spdx/license-list-XML spdx/license-list-XML

  • Stars
    star
    344
  • Rank 123,052 (Top 3 %)
  • Language Makefile
  • License
    Other
  • Created over 8 years ago
  • Updated about 1 month ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
spdx/license-list-XML
github

spdx

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This is the repository for the master files that comprise the SPDX License List

.github/workflows/deploy.yaml.github/workflows/validate.yaml

SPDX License List

What

The SPDX License List is an integral part of the SPDX Specification. The SPDX License List itself is a list of commonly found licenses and exceptions used in free and open or collaborative software, data, hardware, or documentation. The purpose of the SPDX License List is to enable easy and efficient identification of such licenses and exceptions in an SPDX document, in source files or elsewhere. The SPDX License List includes a standardized short identifier, full name, vetted license text including matching guidelines markup as appropriate, and a canonical permanent URL for each license and exception.

Why

The purpose of the SPDX License List is to enable efficient and reliable identification of such licenses and exceptions in an SPDX document, in source files or elsewhere. The SPDX short identifiers combined with the matching guidelines ensures that anyone can reliably know exactly what license text is being referred to for a given SPDX identifier.

How

  • For more about how SPDX license identifiers are used in an SPDX document, a software bill of materials, or other places that store license data, see SPDX Specification, Clauses 7, 8, and 10 and Annexes B, D, and E.
  • For examples of use of SPDX license identifiers in source code, see https://spdx.org/ids. Please note, a license not on the SPDX License List can be included in an SPDX document by using a 'LicenseRef-' as the license name’s prefix and including the full license text as per the specification.

When

  • SPDX License List releases are done on a quarterly basis (more or less) at the end of January, April, July, and October. We schedule our License List releases one month behind the usual quarterly calendar cadence to accommodate the reality that many people contributing have other commitments at quarter-end.
  • See RELEASE-NOTES.md for a summary of each release
  • All PRs to be included as part of release must be merged 1 week prior to release date to allow time for actual release work
  • Any new issues raised within the month of the next release will likely be tagged for the following release, unless it is an easy-to-resolve issue

This Repository

This repository contains the XML source and schema files used to generate the authoritative, supported SPDX list file formats, including the web pages you see at spdx.org/licenses and other generated data formats found in the SPDX license-list-data repository.

How to contribute/participate

We welcome participants and contributions! The SPDX License List is maintained by the SPDX Legal Team. Work and discussion is primarily done via:

  • mailing list: Please introduce yourself and let us know a bit about your interest in SPDX! The mailing list is our traditional form of communication. To join the SPDX Legal Team mailing list, send an email to [email protected] or visit https://lists.spdx.org/g/Spdx-legal (where you can also see the list's archives).
  • calls: We use conference calls to make decisions on topics and issues that may be difficult to discuss only via email or GitHub. These calls are on the second and fourth Thursday of each month at 12:00 US Eastern Time. Information, including a link to join online, is sent prior to the calls to the SPDX Legal Team mailing list. Meeting minutes for the calls are in the SPDX meetings repo; minutes from meetings before March 2020 can be found at http://wiki.spdx.org/
  • this GitHub repo: We use this repository for comments, issues and pull requests related to specific changes to the files that comprise the SPDX License List. This includes new licenses, updates to an existing license, improvements to documentation and other changes.

Please see DOCS and CONTRIBUTING.md for more information. We also have an FAQ that you may find helpful!

Consuming License Data from this Repository

Output files in the SPDX license-list-data repository are generated from the XML source in this repository. These output files are stable and well-supported, and make the License List available in RDFa, HTML, text, and JSON formats. You can use SPDX tools (or create your own) to consume the supported formats of the license list.

Please note that the XML format for this repository is internal to the SPDX legal team and is subject to change, so any direct consumers of this repository's source files should expect occasional, backwards-incompatible changes.

More Repositories

1

license-list-data

Various data formats for the SPDX License List including RDFa, HTML, Text, and JSON
HTML
495
star
2

spdx-spec

The SPDX specification in MarkDown and HTML formats.
Python
288
star
3

tools-python

A Python library to parse, validate and create SPDX documents.
Python
184
star
4

spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.
Go
151
star
5

tools

SPDX Tools
Java
125
star
6

spdx-examples

Examples of SPDX files for software combinations
Java
123
star
7

tools-golang

Collection of Go packages to work with SPDX files
Go
121
star
8

spdx-3-model

The model for the information captured in SPDX version 3 standard.
69
star
9

spdx-online-tools

Source for the website providing online SPDX tools
JavaScript
60
star
10

tools-java

SPDX Command Line Tools using the Spdx-Java-Library
Java
59
star
11

spdx-to-osv

Produce an Open Source Vulnerability JSON file based on information in an SPDX document
Java
59
star
12

ntia-conformance-checker

Check SPDX SBOM for NTIA minimum elements
Python
53
star
13

spdx-maven-plugin

Plugin for supporting SPDX in a Maven build.
Java
44
star
14

license-list

SPDX License List - Archived through v2.6
42
star
15

Spdx-Java-Library

Java library which implements the Java object model for SPDX and provides useful helper functions
Java
33
star
16

spdx-license-diff

Chrome/Firefox browser extension to compare text against spdx license list
JavaScript
33
star
17

cdx2spdx

Utility that converts SBOM documents from CycloneDX to SPDX
Java
27
star
18

meetings

This repository stores meetings minutes for the SPDX project
26
star
19

spdx-license-matcher

A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
Python
26
star
20

sbom-landscape

SPDX SBOM Landscape
15
star
21

governance

SPDX Governance, based on Community Specification model
15
star
22

spdx-gradle-plugin

Java
15
star
23

gordf

Go
11
star
24

LicenseListPublisher

Tool that generates license data found in the license-list-data repository from the license-list-XML source
Java
11
star
25

spdx-build-tool

Support a continuous integration (CI) generation of SPDX files by creating a plugins or extensions to build tools. These plugins or extensions will generate valid SPDX documents based on the build file metadata and source files. https://github.com/spdx/
Python
11
star
26

spdx-tools-js

JavaScript
9
star
27

ATTIC-osit

Open Source Inspect Tool by OSE, Samsung
Java
8
star
28

license-coverage-grader

This is a tool which take an SPDX document and pointer to the original source files, and determine a "grade" score to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.
Python
7
star
29

ATTIC-tools-go

Legacy SPDX Parser Go Language Library - replaced by tools-golang
Go
6
star
30

yalm-python

Implement SPDX License Matching in Python. Project in CommunityBridge Linux Foundation 2020.
Python
6
star
31

spdx-github

SPDX Github Integration Tools
Python
5
star
32

spec-parser

automagically process the specification
Python
5
star
33

tools-ts

TypeScript
4
star
34

outreach

content for outreach activities
4
star
35

ATTIC-airs

Auto IdentifieR using Spdx by OSE, Samsung
Java
4
star
36

schema-to-java

Generates Java classes from the SPDX Schema
Java
3
star
37

spdx-adoption

Keeping list of projects that are using SPDX headers, and those that are able to generate SPDX documents.
3
star
38

license-test-files

Test files which can be used to check license scanners.
3
star
39

change-proposal

Repository for change proposal for the SPDX project
3
star
40

license-test-generator

Tool to generate the license test files (github.com/spdx/license-test-files) from the SPDX listed licenses (github.com/spdx/license-list-data)
PHP
3
star
41

spdx-java-jackson-store

JSON storage implementation for the SPDX tools
Java
3
star
42

TEST-LicenseList-XML

This is a copy of the LicenseListXML repository to be used for testing
Makefile
2
star
43

spdx-java-rdf-store

SPDX Tools RDF Support Library
Java
2
star
44

GSoC

SPDX participation in the Google Summer of Code program
2
star
45

canonical-serialisation

SPDX Canonicalisation repo
CSS
2
star
46

package-licenses-mapping

Data mapping license declarations as found in package manifests to a SPDX license expression.
2
star
47

spdx-java-spreadsheet-store

SPDX Java library spreadsheet storage
Java
2
star
48

license-test-scans

Tools to help compare license scans
Python
2
star
49

spec-v3-template

Templates and examples for writing the v3 specification
2
star
50

spdx-java-tagvalue-store

SPDX Document Storage using the Tag/Value format
Java
2
star
51

spdx-model-to-java

Generates Java source files from the SPDX spec version 3+ suitable for inclusion in the SPDX Java Library
Java
2
star
52

tools-list

List of the known available tools in a machine readable format.
1
star
53

license-namespace-test

Test repository for the license namespace
1
star
54

spdx-testbed

Java
1
star
55

spdx-website

This repo contains all the assets used in the spdx.org website
1
star
56

licensegenplugin

Maven plugin for generating the license data from the license list XML repository
Java
1
star
57

DOCS

This is a repository for general documentation related to SPDX
1
star
58

spdx-3-build-profile

1
star
59

spdx-3-serialization-prototype-playground

TEMPORARY repo to contain different draft examples for SPDX 3.0 serializations
Python
1
star
60

licenseRequestImages

License Request Image Repository
1
star
61

license-mgmt

GSoC 2022 project for a web-based license management system
CSS
1
star
62

crypto-algorithms

List of cryptographic algorithms and their characteristics
1
star
63

rollup-plugin-spdx

TypeScript
1
star
64

using

Information on how to use the SPDX specification
1
star