Clone this repo:
  1. 27c9be7 Merge pull request #94 from aiuto/ver by aiuto · 2 weeks ago main
  2. 796d237 Merge pull request #95 from aiuto/longname by aiuto · 2 weeks ago
  3. cfbf25b Merge pull request #93 from aiuto/nms by aiuto · 2 weeks ago
  4. fb628b4 typo by Tony Aiuto · 2 weeks ago
  5. e0ea4c4 fix handling of long-name by Tony Aiuto · 3 weeks ago


CI: Build status

This repository contains a set of rules and tools for

  • declaring metadata about packages, such as
    • the licenses the package is available under
    • the canonical package name and version
    • copyright information
    • ... and more TBD in the future
  • gathering those license declarations into artifacts to ship with code
  • applying organization specific compliance constriants against the set of packages used by a target.
  • (eventually) producing SBOMs for built artifacts.

WARNING: The code here is still in active initial development and will churn a lot.

If you want to follow along:

Background reading: These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.