OtherLicense struct {
+	// 10.1: License Identifier: "LicenseRef-[idstring]"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseIdentifier string `json:"licenseId"`
+
+	// 10.2: Extracted Text
+	// Cardinality: conditional (mandatory, one) if there is a
+	//              License Identifier assigned
+	ExtractedText string `json:"extractedText"`
+
+	// 10.3: License Name: single line of text or "NOASSERTION"
+	// Cardinality: conditional (mandatory, one) if license is not
+	//              on SPDX License List
+	LicenseName string `json:"name,omitempty"`
+
+	// 10.4: License Cross Reference
+	// Cardinality: conditional (optional, one or many) if license
+	//              is not on SPDX License List
+	LicenseCrossReferences []string `json:"seeAlsos,omitempty"`
+
+	// 10.5: License Comment
+	// Cardinality: optional, one
+	LicenseComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_3/package.go b/spdx/v2_3/package.go
new file mode 100644
index 0000000..a382268
--- /dev/null
+++ b/spdx/v2_3/package.go
@@ -0,0 +1,151 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Package is a Package section of an SPDX Document for version 2.3 of the spec.
+type Package struct {
+	// NOT PART OF SPEC
+	// flag: does this "package" contain files that were in fact "unpackaged",
+	// e.g. included directly in the Document without being in a Package?
+	IsUnpackaged bool `json:"-"`
+
+	// 7.1: Package Name
+	// Cardinality: mandatory, one
+	PackageName string `json:"name"`
+
+	// 7.2: Package SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	PackageSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 7.3: Package Version
+	// Cardinality: optional, one
+	PackageVersion string `json:"versionInfo,omitempty"`
+
+	// 7.4: Package File Name
+	// Cardinality: optional, one
+	PackageFileName string `json:"packageFileName,omitempty"`
+
+	// 7.5: Package Supplier: may have single result for either Person or Organization,
+	//                        or NOASSERTION
+	// Cardinality: optional, one
+	PackageSupplier *common.Supplier `json:"supplier,omitempty"`
+
+	// 7.6: Package Originator: may have single result for either Person or Organization,
+	//                          or NOASSERTION
+	// Cardinality: optional, one
+	PackageOriginator *common.Originator `json:"originator,omitempty"`
+
+	// 7.7: Package Download Location
+	// Cardinality: mandatory, one
+	PackageDownloadLocation string `json:"downloadLocation"`
+
+	// 7.8: FilesAnalyzed
+	// Cardinality: optional, one; default value is "true" if omitted
+	FilesAnalyzed bool `json:"filesAnalyzed,omitempty"`
+	// NOT PART OF SPEC: did FilesAnalyzed tag appear?
+	IsFilesAnalyzedTagPresent bool `json:"-"`
+
+	// 7.9: Package Verification Code
+	// Cardinality: if FilesAnalyzed == true must be present, if FilesAnalyzed == false must be omitted
+	PackageVerificationCode *common.PackageVerificationCode `json:"packageVerificationCode,omitempty"`
+
+	// 7.10: Package Checksum: may have keys for SHA1, SHA256, MD5, SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32
+	// Cardinality: optional, one or many
+	PackageChecksums []common.Checksum `json:"checksums,omitempty"`
+
+	// 7.11: Package Home Page
+	// Cardinality: optional, one
+	PackageHomePage string `json:"homepage,omitempty"`
+
+	// 7.12: Source Information
+	// Cardinality: optional, one
+	PackageSourceInfo string `json:"sourceInfo,omitempty"`
+
+	// 7.13: Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one
+	PackageLicenseConcluded string `json:"licenseConcluded,omitempty"`
+
+	// 7.14: All Licenses Info from Files: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many if filesAnalyzed is true / omitted;
+	//              zero (must be omitted) if filesAnalyzed is false
+	PackageLicenseInfoFromFiles []string `json:"licenseInfoFromFiles,omitempty"`
+
+	// 7.15: Declared License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one
+	PackageLicenseDeclared string `json:"licenseDeclared,omitempty"`
+
+	// 7.16: Comments on License
+	// Cardinality: optional, one
+	PackageLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 7.17: Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	PackageCopyrightText string `json:"copyrightText"`
+
+	// 7.18: Package Summary Description
+	// Cardinality: optional, one
+	PackageSummary string `json:"summary,omitempty"`
+
+	// 7.19: Package Detailed Description
+	// Cardinality: optional, one
+	PackageDescription string `json:"description,omitempty"`
+
+	// 7.20: Package Comment
+	// Cardinality: optional, one
+	PackageComment string `json:"comment,omitempty"`
+
+	// 7.21: Package External Reference
+	// Cardinality: optional, one or many
+	PackageExternalReferences []*PackageExternalReference `json:"externalRefs,omitempty"`
+
+	// 7.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	// contained within PackageExternalReference2_1 struct, if present
+
+	// 7.23: Package Attribution Text
+	// Cardinality: optional, one or many
+	PackageAttributionTexts []string `json:"attributionTexts,omitempty"`
+
+	// 7.24: Primary Package Purpose
+	// Cardinality: optional, one or many
+	// Allowed values: APPLICATION, FRAMEWORK, LIBRARY, CONTAINER, OPERATING-SYSTEM, DEVICE, FIRMWARE, SOURCE, ARCHIVE, FILE, INSTALL, OTHER
+	PrimaryPackagePurpose string `json:"primaryPackagePurpose,omitempty"`
+
+	// 7.25: Release Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: optional, one
+	ReleaseDate string `json:"releaseDate,omitempty"`
+
+	// 7.26: Build Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: optional, one
+	BuiltDate string `json:"builtDate,omitempty"`
+
+	// 7.27: Valid Until Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: optional, one
+	ValidUntilDate string `json:"validUntilDate,omitempty"`
+
+	// Files contained in this Package
+	Files []*File `json:"files,omitempty"`
+
+	Annotations []Annotation `json:"annotations,omitempty"`
+}
+
+// PackageExternalReference is an External Reference to additional info
+// about a Package, as defined in section 7.21 in version 2.3 of the spec.
+type PackageExternalReference struct {
+	// category is "SECURITY", "PACKAGE-MANAGER" or "OTHER"
+	Category string `json:"referenceCategory"`
+
+	// type is an [idstring] as defined in Appendix VI;
+	// called RefType here due to "type" being a Golang keyword
+	RefType string `json:"referenceType"`
+
+	// locator is a unique string to access the package-specific
+	// info, metadata or content within the target location
+	Locator string `json:"referenceLocator"`
+
+	// 7.22: Package External Reference Comment
+	// Cardinality: conditional (optional, one) for each External Reference
+	ExternalRefComment string `json:"comment"`
+}
diff --git a/spdx/v2_3/relationship.go b/spdx/v2_3/relationship.go
new file mode 100644
index 0000000..af4c07d
--- /dev/null
+++ b/spdx/v2_3/relationship.go
@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Relationship is a Relationship section of an SPDX Document for
+// version 2.3 of the spec.
+type Relationship struct {
+
+	// 11.1: Relationship
+	// Cardinality: optional, one or more; one per Relationship
+	//              one mandatory for SPDX Document with multiple packages
+	// RefA and RefB are first and second item
+	// Relationship is type from 11.1.1
+	RefA         common.DocElementID `json:"spdxElementId"`
+	RefB         common.DocElementID `json:"relatedSpdxElement"`
+	Relationship string              `json:"relationshipType"`
+
+	// 11.2: Relationship Comment
+	// Cardinality: optional, one
+	RelationshipComment string `json:"comment,omitempty"`
+}
diff --git a/spdx/v2_3/review.go b/spdx/v2_3/review.go
new file mode 100644
index 0000000..0463807
--- /dev/null
+++ b/spdx/v2_3/review.go
@@ -0,0 +1,25 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+// Review is a Review section of an SPDX Document for version 2.3 of the spec.
+// DEPRECATED in version 2.0 of spec; retained here for compatibility.
+type Review struct {
+
+	// DEPRECATED in version 2.0 of spec
+	// 13.1: Reviewer
+	// Cardinality: optional, one
+	Reviewer string
+	// including AnnotatorType: one of "Person", "Organization" or "Tool"
+	ReviewerType string
+
+	// DEPRECATED in version 2.0 of spec
+	// 13.2: Review Date: YYYY-MM-DDThh:mm:ssZ
+	// Cardinality: conditional (mandatory, one) if there is a Reviewer
+	ReviewDate string
+
+	// DEPRECATED in version 2.0 of spec
+	// 13.3: Review Comment
+	// Cardinality: optional, one
+	ReviewComment string
+}
diff --git a/spdx/v2_3/snippet.go b/spdx/v2_3/snippet.go
new file mode 100644
index 0000000..240f8c8
--- /dev/null
+++ b/spdx/v2_3/snippet.go
@@ -0,0 +1,48 @@
+// SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+package v2_3
+
+import "github.com/spdx/tools-golang/spdx/common"
+
+// Snippet is a Snippet section of an SPDX Document for version 2.3 of the spec.
+type Snippet struct {
+
+	// 9.1: Snippet SPDX Identifier: "SPDXRef-[idstring]"
+	// Cardinality: mandatory, one
+	SnippetSPDXIdentifier common.ElementID `json:"SPDXID"`
+
+	// 9.2: Snippet from File SPDX Identifier
+	// Cardinality: mandatory, one
+	SnippetFromFileSPDXIdentifier common.ElementID `json:"snippetFromFile"`
+
+	// Ranges denotes the start/end byte offsets or line numbers that the snippet is relevant to
+	Ranges []common.SnippetRange `json:"ranges"`
+
+	// 9.5: Snippet Concluded License: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one
+	SnippetLicenseConcluded string `json:"licenseConcluded,omitempty"`
+
+	// 9.6: License Information in Snippet: SPDX License Expression, "NONE" or "NOASSERTION"
+	// Cardinality: optional, one or many
+	LicenseInfoInSnippet []string `json:"licenseInfoInSnippets,omitempty"`
+
+	// 9.7: Snippet Comments on License
+	// Cardinality: optional, one
+	SnippetLicenseComments string `json:"licenseComments,omitempty"`
+
+	// 9.8: Snippet Copyright Text: copyright notice(s) text, "NONE" or "NOASSERTION"
+	// Cardinality: mandatory, one
+	SnippetCopyrightText string `json:"copyrightText"`
+
+	// 9.9: Snippet Comment
+	// Cardinality: optional, one
+	SnippetComment string `json:"comment,omitempty"`
+
+	// 9.10: Snippet Name
+	// Cardinality: optional, one
+	SnippetName string `json:"name,omitempty"`
+
+	// 9.11: Snippet Attribution Text
+	// Cardinality: optional, one or many
+	SnippetAttributionTexts []string `json:"-"`
+}