mirror of
https://github.com/anchore/syft
synced 2024-11-15 00:27:07 +00:00
706322f826
* add initial spdx support Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * expose FileOwner and use in SPDX presenter Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add initial json support for SPDX Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add remaining package fields Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add spdx license list generation + tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * keep fileOwner unexported from pkg Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * restore cli test util Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add external refs to spdx tag-value format Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add golang support to CPE generation Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * use tag-value format as default "spdx" format flavor Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add tests around spdx presenters + refactor presenter tests Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * add bouncer exception for spdx tools-golang repo Signed-off-by: Alex Goodman <alex.goodman@anchore.com> * remove spdx model questions Signed-off-by: Alex Goodman <alex.goodman@anchore.com>
17 lines
No EOL
569 B
YAML
17 lines
No EOL
569 B
YAML
permit:
|
|
- BSD.*
|
|
- MIT.*
|
|
- Apache.*
|
|
- MPL.*
|
|
- ISC
|
|
ignore-packages:
|
|
# packageurl-go is released under the MIT license located in the root of the repo at /mit.LICENSE
|
|
- github.com/package-url/packageurl-go
|
|
|
|
# from: https://github.com/spdx/tools-golang/blob/main/LICENSE.code
|
|
# The tools-golang source code is provided and may be used, at your option,
|
|
# under either:
|
|
# * Apache License, version 2.0 (Apache-2.0), OR
|
|
# * GNU General Public License, version 2.0 or later (GPL-2.0-or-later).
|
|
# (we choose Apache-2.0)
|
|
- github.com/spdx/tools-golang |