You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Keep in mind that compositions are the only way of saying that something is complete. Our build implementations do not produce compositions nor should they. Its really up to the end user org to attest if the BOM is complete or not and add the corresponding composition if it is.
Also note, that licenses go in two places. 1) the declared license for the component goes into component/licenses and all the evidence of copyrights and licenses for the entirety of the component goes into component/evidence
based on #675 (reply in thread)
similar to CycloneDX/cyclonedx-node-npm#256
Is your feature request related to a problem? Please describe.
For legal documentation, I need the original text of the licenses of components.
Describe the solution you'd like
An option to enable integration of the license-text in the BOM result.
@stevespringett mentioned:
read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence
🔍
result of my research:
The text was updated successfully, but these errors were encountered: