rules_license

This repository contains a set of rules and tools for

• declaring metadata about packages, such as
  • the licenses the package is available under
  • the canonical package name and version
  • copyright information
  • ... and more TBD in the future
• gathering those license declarations into artifacts to ship with code
• applying organization specific compliance constriants against the set of packages used by a target.
• (eventually) producing SBOMs for built artifacts.

WARNING: The code here is still in active initial development and will churn a lot.

If you want to follow along:

• Mailing list: bazel-ssc@bazel.build
• Monthly eng meeting: calendar link

Background reading: These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.

• License Checking with Bazel.
• OSS Licenses and Bazel Dependency Management
• Adding OSS license declarations to Bazel