Can retire generate cyclonedx SBOM with license of library

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

Other

3.6k stars 412 forks source link

Can retire generate cyclonedx SBOM with license of library #408

Open rashmimehta300 opened 1 year ago

rashmimehta300 commented 1 year ago

Is your feature request related to a problem? Please describe. When creating cyclonedx SBOM retire do not have license information

Describe the solution you'd like Can we have a feature where retire can create sbom with license information of artifact as well

eoftedal commented 1 year ago

At this point this is not included and I’m not sure it’s something I want to maintain over time. However if someone wants to contribute license info to jsrepository.json, I would be happy to adjust the code. Licenses may be changed across versions, so adding a single license for a library is likely not enough.