-
-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom SPDX License Id #18
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
I have a dependency on a component that does not have a SPDX License Id. For example the System.IO 4.3 package only have a license URL to the Microsoft .NET Library license, which does not fulfill the requirements to be included in the official SPDX License ID list.
Converting the SBOM to CycloneDX will only include the license URL which can not be used to identify the license in Dependency Track. Dependency Track relies on SPDX license ID for identification.
Current Behavior
Proposed Behavior
This would solve the problem of identification in Dependency Track.
Stretch
The text was updated successfully, but these errors were encountered: