https://github.com/philips-software/spdx-action

GitHub Action to get a license overview in SPDX format
https://github.com/philips-software/spdx-action

license-scanning-framework sbom software-bill-of-materials

Last synced: 6 months ago
JSON representation

GitHub Action to get a license overview in SPDX format

• Host: GitHub
• URL: https://github.com/philips-software/spdx-action
• Owner: philips-software
• License: mit
• Created: 2021-01-22T08:32:01.000Z (over 5 years ago)
• Default Branch: develop
• Last Pushed: 2021-12-24T16:59:30.000Z (over 4 years ago)
• Last Synced: 2025-03-09T00:34:12.948Z (over 1 year ago)
• Topics: license-scanning-framework, sbom, software-bill-of-materials
• Homepage:
• Size: 157 KB
• Stars: 14
• Watchers: 1
• Forks: 4
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: CODEOWNERS

Awesome Lists containing this project

README

          


# Get SPDX license overview

[![Marketplace](https://img.shields.io/badge/GitHub-Marketplace-green.svg)](https://github.com/marketplace/actions/get-spdx-license-overview) [![Release](https://img.shields.io/github/release/philips-software/spdx-action.svg)](https://github.com/philips-software/spdx-action/releases)

This action will create a SPDX license overview with ORT and SPDX-builder.

> THIS IS AN EXPERIMENTAL ACTION



## Configuration

You can specify the configuration in a `.spdx-builder.yml` in the root of your project.

See [instructions in philips-software/spdx-builder](https://github.com/philips-software/spdx-builder#including-projects-in-the-spdx-file).

## Environment

This action requires a java environment. (See example)

## Description

Get SPDX license overview

## Inputs

| parameter | description | required | default |

| - | - | - | - |

| project | project | `true` | spdx-builder |

| spdx-builder-version | spdx-builder-version | `true` | v0.9.2 |

| mode | Scan mode. Can be 'ort', 'blackduck' or 'tree' | `true` | ort |

| scanner-url | scanner-url (license-scanner) | `false` |  |

| bombase-url | bombase-url (in case of mode: 'tree') | `false` |  |

| upload-url | upload-url (f.e. BOM-bar) | `false` |  |

| ort-version | philipssoftware/ort version (in case of mode: 'ort') | `false` | 2021-11-24 |

| ort-file | Specifies an ort-file to override ORT scanning in this action. (in case of mode: 'ort') | `false` |  |

| tree | file with tree input (in case of mode: 'tree') | `false` |  |

| format | format input (in case of mode: 'tree') | `false` |  |

| blackduck-url | Blackduck url (in case of mode: 'blackduck') | `false` |  |

| blackduck-token | Blackduck token (in case of mode: 'blackduck') | `false` |  |

| blackduck-project | Blackduck project (in case of mode: 'blackduck') | `false` |  |

| blackduck-version | Blackduck version (in case of mode: 'blackduck') | `false` |  |

| optional-arguments | Optional arguments like `--tree`, `--release`, `--force` and `--custom` | `false` |  |

| capture-stdout-file | Capture stdout in a file. When given, this will be used as the filename of the output | `false` |  |

## Outputs

| parameter | description |

| - | - |

| spdx-file | spdx-license file |

| ort-file | ort-license file |

## Runs

This action is an `composite` action.

## GitHub workflow

Make sure you have a proper `.spdx-builder.yml` file in your project.

### `ORT` mode

```yml

  - uses: actions/checkout@v2

  - uses: actions/setup-java@v1

    with:

      java-version: '11.0.13'

  - name: Create spdx-file

    id: spdx-builder

    uses: philips-software/spdx-action@v0.9.1.1

    with:

      project: my-project

      mode: ort

  - uses: actions/upload-artifact@v2

    with:

      name: licenses

      path: ${{ steps.spdx-builder.outputs.spdx-file }}

```

### `tree` mode

```yml

  - uses: actions/checkout@v2

  - uses: actions/setup-java@v1

    with:

      java-version: '11.0.13'

  - name: Create tree

    run: |

      npm list --all --production > npm-dependencies.txt

  - name: Create spdx-file

    id: spdx-builder

    uses: philips-software/spdx-action@v0.9.1.1

     with:

      project: my-project

      mode: 'tree'

      tree: 'npm-dependencies.txt'

      format: 'npm'

      bombase-url:  # Optional

  - uses: actions/upload-artifact@v2

    with:

      name: licenses

      path: ${{ steps.spdx-builder.outputs.spdx-file }}

```

### `blackduck` mode

```yml

  - uses: actions/checkout@v2

  - uses: actions/setup-java@v1

    with:

      java-version: '11.0.13'

  - name: Create spdx-file

    id: spdx-builder

    uses: philips-software/spdx-action@v0.9.1.1

    with:

      project: my-project

      mode: 'blackduck'

      blackduck-url: 

      blackduck-token: ${{ secrets.BLACKDUCK_TOKEN }}

      blackduck-project: 

      blackduck-version: 

  - uses: actions/upload-artifact@v2

    with:

      name: licenses

      path: ${{ steps.spdx-builder.outputs.spdx-file }}

```

## Philips Forest

This module is part of the Philips Forest.

```

                                                     ___                   _

                                                    / __\__  _ __ ___  ___| |_

                                                   / _\/ _ \| '__/ _ \/ __| __|

                                                  / / | (_) | | |  __/\__ \ |_

                                                  \/   \___/|_|  \___||___/\__|

                                                                            CI

```