Skip to content
  • Jamie Tanna's avatar
    a97561c4
    Consume licensing data from SBOMs, if present · a97561c4
    Jamie Tanna authored
    As part of #223, we want to consume licensing information from SBOMs, if
    found. We've now introduced the `external_licenses` table, which will
    house this data, we need to consume it.
    
    We can update each SBOM parser and also pull out licensing information,
    if present. With this data, we can then insert it in bulk into the
    `external_licenses` table.
    
    This requires we introduce a new `License` domain model, which matches
    the schema for `external_licenses` and does _not_ match
    `depsdev_licenses` due to us not storing a `package_manager`.
    
    Although not many SBOMs - including those from Dependabot - include any
    licensing information, we can at least wire it in, so as and when we
    have the data made available, we can report on it.
    
    Closes #223.
    a97561c4
    Consume licensing data from SBOMs, if present
    Jamie Tanna authored
    As part of #223, we want to consume licensing information from SBOMs, if
    found. We've now introduced the `external_licenses` table, which will
    house this data, we need to consume it.
    
    We can update each SBOM parser and also pull out licensing information,
    if present. With this data, we can then insert it in bulk into the
    `external_licenses` table.
    
    This requires we introduce a new `License` domain model, which matches
    the schema for `external_licenses` and does _not_ match
    `depsdev_licenses` due to us not storing a `package_manager`.
    
    Although not many SBOMs - including those from Dependabot - include any
    licensing information, we can at least wire it in, so as and when we
    have the data made available, we can report on it.
    
    Closes #223.
This project is licensed under the Apache License 2.0. Learn more
Loading