FOSSology and SPDX

CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/61941 (DOI)

Herausgeber

FOSDEM VZW

Erscheinungsjahr

2023

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

FOSSology is a open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line or from web UI. FOSSology can generate SPDX SBOM for source code in RDF and tag-value formats, including other reports, and is becoming more SPDX compliant. With the new license naming changes in FOSSology, users can provide more elaborate and correct SPDX License Identifiers for the licenses. The tool has also improved its reporting using SPDX version 2.3 with new fields. FOSSology uses SPDX reporting formats to generate SBOM for source code. The project has recently improved the reporting by providing users and option to give SPDX License Identifier. This helps in maintaining the SPDX specified format for the reports in FOSSology. Apart from using SPDX reporting formats, FOSSology also supports following SBOM reports: - DEP5 format, which is predominantly used within Debian community. - CLIXML report, an in-house format, which reports about licensing and related information in XML.