rules_license icon indicating copy to clipboard operation
rules_license copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

SPDX formatted BOM

Open mnil opened this issue 2 years ago • 3 comments

I couldn't find any issue tracking this but please enlighten me if that is the case. Has there been any thoughts on creating a tool for gathering the license info and creating a BOM in the SPDX format? I am no expert, but to me it looks like the .json produced by the license_used() rule is not in the SPDX format.

Would that be in the scope of this library or something that users should be responsible for?

mnil avatar Sep 21 '22 07:09 mnil

Tools for this will appear this quarter.

aiuto avatar Oct 24 '23 07:10 aiuto

Great to hear! Fantastic library so far!

mnil avatar Oct 24 '23 17:10 mnil

@aiuto Can this new tools be used to create SBOM for the OCI image? We need bazel way to generate SBOM for attest rule.

farcop avatar Nov 26 '23 10:11 farcop