search

fsfe / reuse-tool

reuse is a tool for compliance with the REUSE recommendations.
https://reuse.software
393 stars 147 forks source link

Script documentation: read SPDX SBOM and apply addheader #533

Open mxmehl opened 2 years ago

mxmehl commented 2 years ago

We could document how one can use a SPDX SBOM, e.g. produced by FOSSology or another tool, and use this as a basis to add REUSE information to the covered file.

As modern SBOMs are often JSON, it should be scriptable in a few lines. reuse addheader could be called for every listed file (with --skip-unrecognised to avoid the process to halt) that has at least licensing or copyright information available.

This would not replace sane manual intervention for when an entry in .reuse/dep5 would make more sense, but is a start.

@nicorikken, as REUSE scripts master, perhaps something you would like to work on?

nicorikken commented 2 years ago

Certainly, I would be helped by having some example outputs to work with. And then I can unleash my Jq and Bash powers :wink:

mxmehl commented 2 years ago

Very simple examples are here. How about you ask on the REUSE mailing list for examples for SBOM files?