cyclonedx-php-composer icon indicating copy to clipboard operation
cyclonedx-php-composer copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

gather license evidence

Open jkowalleck opened this issue 1 year ago • 0 comments

Is your feature request related to a problem? Please describe.

packages manifests may declare package licenses. some license declarations are no final license texts, but templates - like "MIT". Therefore, it is required to collect license evidences from packages. a first step would be: colect relevant files.

Describe the solution you'd like

add a CLI flag --gather-license-evicences or something, and collect relevant license files.

see similar implementations:

  • https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/676 & https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/1321

Describe alternatives you've considered

Additional context

composer manifests dont have a field for relevant files.so gathering the files manually would be required.

license evidences are to be not confused with declared or concluded licenses!

jkowalleck avatar Dec 01 '24 11:12 jkowalleck