FEAT: Option to add license text to BOM output #676
Description
based on #675 (reply in thread)
similar to CycloneDX/cyclonedx-node-npm#256
Is your feature request related to a problem? Please describe.
For legal documentation, I need the original text of the licenses of components.
Describe the solution you'd like
An option to enable integration of the license-text in the BOM result.
@stevespringett mentioned:
Keep in mind that compositions are the only way of saying that something is complete. Our build implementations do not produce
compositionsnor should they. Its really up to the end user org to attest if the BOM is complete or not and add the corresponding composition if it is.
Also note, that licenses go in two places. 1) the declared license for the component goes into component/licenses and all the evidence of copyrights and licenses for the entirety of the component goes into component/evidence
read https://cyclonedx.org/news/cyclonedx-v1.3-released/#copyright-and-license-evidence
🔍
result of my research:
- we could utilize license-scanner after Programmable interface - machine-readable output license-scanner#9 was done.