Gary O'Neall
Gary O'Neall
Here's a [pointer to the code that implements the parameter](https://github.com/spdx/spdx-maven-plugin/blob/fbada9e27fbbec6024ce48166cf3c85906d59b18/src/main/java/org/spdx/maven/CreateSpdxMojo.java#L906) - let me know if this works for you.
> Mhh.. I do not understand how to add any configuration parameter for a dependency/package. Ahh - now I understand the issue - you are trying to define the license...
@jaudriga - thanks for the additional analysis. For the additional cases you mentioned above, do you see any reliable means of determining the license from the POM files? If so,...
@hboutemy - let us know if there is anything we can do as a workaround or enhancement to the plugin to get similar results as Maven Central on the dependency...
@jaudriga - https://github.com/spdx/spdx-maven-plugin/pull/181 introduces a way of overriding licenses for dependencies. Let me know if this resolves this issue.
Suggestion is to add to the https://github.com/spdx/spdx-spec/blob/development/v3.0.1/docs/serializations.md page. We can move this to 3.1 to allow for more time to discuss.
I'll have to double check, but I think this is an order to the messages. The first message is where the match logic actually failed after exhausting all possible variable...
How about we add a parameter `sbomType` with the following options: - `source` - a source only SBOM - `build` - a build only SBOM - `consolidated` - (default) both...
It looks like it would be much easier to just have 3 options: - build - consolidated - source We could add the "both" or "separate" option later if there...
@joerg1985 Excellent point - I'll add a PR with the 3 options build, consolidated, source.