https://github.com/mvdkleijn/licenses

Simple program that dumps some license data from a CycloneDX type SBOM into a templated file.
https://github.com/mvdkleijn/licenses

license license-management licenses licenses-consumption licenses-simplified

Last synced: 5 months ago
JSON representation

Simple program that dumps some license data from a CycloneDX type SBOM into a templated file.

• Host: GitHub
• URL: https://github.com/mvdkleijn/licenses
• Owner: mvdkleijn
• License: mpl-2.0
• Created: 2024-10-02T09:53:26.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-01-13T13:56:45.000Z (5 months ago)
• Last Synced: 2025-01-13T14:49:16.835Z (5 months ago)
• Topics: license, license-management, licenses, licenses-consumption, licenses-simplified
• Language: Go
• Homepage: https://github.com/mvdkleijn/licenses
• Size: 16.6 KB
• Stars: 2
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
# Licenses

Simple program that extracts some license data from a CycloneDX type SBOM,

in JSON format.

This is then output to a file based on a template. Default template included in

the box.

Optionally, using the --validate command line option, this program can make a

simplistic judgement on whether the licenses of dependencies are compatible with

the main application license. This is done using the compatibility.yaml source file

which also lists the relevant disclaimer and reasons for (in)compatibility.

**Note:** this helper program does *not* do any scanning, it just ingests an SBOM.

## Why?

So why create this? Simple, I was required to provide a simple, human-readable

file about third-party licenses for another project. Most tools I found were too

cumbersome, buggy, complex, etc. Since I already had a CycloneDX style SBOM, why

not re-use...

## Disclaimer

Licensing compatibility can be nuanced, especially for combined or derivative works.

Always refer to the official license texts, their appendices (if any), and make use of

additional legal guidance to ensure you’re applying compatibility rules correctly.

This piece of software does its best to be accurrate but gives no guarantees nor

warranties of any kind.

## Licensing

This software is made available under the [MPL-2.0](https://choosealicense.com/licenses/mpl-2.0/) license.

The full details are available from the [LICENSE](/LICENSE) file.

Copyright (C) 2024-2025  Martijn van der Kleijn