SPDX tools-golang

tools-golang is a collection of Go packages intended to make it easier for Go programs to work with SPDX® files.

Recent news

2022-01-11: v0.4.0: added support for SPDX v2.3 and YAML, as well as other improvements and bugfixes. See RELEASE-NOTES.md for full details.

What it does

tools-golang currently works with files conformant to versions 2.1 and 2.2 of the SPDX specification, available at: https://spdx.dev/specifications

tools-golang provides the following packages:

spdx - in-memory data model for the sections of an SPDX document
tagvalue - tag-value document reader and writer
rdf - RDF document reader
json - JSON document reader and writer
yaml - YAML document reader and writer
builder - builds "empty" SPDX document (with hashes) for directory contents
idsearcher - searches for SPDX short-form IDs and builds an SPDX document
licensediff - compares concluded licenses between files in two packages
reporter - generates basic license count report from an SPDX document
spdxlib - various utility functions for manipulating SPDX documents in memory
utils - various utility functions that support the other tools-golang packages

Examples for how to use these packages can be found in the examples/ directory.

What it doesn't do

tools-golang doesn't currently support files under any version of the SPDX spec prior to v2.1

Documentation

SPDX tools-golang documentation is available on the pkg.go.dev website at https://pkg.go.dev/github.com/spdx/tools-golang.

Contributors

Thank you to all of the contributors to spdx/tools-golang. A full list can be found in the GitHub repo and in the release notes.

In particular, thank you to the following for major contributions:

JSON parsing and saving support was added by @specter25 as part of his Google Summer of Code 2021 project.

RDF parsing support was added by @RishabhBhatnagar as part of his Google Summer of Code 2020 project.

Licenses

As indicated in LICENSE-code, tools-golang source code files are provided and may be used, at your option, under either:

Apache License, version 2.0 (Apache-2.0), OR
GNU General Public License, version 2.0 or later (GPL-2.0-or-later).

As indicated in LICENSE-docs, tools-golang documentation files are provided and may be used under the Creative Commons Attribution 4.0 International license (CC-BY-4.0).

This README.md file is documentation:

SPDX-License-Identifier: CC-BY-4.0

Security

For security policy and reporting security issues, please refer to SECURITY.md

Name		Name	Last commit message	Last commit date
Latest commit History 466 Commits
.github		.github
builder		builder
convert		convert
docs		docs
examples		examples
idsearcher		idsearcher
json		json
licensediff		licensediff
rdf		rdf
reporter		reporter
spdx		spdx
spdxlib		spdxlib
tagvalue		tagvalue
testdata		testdata
utils		utils
yaml		yaml
.gitattributes		.gitattributes
.gitignore		.gitignore
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE.code		LICENSE.code
LICENSE.docs		LICENSE.docs
MAINTAINERS		MAINTAINERS
Makefile		Makefile
README.md		README.md
RELEASE-NOTES.md		RELEASE-NOTES.md
SECURITY.md		SECURITY.md
go.mod		go.mod
go.sum		go.sum

License

Licenses found

kzantow-anchore/tools-golang

Folders and files

Latest commit

History

Repository files navigation

SPDX tools-golang

Recent news

What it does

What it doesn't do

Documentation

Contributors

Licenses

Security

About

Resources

License

Licenses found

Security policy

Stars

Watchers

Forks

Languages