CycloneDX / cyclonedx-node-yarn

Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.
Apache License 2.0
19 stars 5 forks source link

feat: Add complete License-Text to SBOM result #33

Open jkowalleck opened 8 months ago

jkowalleck commented 8 months ago

caused by #22

similar to


Is your feature request related to a problem? Please describe.

For legal documentation, we need the original text of the licenses of components.

Describe the solution you'd like

An option to enable integration of the license-text in the BOM file, like the old @cyclonedx/bom package had, would be great to have again here.


read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence

Acceptance criteria

jkowalleck commented 5 months ago

The license text feature was removed from the code, to ease the way to v1.0/MVP. With the v1.0 release candidate being public for some time now, i do not expect any internal refactoring or changes soon. This means, the implementation is ready to be extended.

@AugustusKling, are you still interested in working on a license text gathering for component evidences?

AugustusKling commented 5 months ago

@jkowalleck I'm still willing to provide code to add the license gathering. That said, I'm somewhat occupied these days so I don't know when this will happen.

So far I didn't even find time to go through your changes to the implementation nor to try it out to provide feedback.

jkowalleck commented 1 month ago

A similar feature was added to the webpack plugin see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1309 see https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1312