• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# rules_license
2
3CI: [![Build status](https://badge.buildkite.com/e12f23186aa579f1e20fcb612a22cd799239c3134bc38e1aff.svg)](https://buildkite.com/bazel/rules-license)
4
5This repository contains a set of rules and tools for
6- declaring metadata about packages, such as
7  - the licenses the package is available under
8  - the canonical package name and version
9  - copyright information
10  - ... and more TBD in the future
11- gathering license declarations into artifacts to ship with code
12- applying organization specific compliance constriants against the
13  set of packages used by a target.
14- producing SBOMs for built artifacts.
15
16WARNING: The code here is still in active initial development and will churn a lot.
17
18## Contact
19
20If you want to follow along:
21- Mailing list: [bazel-ssc@bazel.build](https://groups.google.com/a/bazel.build/g/bazel-ssc)
22- Monthly eng meeting: [calendar link](MjAyMjA4MjJUMTYwMDAwWiBjXzUzcHBwZzFudWthZXRmb3E5NzhxaXViNmxzQGc&tmsrc=c_53pppg1nukaetfoq978qiub6ls%40group.calendar.google.com&scp=ALL)
23- [Latest docs](https://bazelbuild.github.io/rules_license/latest.html)
24
25## Roadmap
26
27*Last update: October 22, 2023*
28
29### Q4 2023
30
31- Reference implementation for "packages used" tool
32  - produce JSON output usable for SBOM generation or other compliance reporting.
33- Reference implementation for an SPDX SBOMM generator
34  - Support for reading bzlmod lock file
35  - Support for reading maven lock file
36- "How To" guides
37  - produce a license audit
38  - produce an SBOM
39
40### Q1 2024
41
42- Add support for other package manager lock file formats
43  - ? Python
44  - Golang
45  - NodeJS
46- More SPDX SBOM fields
47  - support for including vendor SBOMs
48  -
49
50### Beyond
51
52- Performance improvements
53- Sub-SBOMs for tools
54
55
56- TBD
57
58## Background reading:
59
60These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.
61- [License Checking with Bazel](https://docs.google.com/document/d/1uwBuhAoBNrw8tmFs-NxlssI6VRolidGYdYqagLqHWt8/edit#).
62- [OSS Licenses and Bazel Dependency Management](https://docs.google.com/document/d/1oY53dQ0pOPEbEvIvQ3TvHcFKClkimlF9AtN89EPiVJU/edit#)
63- [Adding OSS license declarations to Bazel](https://docs.google.com/document/d/1XszGbpMYNHk_FGRxKJ9IXW10KxMPdQpF5wWbZFpA4C8/edit#heading=h.5mcn15i0e1ch)
64