scancode-toolkit
scancode-toolkit copied to clipboard
nexB
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
## Short Description OpenChain Telco SBOM Guide is available at https://openchainproject.org/news/2024/09/10/nokia-contributes-validator-for-the-openchain-telco-sbom-guide To make it conformant, the following information should be added. Currently, we have (in tag:value): ``` Creator: Tool: scancode-toolkit...
### Description I am currently trying to understand some performance issues inside my own wrapper of SCTK which seems to be limited to the wrapper, but somehow originates from `licensedcode.cache`....
A recent scan of the OpenSearch source package available from https://github.com/opensearch-project/OpenSearch/archive/refs/tags/2.16.0.tar.gz returned the overall license of apache-2.0 correctly, but it incorrectly reports finding mongodb-sspl-1.0 in the README.md file, probably because...
### Description I am scanning a textual version of https://licenses.nuget.org/BSD-3-Clause and I'm getting a proprietary-license hit! ### How To Reproduce Scan Text File: ``` BSD 3-Clause "New" or "Revised" License...
We should design a way to reuse a package context (with its declared, top level licensing) to inform the resolution of mildly ambiguous license and unknown references found in the...
For instance https://files.pythonhosted.org/packages/c9/5e/dc6acaf46d78979d6b03458b7a1618a68e152a6776fce95daac5e0f0301b/psycopg2-2.9.9.tar.gz has an ambiguous license in its manifest, but it has a proper license file in it PKG-INFO. We should report the correct referenced license: Extracted license statement...
For instance https://files.pythonhosted.org/packages/c9/5e/dc6acaf46d78979d6b03458b7a1618a68e152a6776fce95daac5e0f0301b/psycopg2-2.9.9.tar.gz has an ambiguous license in its manifest, but it has a proper license file in it PKG-INFO. We should report the correct referenced license: Extracted license statement...
Consider the following text: ``` SPDX-License-Identifier: (GPL-2.0+ OR BSD) ``` Here `BSD` is not a valid license expression and even adding a rule is insufficient because the `SPDX-License-Identifier` based detection...
With: ``` (c) 1999 Terrehon Bowden Bodo Bauer ``` we get ``` copyrights: - copyright: (c) 1999 Terrehon Bowden Bodo Bauer holders: - holder: Terrehon Bowden Bodo Bauer ``` ideally...
In a recent scan of the Package available at https://github.com/facebook/sapling/archive/refs/tags/0.2.20240718-145624+f4e9df48.tar.gz multiple detections of gpl-1.0-plus were reported with insufficient evidence for that. Here is an example as presented in DejaCode: ```...