currently, we "fix" licenses
"""
Per CycloneDX spec, there must be EITHER one license expression OR multiple license id/name.
If there is an expression, it is used and everything else is moved to evidences, so it is not lost.
"""
# hack for preventing expressions AND named licenses.
# see https://github.com/CycloneDX/cyclonedx-python/issues/826
# see https://github.com/CycloneDX/specification/issues/454
see
|
def licenses_fixup(component: 'Component') -> None: |
|
""" |
|
Per CycloneDX spec, there must be EITHER one license expression OR multiple license id/name. |
|
If there is an expression, it is used and everything else is moved to evidences, so it is not lost. |
|
""" |
|
# hack for preventing expressions AND named licenses. |
|
# see https://github.com/CycloneDX/cyclonedx-python/issues/826 |
|
# see https://github.com/CycloneDX/specification/issues/454 |
|
licenses = list(component.licenses) |
|
lexp = find_LicenseExpression(licenses) |
|
if lexp is None: |
|
return |
|
component.licenses = (lexp,) |
|
licenses.remove(lexp) |
|
if len(licenses) > 0: |
|
if component.evidence is None: |
|
component.evidence = ComponentEvidence() |
|
component.evidence.licenses.update(licenses) |
this is no longer needed since CycloneDX 1.7
feature request: dont "fix" licenses if not needed.
this might be considered a breaking change, since the output result might be different.
currently, we "fix" licenses
see
cyclonedx-python/cyclonedx_py/_internal/utils/cdx.py
Lines 102 to 119 in ffe63d1
this is no longer needed since CycloneDX 1.7
feature request: dont "fix" licenses if not needed.
this might be considered a breaking change, since the output result might be different.