Google Git
Sign in
fuchsia / third_party / github.com / spdx / tools-golang / refs/heads/main
commite95cf7fdfd79579a1f6d4a4e90b6873dff52a940[log] [tgz]
authordependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>Mon Sep 08 10:21:14 2025 -0400
committerGitHub <noreply@github.com>Mon Sep 08 10:21:14 2025 -0400
tree3fe7133010a922e50f5c8a6853ebdde912cbee4c
parenteabe60c4e907b31493b8fddba2f5b7e03af28a55 [diff]
build(deps): Bump sigs.k8s.io/yaml from 1.5.0 to 1.6.0 (#259)
2 files changed
tree: 3fe7133010a922e50f5c8a6853ebdde912cbee4c
  1. .github/
  2. builder/
  3. convert/
  4. docs/
  5. examples/
  6. idsearcher/
  7. json/
  8. licensediff/
  9. rdf/
  10. reporter/
  11. spdx/
  12. spdxlib/
  13. tagvalue/
  14. testdata/
  15. utils/
  16. yaml/
  17. .gitattributes
  18. .gitignore
  19. CONTRIBUTING.md
  20. go.mod
  21. go.sum
  22. LICENSE.code
  23. LICENSE.docs
  24. MAINTAINERS
  25. Makefile
  26. README.md
  27. RELEASE-NOTES.md
  28. SECURITY.md
README.md

Build Status Coverage Status GitHub release Go Reference CII Best Practices

SPDX tools-golang

tools-golang is a collection of Go packages intended to make it easier for Go programs to work with SPDX® files.

What it does

tools-golang currently works with files conformant to versions 2.1, 2.2 and 2.3 of the SPDX specification, available at: https://spdx.dev/specifications

tools-golang provides the following packages:

  • spdx - in-memory data model for the sections of an SPDX document
  • tagvalue - tag-value document reader and writer
  • rdf - RDF document reader
  • json - JSON document reader and writer
  • yaml - YAML document reader and writer
  • builder - builds “empty” SPDX document (with hashes) for directory contents
  • idsearcher - searches for SPDX short-form IDs and builds an SPDX document
  • licensediff - compares concluded licenses between files in two packages
  • reporter - generates basic license count report from an SPDX document
  • spdxlib - various utility functions for manipulating SPDX documents in memory
  • utils - various utility functions that support the other tools-golang packages

Examples for how to use these packages can be found in the examples/ directory.

What it doesn't do

tools-golang doesn't currently support files under any version of the SPDX spec prior to v2.1

Documentation

SPDX tools-golang documentation is available on the pkg.go.dev website at https://pkg.go.dev/github.com/spdx/tools-golang.

Contributors

Thank you to all of the contributors to spdx/tools-golang. A full list can be found in the GitHub repo and in the release notes.

In particular, thank you to the following for major contributions:

JSON parsing and saving support was added by @specter25 as part of his Google Summer of Code 2021 project.

RDF parsing support was added by @RishabhBhatnagar as part of his Google Summer of Code 2020 project.

Licenses

As indicated in LICENSE-code, tools-golang source code files are provided and may be used, at your option, under either:

  • Apache License, version 2.0 (Apache-2.0), OR
  • GNU General Public License, version 2.0 or later (GPL-2.0-or-later).

As indicated in LICENSE-docs, tools-golang documentation files are provided and may be used under the Creative Commons Attribution 4.0 International license (CC-BY-4.0).

This README.md file is documentation:

SPDX-License-Identifier: CC-BY-4.0

Security

For security policy and reporting security issues, please refer to SECURITY.md