rules_license icon indicating copy to clipboard operation
rules_license copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

Populate third party license meta data

Open mering opened this issue 1 year ago • 2 comments

Is it possible to extend the aspect such that third party license information would be automatically populated?

For example pip_parse should expose the Python license meta information (setup.py license=, pyproject.toml license=](https://python-poetry.org/docs/pyproject/#license), [License ::` classifier).

mering avatar Sep 11 '23 08:09 mering

The aspect can only see what is visible in BUILD files. So we need pip_parse to splice it into the BUILD files or for a tool which merges in data form requirements_lock.txt.

The former is more useful, but the latter is easier to get done. For Bazel itself, we are using the maven lock file to add package metadata while building an SBOM. I would have preferred to enhance rules_jvm_external to do the right thing, but there were some difficulties with that.

aiuto avatar Oct 17 '23 01:10 aiuto

I think it makes sense to use the same mechanism among different package ecosystems. Could you give more insights about how/where it is solved for Maven lock files? And also where the difficulties are in enhancing rules_jvm_external (in order to prepare for similar problems in rules_python or other package ecosystems)?

mering avatar Oct 17 '23 09:10 mering