-
I have dependency-review setup to deny a whole slew of licenses:
```
fail-on-severity: high
comment-summary-in-pr: never
warn-only: true
license-check: true
deny-licenses:
- Abstyles
- …
-
Right now, syft isnt putting the top level package as SPDX objects
I think for now we can add a [PURL OCI reference type](https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst#oci) b…
-
### What happened?
I attempted to build the program after removing code licensed under SEL, in particular the snippet here: https://github.com/stalwartlabs/mail-server/blob/main/crates/directory/src/…
-
### Description
number. Of items processed is zero even though there are scanoss results in a upload.
it will confuse fossology users as most of them will look in to processed item count…
-
For 3.0.1:
1. a: https://spdx.org/rdf/3.0.1/spdx-model.ttl -> b: https://spdx.github.io/spdx-spec/v3.0.1/rdf/spdx-model.ttl
2. a: https://spdx.org/rdf/3.0.1/spdx-context.jsonld -> b: https://spdx.…
bact updated
2 months ago
-
Some software projects are dually or multiply licensed. This is something that we should probably support, perhaps via [expressions](https://spdx.github.io/spdx-spec/SPDX-license-expressions/)?
Ano…
-
An issue was discussed about new versions having entirely new sets of identifiers during the implementors call and it would be great to get something at least written up how users should deal with thi…
-
**Describe the bug**
With the Helics image surfactant currently fails to generate an output in the SPDX format.
**To Reproduce**
Steps to reproduce the behavior:
1. Install latest main of surfac…
-
**Describe the bug**
From https://arm-software.github.io/acle/neon_intrinsics/advsimd.html#vector-shift-left-and-widen, each neon vector shift left and widen intrinsic has a variant with `n =…
-
The Lite profile requires `specVersion` to be a fixed string, "3.0.1".
But I remember Gary saying that all CreationInfo instances in an SPDX document must share the same `specVersion`, not just in …
ilans updated
12 hours ago