Thomas Steenbergen
Thomas Steenbergen
See https://github.com/spdx/spdx-spec/issues/439#issuecomment-656055242 having `DEPENDENCY_OF` and `DEPENDS_ON` is confusing users. As new `DEPENDENCY_OF` is more expressive and easier to understand I propose we remove DEPENDS_ON` in SPDX 3.0 and amend `DEPENDENCY_OF`...
Package Home Page can have values an URI, NONE or NOASSERTION but the cardinality of the field is optional, one. Having NONE as an option could be omitted as the...
This issue proposes to add optional `licenseDeclaredText` field to allow exchanging declared license stings as found in package manifest (pom.xml, package.json). Motivation: - Enables package manager to communicate declared license...
Several SPDX elements require string parsing to get the value specified by its creator see code examples below. In SPDX 3.0 we should simplify things and remove the need to...
Proposal from @iamwillbar and @tsteenbe to add two new relationships: * DOCUMENT_ROOT_OF to describe the relationship from document to the “root package” to describe the deliverable. Motivation: This relationship allows...
Adding `directory` will enable [perspective](https://github.com/finos/perspective) users to use to license/security compliance tool such [ORT](https://github.com/oss-review-toolkit/ort) to verify included FOSS licenses, generated [SBOMs](https://en.wikipedia.org/wiki/Software_supply_chain) and create a source code bundle. [packages/perspective-cli/package.json#L18-L21](https://github.com/finos/perspective/blob/f33257ae8d1a0dfa0a30d5387cd51676ccf1b502/packages/perspective-cli/package.json#L18-L21) ``` "repository":...
This pull request contains a significant changes to how ORT's WebApp (template) is generated and upgrade all dependencies to the latest available versions. After @mennaElnemr9 created https://github.com/oss-review-toolkit/ort/pull/6598 and https://github.com/oss-review-toolkit/ort/pull/6552 I...
Not all package managers have scopes such as Python where its `requirements.txt` is basically a flat list of dependencies. What if in https://github.com/heremaps/xyz-spaces-python/blob/master/requirements.txt the developer was to exclude [geopandas](https://geopandas.org/) as...
The WebApp report currently show the declared and detected licenses in Summary tab it would be more useful if it showed the effective licenses in the summary e.g. license that...
Currenly ORT only supports checking if a Maven package is modified by comparing hashes - this is useful feature to discover if say an R&D team has taken an FOSS...