-
The java tools only lists the first issue it comes across when there is a validation error, even if multiple issues exist. Suggest to list all the validation errors at once. The python tools validatio…
-
This comes from the discussion on [PR to integrate new ScanCode](https://github.com/clearlydefined/service/pull/1056), specifically on the [license differences](https://github.com/clearlydefined/servi…
-
Simple license expression (SpdxSimpleLicenseExpressionV2) is a structure with multiple fields.
Where a complex license expression (SpdxComplexLicenseExpressionV2) is just a string. It would be mor…
-
is here where we need fill in the License tag ?
```
Using detector: trivy
Traceback (most recent call last):
File "/usr/bin/go_vendor_license", line 8, in
sys.exit(main())
^^^^^^
File "/usr…
-
The fix for issue #54 unconditionally places an `OR` operator between all detected licenses from a `pom.xml` file, however there are cases where there is indeed ambiguity and the Maven conjunction rul…
-
The documentation for the SPDX License List states:
> "When a license identifier is "deprecated" on the SPDX License List, it effectively means that there is an updated license identifier and the dep…
-
**What happened**:
For the following package, the licenseDeclared is not as per the SPDX license list https://spdx.org/licenses/
```
{
"name": "libbsd",
"SPDXID": …
-
The accuracy of license IDs and expressions reported by tools might be limited based on the detection methods used. Attributes like confidence and concludedValue could help with explainability and rea…
-
## Short Description
Currently we do not populate the copyright fields for a package instance from it's `key files`, yet! . Populating the package attributes correctly from their key files/othe…
-
Clearing decisions should allow for an adequately detailed identification of the licensing, i.e. not just a list of the applicable licenses but a full expression of their identities and relationship, …