Ecosystems
Replies: 3 comments
-
|
Sorry for the delay, FOSDEM took over for the past week or so. We currently use https://github.com/licensee/licensee for parsing licenses, data comes from https://choosealicense.com/appendix/ (basically the same as what github.com detects and shows) We should probably switch to https://github.com/aboutcode-org/scancode-toolkit to get a more in-depth analysis and support more licenses. Related issue over here: #12 and ecosyste-ms/repos#535 |
Beta Was this translation helpful? Give feedback.
-
|
@Pizza-Ria fair point, and we have a plan. Unfortunately we don't have the budget to lift and shift this in the face of growing traffic (possibly as a result of libraries.io being quietly disassembled). If you're able please get in touch with us at hello@ and we can talk about supporting one another better. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks @andrew @BenJam for the answers. It sounds like https://licenses.ecosyste.ms/ may be an outdated piece of documentation on the website but even though you appear to be using the more robust https://choosealicense.com/appendix/ now, this is still only a sliver of the possible licenses that could be detected (that have SPDX-IDs). Do I understand correctly that any "enhanced" SBOM created by parlay (which uses ecosyste.ms as its backend data source) will only report on the licenses from https://choosealicense.com/appendix/; so, if another license is declared, it would not be included in the enhanced SBOM? If so, I'll +1 the switch to scancode-toolkit and also recommend inclusion of data from Clearly Defined. |
Beta Was this translation helpful? Give feedback.
-
I'm really confused by this page on the ecosyste.ms website - https://licenses.ecosyste.ms/ - there are less than 15 licenses listed here?? Granted they are some of the more popular ones but does that mean that the tool won't report other licenses?
Beta Was this translation helpful? Give feedback.
All reactions