-
### Description
Copyright findings by Scancode are visualized in the WebUI but it seems that they are not output anywhere: if one exports ReadmeOSS or SPDX reports, or if one uses the `/upl…
-
Here I want to try to find a complete and correct algorithm to identify the **direct** dependencies of some package element.
**Assumptions:**
* we are within some SPDX data, e.g. the result of par…
-
Jael Castro reported a few issues:
- Codemeta namespace is not used (double check)
- build instructions is not correctly identified.
-
The website reorganization is summarized as:
* The main static pages for the SPDX website are now hosted at https://spdx.dev
* The dynamically-generated content for the license list and RDF defini…
-
It seems that some of the alpine packages have the license definition wrong in the APKINDEX database. Some are correct some not, for example musl-utils has an invalid identifier:
```
C:Q16oHBreKeA…
-
Sbomqs is currently not validating the sbom against the official schema for cyclonedx or spdx. This validation should be added to give a better picture of the sbom.
reference: https://github.com/D…
-
**Describe the bug**
The source text from https://github.com/ARM-software/acle/blob/996abdbcbf2e3f9e10e12f041a398df8ef985da7/main/acle.md?plain=1#L2511 is not rendered correctly in the generate…
-
From @egorpugin:
```
// SPDX-License-Identifier: Apache-2.0
```
https://spdx.org/licenses/
Linux uses them already.
https://github.com/torvalds/linux/blob/master/arch/x86/kernel/cpuid.c#L1
-
### Description
I have used the openSUSE OBS to RPM build the GNU "hello world" example. Using this RPM as my input, I would like to create an SBOM for it. When I go to verify the SBOM, then it…
-
I've found an issue that occurs only in epel-release-9-2.el9.noarch.rpm in the range of AlmaLinux 9.2 and later packages.
```
$ python alma_sbom.py --rpm-package epel-release-9-2.el9.noarch.rpm --…