Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FEAT: Option to add license text to BOM output #676

Open
jkowalleck opened this issue Feb 28, 2023 · 0 comments
Open

FEAT: Option to add license text to BOM output #676

jkowalleck opened this issue Feb 28, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@jkowalleck
Copy link
Member

jkowalleck commented Feb 28, 2023
edited

based on #675 (reply in thread)
similar to CycloneDX/cyclonedx-node-npm#256

Is your feature request related to a problem? Please describe.

For legal documentation, I need the original text of the licenses of components.

Describe the solution you'd like

An option to enable integration of the license-text in the BOM result.

@stevespringett mentioned:

Keep in mind that compositions are the only way of saying that something is complete. Our build implementations do not produce compositions nor should they. Its really up to the end user org to attest if the BOM is complete or not and add the corresponding composition if it is.
Also note, that licenses go in two places. 1) the declared license for the component goes into component/licenses and all the evidence of copyrights and licenses for the entirety of the component goes into component/evidence

read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence

🔍
result of my research:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jkowalleck