Clone this repo:
  1. ae2f8a5 Merge pull request #60 from aiuto/mod2 by aiuto · 6 days ago main
  2. 0bc1edd Add dev dependency on rules_pkg. by Tony Aiuto · 12 days ago
  3. 65b5fd7 Merge pull request #51 from aiuto/add_restricted by aiuto · 4 weeks ago
  4. de0fc23 Merge pull request #57 from aiuto/doubleat by aiuto · 4 weeks ago
  5. ea6c796 more workarounds for a changing bazel by Tony Aiuto · 4 weeks ago


CI: Build status

This repository contains a set of rules and tools for

  • declaring metadata about packages, such as
    • the licenses the package is available under
    • the canonical package name and version
    • copyright information
    • ... and more TBD in the future
  • gathering those license declarations into artifacts to ship with code
  • applying organization specific compliance constriants against the set of packages used by a target.
  • (eventually) producing SBOMs for built artifacts.

WARNING: The code here is still in active initial development and will churn a lot.

If you want to follow along:

Background reading: These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.