FOSSology and SPDX

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/61941 (DOI)

Publisher

FOSDEM VZW

Release Date

2023

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

FOSSology is a open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line or from web UI. FOSSology can generate SPDX SBOM for source code in RDF and tag-value formats, including other reports, and is becoming more SPDX compliant. With the new license naming changes in FOSSology, users can provide more elaborate and correct SPDX License Identifiers for the licenses. The tool has also improved its reporting using SPDX version 2.3 with new fields. FOSSology uses SPDX reporting formats to generate SBOM for source code. The project has recently improved the reporting by providing users and option to give SPDX License Identifier. This helps in maintaining the SPDX specified format for the reports in FOSSology. Apart from using SPDX reporting formats, FOSSology also supports following SBOM reports: - DEP5 format, which is predominantly used within Debian community. - CLIXML report, an in-house format, which reports about licensing and related information in XML.