-
Is there any way to ignore transitive dependencies in the SBOM scan and include direct dependencies only?
In spdx there is a way to ignore the transitive dependencies in plugin configuration. is ther…
-
# Handle
leastwood
# Vulnerability details
## Impact
There are several contracts missing SPDX identifiers which correctly license the contract for open source development:
`MISOAccessFactory.sol`…
-
I'd like to be able to generate my KBOM in SPDX format.
-
This would be a merge to combine two SPDX documents without losing any of the license information. An example use case: A SPDX document including human input is already created, but a new document is…
-
**Describe the bug**
The SPDX files generated by vcpkg are not compliant; many fields cannot be validated by SPDX parsers, such as [`spdx-tools`](https://pypi.org/project/spdx-tools/).
- [From …
-
Currently Ghidra uses full license text in all files, while a lof ot FOSS and proprietary software standardized the license and copyright information in the form of more succinct [SPDX](https://spdx.o…
-
See discussion here: https://lists.spdx.org/g/Spdx-legal/topic/105846418#msg3552
TL;DR - EUPL-1.1 and EUPL-1.2 have a default position of "or any later version" and if one wants to limit to that ve…
-
* Update from swinslow/spdx-go to spdx/tools-golang
* Review mandatory SPDX document fields, report on it and implement those as the essentials of the generated document
-
All source code files require the following license header (with commenting syntax adapted to the file's language):
```java
/* Copyright 2022 Contributors to the Parsec project.
* SPDX-License-Ide…
-
The copyright headers in our repository do not contain Software Package Data Exchange (SPDX) identifiers, which is required by the [Eclipse Foundation Project Handbook](https://www.eclipse.org/project…