Wayne Beaton
Wayne Beaton
The generated SBOM includes information from the `.git` folder. Likewise, it would be good to have it ignore the contents of NPM `node_modules` directories and Maven `/target/` directories. AFAICT, there's...
Moved from https://github.com/spdx/LicenseListPublisher/issues/132 I'm approaching this from the perspective of trying to make a best guess determination of the SPDX License Identifier from the results of `scancode-toolkit`. In the absence...
Many of the source files include this text at the very top of the file, as part of the copyright and license header: > JBoss, Home of Professional Open Source...
For the contents of the `Bundle-License` header, the [specification](https://docs.osgi.org/specification/osgi.core/8.0.0/framework.module.html) states (in part) that... > This identifier should be one of the identifiers defined by [[25] Software Package Data Exchange (SPDX)...
As we work through the trademark process, we're called upon to provide certain exhibits demonstrating use. In order to strengthen/defend our claim for the Jakarta EE Compatibility Logo trademark, we'd...
My first thought is to move this to our GitLab instance, but I think that would be too big of a change for our adopters and I assume that it...
[Conan](https://conan.io/) is used by at least some Eclipse project teams. AFAICT, Conan has a means of generating a dependency graph output (`conan graph info`) that we can theoretically parse to...
The documentation needs to be updated to include an example of reading a `go.sum` file.
Let's make the core artifact into an OSGi bundle.
When a ClearlyDefined API query fails, we need to respond more gracefully. Right now, the tool logs an error and moves on. This could potentially result in the tool erroneously...