Google Git
Sign in
android/platform/external/bazelbuild-rules_license

Bug: 242881002

Clone this repo:

Branches

More...

Tags

More...
  1. 8252dd0 Backfill commit SHAs for tagged Git versions am: 5de00cc78f by Kate Ageeva · 5 months ago main-kernel
  2. 5de00cc Backfill commit SHAs for tagged Git versions by Kate Ageeva · 5 months ago mirror-goog-main-external
  3. 6b52f6b Merge 'aosp/android16-release' into 'aosp/main-kernel' by Giuliano Procida · 12 months ago
  4. daad7d3 Snap for 12792956 from 23764ae917131e1af6c3cb7eaab8ee3bb00cca43 to 25Q2-release by Android Build Coastguard Worker · 1 year, 6 months ago android16-release android16-s1-release android16-s2-release android16-security-release android-16.0.0_r1 android-16.0.0_r2 android-cts-16.0_r1 android-security-16.0.0_r1 android-security-16.0.0_r2 android-security-16.0.0_r3 android-security-16.0.0_r4 android-security-16.0.0_r5 android-security-16.0.0_r6 android-security-16.0.0_r7 android-vts-16.0_r1
  5. 23764ae Upgrade rules_license to 1.0.0 am: c1b439a569 am: 48d5273aee by HONG Yifan · 1 year, 6 months ago

rules_license

CI: Build status

This repository contains a set of rules and tools for

  • declaring metadata about packages, such as
    • the licenses the package is available under
    • the canonical package name and version
    • copyright information
    • ... and more TBD in the future
  • gathering license declarations into artifacts to ship with code
  • applying organization specific compliance constriants against the set of packages used by a target.
  • producing SBOMs for built artifacts.

WARNING: The code here is still in active initial development and will churn a lot.

Contact

If you want to follow along:

Roadmap

Last update: October 22, 2023

Q4 2023

  • Reference implementation for “packages used” tool
    • produce JSON output usable for SBOM generation or other compliance reporting.
  • Reference implementation for an SPDX SBOMM generator
    • Support for reading bzlmod lock file
    • Support for reading maven lock file
  • “How To” guides
    • produce a license audit
    • produce an SBOM

Q1 2024

  • Add support for other package manager lock file formats
    • ? Python
    • Golang
    • NodeJS
  • More SPDX SBOM fields
    • support for including vendor SBOMs

Beyond

  • Performance improvements

  • Sub-SBOMs for tools

  • TBD

Background reading:

These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.