Originally posted by **yan09test01** August 9, 2024
Thank you for making a tool for checking sbom quality.
I'm asking because "comp_valid_licenses" is strange while using it.
If I enter a value defined in the SPDX licenses in the license id, the score does not come out, and if I enter an undefined value, the score goes up. Can you check it?
Thank you.
Basically as on adding wrong license to every components the score increases accordingly. And it didn't score for valid license. But it gives a score for invalid license.
riteshnoronha
commented
2 months ago
Discussed in https://github.com/interlynk-io/sbomqs/discussions/309
Basically as on adding wrong license to every components the score increases accordingly. And it didn't score for valid license. But it gives a score for invalid license.