Sebastian Schuberth
Sebastian Schuberth
@oscarvalenzuelab's https://github.com/oscarvalenzuelab/semantic-copycat-oslili looks promising, but like ScanCode it's implemented in Python... maybe try using it programmatically via https://github.com/oracle/graalpython to avoid the dependency on a Python runtime provided by the host.
Please have a look at the individual commit messages for the details.
As noted by @willebra, in order to make a PDF documented as generated by the reporter "auditable", we should ideally sign it. So we could extend the PDF reporter to...
Please have a look at the individual commit messages for the details.
See https://github.com/nokia/SBOM-QA, thanks to @willebra for making me aware of this. - [x] Clarify on the [wrong option syntax](https://github.com/nokia/SBOM-QA/blob/main/DOC/SBOM-QA_Test.md#4-ort) for creating SPDX-2.3 documents. Done: https://github.com/nokia/SBOM-QA/issues/17 - [ ] Investigate "which...
Similar to [FOSSA's badge](https://app.fossa.com/projects/git%2Bgithub.com%2Fjdrouet%2Fgit-metrics?ref=badge_large) for projects like [this](https://github.com/jdrouet/git-metrics?tab=readme-ov-file#license), we could create a reporter that writes out an image / SVG with minimal compliance status information as a badge, to include...
For any place where curation data is displayed (like internal reports), it would be valuable to know the name of the provider where a curation comes from (e.g. for debugging,...
Please have a look at the individual commit messages for the details.
Please have a look at the individual commit messages for the details.
The string "LICENSE.txt" is not a declared license, and the contents of "LICENSE.txt" would be scanned by the scanner, so map it to NONE here. Seen in https://github.com/Knio/dominate/blob/2.3.1/setup.py#L46. Signed-off-by: Sebastian...