license-scanner
license-scanner copied to clipboard
CycloneDX
Utility that provides an API and CLI to identify licenses and legal terms
Bumps [golang.org/x/text](https://github.com/golang/text) from 0.3.7 to 0.3.8. Commits 434eadc language: reject excessively large Accept-Language strings 23407e7 go.mod: ignore cyclic dependency for tagging b18d3dd secure/precis: replace bytes.Compare with bytes.Equal 795e854 all: replace...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
I see a CLI parameter `--dir` which might cause the tool to scan for licenses in a certain directory. I expect the tool traverse also all subdirectories in that directories....
License struct was defined locally in the license scanner when the project was not open. Now, since its open source, cleaning up local definitions and rely on the cyclonedx go...
Many packages do not have the full license in the package and might just have the name of the license(s). LicenseScanner should still be able to pick these up. Sometimes...
This is complex and may well take time to flesh out and I will keep tweaking it as I keep thinking of things. Our understanding is that LS can also...
I would like to call the tool from another process and parse the output. Here are my requirements: * only machine-readable output on STDOUT * no unexpected output on STDOUT...
For CI/CD, we'd like a better ability to test for an expected license. TBD how much of this needs to change license-scanner vs. just evaluating the result in the caller....
**Issue:** license-scanner does not inform if there is a mismatch of licenses, it only returns the list of licenses. **Discussion:** CI/CD implementation would benefit form license comparisons. **Recommendation:** Implement a...
It is a more-and-more popular convention to use the reserved keyname for declaring SPDX license IDs i.e., "SPDX-License-Identifier:" typically placed at the top of source files. The scanner must be...
