Skip to content
This repository has been archived by the owner on Jun 17, 2022. It is now read-only.

Latest commit

 

History

History
805 lines (790 loc) · 13.6 KB

README.md

File metadata and controls

805 lines (790 loc) · 13.6 KB

What is it?

license-bill-of-materials uses go list tool over a Go workspace to collect the dependencies of a package or command, detect their license if any and match them against well-known templates.

The output record format follows the JSON representation of the Go structs:

type projectAndLicenses struct {
	Project  string    `json:"project"`
	Licenses []license `json:"licenses,omitempty"`
	Error    string    `json:"error,omitempty"`
}

type license struct {
	Type       string  `json:"type,omitempty"`
	Confidence float64 `json:"confidence,omitempty"`
}

The output might have three arrays of records:

  • Matched/Guessed license projects
  • Error projects

Miscategorized and error projects can be overridden with a file by using the --override-file flag.

Example file

[
	{
		"project": "k8s.io/kubernetes",
		"license": "Apache License 2.0",
	}
]

Example output of Kubernetes API server:

$ license-bill-of-materials k8s.io/kubernetes/cmd/kube-apiserver
[
	{
		"project": "k8s.io/kubernetes",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "cloud.google.com/go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9988925802879292
			}
		]
	},
	{
		"project": "github.com/Azure/azure-sdk-for-go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9988925802879292
			}
		]
	},
	{
		"project": "github.com/Azure/go-autorest/autorest",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9680365296803652
			}
		]
	},
	{
		"project": "github.com/PuerkitoBio/purell",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9916666666666667
			}
		]
	},
	{
		"project": "github.com/PuerkitoBio/urlesc",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "github.com/aws/aws-sdk-go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/beorn7/perks/quantile",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9891304347826086
			}
		]
	},
	{
		"project": "github.com/coreos/etcd",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/coreos/go-oidc",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/coreos/go-systemd",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9966703662597114
			}
		]
	},
	{
		"project": "github.com/coreos/pkg",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/davecgh/go-spew/spew",
		"licenses": [
			{
				"type": "ISC License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/dgrijalva/jwt-go",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9891304347826086
			}
		]
	},
	{
		"project": "github.com/docker/distribution",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/docker/engine-api/types",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9657534246575342
			}
		]
	},
	{
		"project": "github.com/docker/go-connections/nat",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9657534246575342
			}
		]
	},
	{
		"project": "github.com/docker/go-units",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9657534246575342
			}
		]
	},
	{
		"project": "github.com/docker/spdystream",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9680365296803652
			},
			{
				"type": "Open Software License 3.0",
				"confidence": 0.4606413994169096
			}
		]
	},
	{
		"project": "github.com/elazarl/go-bindata-assetfs",
		"licenses": [
			{
				"type": "BSD 2-clause \"Simplified\" License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/emicklei/go-restful",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/emicklei/go-restful-swagger12",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/evanphx/json-patch",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.979253112033195
			}
		]
	},
	{
		"project": "github.com/exponent-io/jsonpath",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/ghodss/yaml",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.8357142857142857
			}
		]
	},
	{
		"project": "github.com/go-ini/ini",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9966703662597114
			}
		]
	},
	{
		"project": "github.com/go-openapi/analysis",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/go-openapi/jsonpointer",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/go-openapi/jsonreference",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/go-openapi/loads",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/go-openapi/spec",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			},
			{
				"type": "The Unlicense",
				"confidence": 0.3422459893048128
			}
		]
	},
	{
		"project": "github.com/go-openapi/swag",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/gogo/protobuf",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9090909090909091
			}
		]
	},
	{
		"project": "github.com/golang/glog",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9966703662597114
			}
		]
	},
	{
		"project": "github.com/golang/groupcache/lru",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9966703662597114
			}
		]
	},
	{
		"project": "github.com/golang/protobuf",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.92
			}
		]
	},
	{
		"project": "github.com/google/gofuzz",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/gophercloud/gophercloud",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9680365296803652
			}
		]
	},
	{
		"project": "github.com/grpc-ecosystem/go-grpc-prometheus",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/grpc-ecosystem/grpc-gateway",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.979253112033195
			}
		]
	},
	{
		"project": "github.com/hashicorp/golang-lru",
		"licenses": [
			{
				"type": "Mozilla Public License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/hawkular/hawkular-client-go/metrics",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/howeyc/gopass",
		"licenses": [
			{
				"type": "ISC License",
				"confidence": 0.9850746268656716
			}
		]
	},
	{
		"project": "github.com/imdario/mergo",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "github.com/influxdata/influxdb",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/jmespath/go-jmespath",
		"licenses": [
			{
				"type": "The Unlicense",
				"confidence": 0.35294117647058826
			}
		]
	},
	{
		"project": "github.com/jonboulle/clockwork",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/juju/ratelimit",
		"licenses": [
			{
				"type": "GNU Lesser General Public License v3.0",
				"confidence": 0.9409937888198758
			}
		]
	},
	{
		"project": "github.com/mailru/easyjson",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9891304347826086
			}
		]
	},
	{
		"project": "github.com/matttproud/golang_protobuf_extensions/pbutil",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9988925802879292
			}
		]
	},
	{
		"project": "github.com/mesos/mesos-go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/mitchellh/mapstructure",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/mxk/go-flowrate/flowrate",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9707112970711297
			}
		]
	},
	{
		"project": "github.com/pborman/uuid",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "github.com/pkg/errors",
		"licenses": [
			{
				"type": "BSD 2-clause \"Simplified\" License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/prometheus/client_golang/prometheus",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/prometheus/client_model/go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/prometheus/common",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/prometheus/procfs",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/rackspace/gophercloud",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9680365296803652
			}
		]
	},
	{
		"project": "github.com/robfig/cron",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9946524064171123
			}
		]
	},
	{
		"project": "github.com/rubiojr/go-vhd/vhd",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/samuel/go-zookeeper/zk",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9916666666666667
			}
		]
	},
	{
		"project": "github.com/spf13/cobra",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 0.9573241061130334
			}
		]
	},
	{
		"project": "github.com/spf13/pflag",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "github.com/ugorji/go/codec",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9946524064171123
			}
		]
	},
	{
		"project": "github.com/vmware/govmomi",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/vmware/govmomi/vim25/xml",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "github.com/vmware/photon-controller-go-sdk/photon",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "github.com/xanzy/go-cloudstack/cloudstack",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	},
	{
		"project": "golang.org/x/crypto",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "golang.org/x/net",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "golang.org/x/oauth2",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "golang.org/x/text",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "google.golang.org/api",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9663865546218487
			}
		]
	},
	{
		"project": "google.golang.org/api/googleapi/internal/uritemplates",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 0.9891304347826086
			}
		]
	},
	{
		"project": "google.golang.org/grpc",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.979253112033195
			}
		]
	},
	{
		"project": "gopkg.in/gcfg.v1",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9752066115702479
			}
		]
	},
	{
		"project": "gopkg.in/inf.v0",
		"licenses": [
			{
				"type": "BSD 3-clause \"New\" or \"Revised\" License",
				"confidence": 0.9752066115702479
			}
		]
	},
	{
		"project": "gopkg.in/natefinch/lumberjack.v2",
		"licenses": [
			{
				"type": "MIT License",
				"confidence": 1
			}
		]
	},
	{
		"project": "gopkg.in/yaml.v2",
		"licenses": [
			{
				"type": "GNU Lesser General Public License v3.0",
				"confidence": 0.9528301886792453
			},
			{
				"type": "MIT License",
				"confidence": 0.8975609756097561
			}
		]
	},
	{
		"project": "k8s.io/client-go",
		"licenses": [
			{
				"type": "Apache License 2.0",
				"confidence": 1
			}
		]
	}
]

Where does it come from?

Both the code and reference data were directly ported from:

https://github.com/benbalter/licensee