ci: Copyright + SPDX license header checker

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.

https://cve-bin-tool.readthedocs.io/en/latest/

GNU General Public License v3.0

1.14k stars 444 forks source link

ci: Copyright + SPDX license header checker #4219

Open terriko opened 5 days ago

terriko commented 5 days ago

I'd like to add a linter that looks for missing spdx license/copyright headers at the top of new files. I've got a lead on one that should work, just waiting on some more info, so I'm setting up this issue so I don't forget.

terriko commented 5 days ago

The one recommended to me is https://github.com/enarx/spdx

anthonyharrison commented 20 hours ago

One of my SBOM utilities sbom4files will extract the licence and copyright information for each file in a directory.