Open jkowalleck opened 8 months ago
The license text feature was removed from the code, to ease the way to v1.0/MVP. With the v1.0 release candidate being public for some time now, i do not expect any internal refactoring or changes soon. This means, the implementation is ready to be extended.
@AugustusKling, are you still interested in working on a license text gathering for component evidences?
@jkowalleck I'm still willing to provide code to add the license gathering. That said, I'm somewhat occupied these days so I don't know when this will happen.
So far I didn't even find time to go through your changes to the implementation nor to try it out to provide feedback.
A similar feature was added to the webpack plugin see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1309 see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1312
caused by #22
similar to
Is your feature request related to a problem? Please describe.
For legal documentation, we need the original text of the licenses of components.
Describe the solution you'd like
An option to enable integration of the license-text in the BOM file, like the old
@cyclonedx/bom
package had, would be great to have again here.read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence
Acceptance criteria
--gather-license-evidence
(name to be discussed)@.evicence.licenses
@.name
would be 'License of@.text
would hold the testLICEN[CS]E*
NOTICE*
-- addendum for Apache-2.0 and othersReason: license templates (like BSD clause 3) are designed to be modified (unlike others, like Apache2, which is not a template but a complete text)