Thomas Steenbergen
Thomas Steenbergen
Enabling generation of CycloneDX 1.6 SBOMs will be useful for license compliance as 1.6 supports both concluded and declared licenses. We should make a decision on which SBOM spec version...
In the machine learning community Python and Conda are often used together so it would be nice if python-inspector supports it - also it would enable ORT to close https://github.com/oss-review-toolkit/ort/pull/3492.
I would be useful to have a way to see the outputs produced of various SBOM tool so we can: - Compare accuracy (breadth of detection or completeness / fidelity...
Propose to work on a simplified SPDX JSON serialization to make adoption easier open source community. Idea is to make a trade off increase simplicity by reducing feature set.
CycloneDX has added commercial license support in its v1.5 version, which enables users to document the license, licensee, licensor, license number, license type, purchase order, renewal date, and expiration date...
One of the major issues that comes up a lot as a shortcoming of SPDX 2.x is that it's not possible associate copyright holders to licenses. A simple fix would...
Package configurations created with `orth package-configuration create` do not filter out paths outside of the path specified by a VCS curation for the same package. ### To Reproduce Steps to...
ORT's LicenseResolver does not seem to be capable of resolving of SPDX expression where left and right side of an AND are the same  ### To Reproduce This [license-choice-bug.zip](https://github.com/oss-review-toolkit/ort/files/15475849/license-choice-bug.zip)...
**Use Case** Users of [ORT for GitLab](https://github.com/oss-review-toolkit/ort-gitlab-ci/) would like to use their own local configuration but also combine it with [oss-review-toolkit/ort-config](https://github.com/oss-review-toolkit/ort-config). For example, a user wants to keep curations and...
The [annotations-2.0.0.jar file](https://repo1.maven.org/maven2/com/google/code/findbugs/annotations/2.0.0/annotations-2.0.0.jar) of Maven:com.google.code.findbugs:annotations contains other packages besides the source code found in the findbugs/src/java5/edu/umd/cs/findbugs/annotations within https://github.com/findbugsproject/findbugs.git. ``` . ├── META-INF │ └── MANIFEST.MF ├── edu │ └── umd...