• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1[![Build Status](https://github.com/spdx/tools-golang/workflows/build/badge.svg)](https://github.com/spdx/tools-golang/actions)
2[![Coverage Status](https://coveralls.io/repos/github/spdx/tools-golang/badge.svg)](https://coveralls.io/github/spdx/tools-golang)
3[![GitHub release](https://img.shields.io/github/release/spdx/tools-golang.svg)](https://github.com/spdx/tools-golang/releases/latest)
4[![Go Reference](https://pkg.go.dev/badge/github.com/spdx/tools-golang.svg)](https://pkg.go.dev/github.com/spdx/tools-golang)
5[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/5710/badge)](https://bestpractices.coreinfrastructure.org/projects/5710)
6
7# SPDX tools-golang
8
9tools-golang is a collection of Go packages intended to make it easier for
10Go programs to work with [SPDX®](https://spdx.dev/) files.
11
12## Recent news
13
142022-01-11: **v0.4.0**: added support for SPDX v2.3 and YAML, as well as other
15improvements and bugfixes. See [RELEASE-NOTES.md](./RELEASE-NOTES.md) for full
16details.
17
18## What it does
19
20tools-golang currently works with files conformant to versions 2.1 and 2.2
21of the SPDX specification, available at: https://spdx.dev/specifications
22
23tools-golang provides the following packages:
24
25* *spdx* - in-memory data model for the sections of an SPDX document
26* *tvloader* - tag-value document loader
27* *tvsaver* - tag-value document saver
28* *rdfloader* - RDF document loader
29* *json* - JSON document parser and writer
30* *yaml* - YAML document parser and writer
31* *builder* - builds "empty" SPDX document (with hashes) for directory contents
32* *idsearcher* - searches for [SPDX short-form IDs](https://spdx.org/ids/) and builds SPDX document
33* *licensediff* - compares concluded licenses between files in two packages
34* *reporter* - generates basic license count report from SPDX document
35* *spdxlib* - various utility functions for manipulating SPDX documents in memory
36* *utils* - various utility functions that support the other tools-golang packages
37
38Examples for how to use these packages can be found in the `examples/`
39directory.
40
41## What it doesn't do
42
43tools-golang doesn't currently do any of the following:
44
45* work with files under any version of the SPDX spec prior to v2.1
46* convert between different versions of SPDX documents (e.g., from 2.1 to 2.2)
47* enable applications to interact with SPDX files without needing to care
48  (too much) about the particular SPDX file version
49
50We are working towards adding functionality for all of these. Code contributions
51are welcome!
52
53## Documentation
54
55SPDX tools-golang documentation is available on the pkg.go.dev website at https://pkg.go.dev/github.com/spdx/tools-golang.
56
57## Contributors
58
59Thank you to all of the contributors to spdx/tools-golang. A full list can be
60found in the GitHub repo and in [the release notes](RELEASE-NOTES.md).
61
62In particular, thank you to the following for major contributions:
63
64JSON parsing and saving support was added by @specter25 as part of his Google
65Summer of Code 2021 project.
66
67RDF parsing support was added by @RishabhBhatnagar as part of his Google Summer
68of Code 2020 project.
69
70## Licenses
71
72As indicated in `LICENSE-code`, tools-golang **source code files** are
73provided and may be used, at your option, under *either*:
74* Apache License, version 2.0 (**Apache-2.0**), **OR**
75* GNU General Public License, version 2.0 or later (**GPL-2.0-or-later**).
76
77As indicated in `LICENSE-docs`, tools-golang **documentation files** are
78provided and may be used under the Creative Commons Attribution
794.0 International license (**CC-BY-4.0**).
80
81This `README.md` file is documentation:
82
83`SPDX-License-Identifier: CC-BY-4.0`
84
85## Security
86
87For security policy and reporting security issues, please refer to [SECURITY.md](SECURITY.md)
88