Google Git
Sign in
fuchsia / third_party / github.com / spdx / tools-golang / refs/tags/v0.5.0-rc1
commit908a516e6053c15f14c831121c9f2894fc65e1b5[log] [tgz]
authorBrandon Lum <lumjjb@gmail.com>Tue Jan 17 14:28:14 2023 -0500
committerGitHub <noreply@github.com>Tue Jan 17 14:28:14 2023 -0500
tree915065eab6a282c015275040d62b7e170598fa91
parentba70e46ba1678b5976fcecde96bc6b2efeab299c [diff]
parent4373dbfe780e6d1dbb08a21673cc417dc23d94a7 [diff]
Merge pull request #172 from kzantow-anchore/refactor/to-latest

refactor!: maintain the latest spdx model and provide conversions from previous
tree: 915065eab6a282c015275040d62b7e170598fa91
  1. .github/
  2. builder/
  3. convert/
  4. docs/
  5. examples/
  6. idsearcher/
  7. json/
  8. licensediff/
  9. rdf/
  10. reporter/
  11. spdx/
  12. spdxlib/
  13. tagvalue/
  14. testdata/
  15. utils/
  16. yaml/
  17. .gitignore
  18. CONTRIBUTING.md
  19. go.mod
  20. go.sum
  21. LICENSE.code
  22. LICENSE.docs
  23. MAINTAINERS
  24. README.md
  25. RELEASE-NOTES.md
  26. SECURITY.md
README.md

Build Status Coverage Status GitHub release Go Reference CII Best Practices

SPDX tools-golang

tools-golang is a collection of Go packages intended to make it easier for Go programs to work with SPDX® files.

Recent news

2022-01-11: v0.4.0: added support for SPDX v2.3 and YAML, as well as other improvements and bugfixes. See RELEASE-NOTES.md for full details.

What it does

tools-golang currently works with files conformant to versions 2.1 and 2.2 of the SPDX specification, available at: https://spdx.dev/specifications

tools-golang provides the following packages:

  • spdx - in-memory data model for the sections of an SPDX document
  • tagvalue - tag-value document reader and writer
  • rdf - RDF document reader
  • json - JSON document reader and writer
  • yaml - YAML document reader and writer
  • builder - builds “empty” SPDX document (with hashes) for directory contents
  • idsearcher - searches for SPDX short-form IDs and builds an SPDX document
  • licensediff - compares concluded licenses between files in two packages
  • reporter - generates basic license count report from an SPDX document
  • spdxlib - various utility functions for manipulating SPDX documents in memory
  • utils - various utility functions that support the other tools-golang packages

Examples for how to use these packages can be found in the examples/ directory.

What it doesn't do

tools-golang doesn't currently support files under any version of the SPDX spec prior to v2.1

Documentation

SPDX tools-golang documentation is available on the pkg.go.dev website at https://pkg.go.dev/github.com/spdx/tools-golang.

Contributors

Thank you to all of the contributors to spdx/tools-golang. A full list can be found in the GitHub repo and in the release notes.

In particular, thank you to the following for major contributions:

JSON parsing and saving support was added by @specter25 as part of his Google Summer of Code 2021 project.

RDF parsing support was added by @RishabhBhatnagar as part of his Google Summer of Code 2020 project.

Licenses

As indicated in LICENSE-code, tools-golang source code files are provided and may be used, at your option, under either:

  • Apache License, version 2.0 (Apache-2.0), OR
  • GNU General Public License, version 2.0 or later (GPL-2.0-or-later).

As indicated in LICENSE-docs, tools-golang documentation files are provided and may be used under the Creative Commons Attribution 4.0 International license (CC-BY-4.0).

This README.md file is documentation:

SPDX-License-Identifier: CC-BY-4.0

Security

For security policy and reporting security issues, please refer to SECURITY.md