-
-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add complete License-Text to SBOM result #33
Comments
The license text feature was removed from the code, to ease the way to v1.0/MVP. @AugustusKling, are you still interested in working on a license text gathering for component evidences? |
@jkowalleck I'm still willing to provide code to add the license gathering. That said, I'm somewhat occupied these days so I don't know when this will happen. So far I didn't even find time to go through your changes to the implementation nor to try it out to provide feedback. |
A similar feature was added to the webpack plugin |
Signed-off-by: Augustus Kling <[email protected]>
fixes #33 --------- Signed-off-by: Augustus Kling <[email protected]> Signed-off-by: Jan Kowalleck <[email protected]> Co-authored-by: Jan Kowalleck <[email protected]>
this feature was released via v1.1.0 |
caused by #22
similar to
Is your feature request related to a problem? Please describe.
For legal documentation, we need the original text of the licenses of components.
Describe the solution you'd like
An option to enable integration of the license-text in the BOM file, like the old
@cyclonedx/bom
package had, would be great to have again here.read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence
Acceptance criteria
--gather-license-evidence
(name to be discussed)regardless of SPDX license ID, SPDX license expression or named license, the deteced license texts should be added, each as an evidence
Examples:
@.evicence.licenses
@.name
would be 'License of : '@.text
would hold the testLICEN[CS]E*
NOTICE*
-- addendum for Apache-2.0 and othersNope, no license template is derived from package's declared SPDX license id.
Reason: license templates (like BSD clause 3) are designed to be modified (unlike others, like Apache2, which is not a template but a complete text)
The text was updated successfully, but these errors were encountered: