mvdkleijn/licenses
mvdkleijn/licenses
1
0
Fork 0
Code Issues Projects Releases 4 Wiki Activity
Simple program that dumps some license data from a CycloneDX type SBOM into a templated file. https://github.com/mvdkleijn/licenses
15 commits 1 branch 4 tags 84 KiB
  • Go 100%
Find a file
Exact
dependabot[bot] 895fb24e0d chore(deps): bump actions/checkout from 5 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-01-29 11:46:19 +01:00
.github chore(deps): bump actions/checkout from 5 to 6 2026-01-29 11:46:19 +01:00
.gitignore Add basic license compatibility validation 2025-01-13 14:53:11 +01:00
.goreleaser.yml ci: update .goreleaser.yml 2024-10-09 10:06:26 +02:00
compatibility.yaml Add EUPL-1.2 as allowed for EUPL-1.2 2025-04-02 10:25:20 +02:00
go.mod Add basic license compatibility validation 2025-01-13 14:53:11 +01:00
go.sum Add basic license compatibility validation 2025-01-13 14:53:11 +01:00
LICENSE Initial commit 2024-10-02 11:52:06 +02:00
main.go Add basic license compatibility validation 2025-01-13 14:53:11 +01:00
README.md Add basic license compatibility validation 2025-01-13 14:53:11 +01:00
template.txt Initial commit 2024-10-02 11:52:06 +02:00

README.md

Licenses

Simple program that extracts some license data from a CycloneDX type SBOM, in JSON format.

This is then output to a file based on a template. Default template included in the box.

Optionally, using the --validate command line option, this program can make a simplistic judgement on whether the licenses of dependencies are compatible with the main application license. This is done using the compatibility.yaml source file which also lists the relevant disclaimer and reasons for (in)compatibility.

Note: this helper program does not do any scanning, it just ingests an SBOM.

Why?

So why create this? Simple, I was required to provide a simple, human-readable file about third-party licenses for another project. Most tools I found were too cumbersome, buggy, complex, etc. Since I already had a CycloneDX style SBOM, why not re-use...

Disclaimer

Licensing compatibility can be nuanced, especially for combined or derivative works. Always refer to the official license texts, their appendices (if any), and make use of additional legal guidance to ensure youre applying compatibility rules correctly.

This piece of software does its best to be accurrate but gives no guarantees nor warranties of any kind.

Licensing

This software is made available under the MPL-2.0 license. The full details are available from the LICENSE file.

Copyright (C) 2024-2025 Martijn van der Kleijn