reuse-tool icon indicating copy to clipboard operation
reuse-tool copied to clipboard
verified publisher icon fsfe

Script documentation: read SPDX SBOM and apply addheader

Open mxmehl opened this issue 3 years ago • 3 comments

We could document how one can use a SPDX SBOM, e.g. produced by FOSSology or another tool, and use this as a basis to add REUSE information to the covered file.

As modern SBOMs are often JSON, it should be scriptable in a few lines. reuse addheader could be called for every listed file (with --skip-unrecognised to avoid the process to halt) that has at least licensing or copyright information available.

This would not replace sane manual intervention for when an entry in .reuse/dep5 would make more sense, but is a start.

@nicorikken, as REUSE scripts master, perhaps something you would like to work on?

mxmehl avatar Jun 01 '22 13:06 mxmehl

Certainly, I would be helped by having some example outputs to work with. And then I can unleash my Jq and Bash powers :wink:

nicorikken avatar Jun 11 '22 15:06 nicorikken

Very simple examples are here. How about you ask on the REUSE mailing list for examples for SBOM files?

mxmehl avatar Jul 26 '22 12:07 mxmehl