Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPDX license info from requirements.txt #354

Open
linroad123 opened this issue May 18, 2022 · 5 comments
Open

SPDX license info from requirements.txt #354

linroad123 opened this issue May 18, 2022 · 5 comments
Labels
enhancement New feature or request help wanted Extra attention is needed source: requirements

Comments

@linroad123
Copy link

Hi,

I am using requirements.txt to generate bom file. And the output is as follows. I would like to know how can I get the SPDX license id generated? thanks!

output:

<?xml version="1.0" encoding="UTF-8"?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1" serialNumber="urn:uuid:70ec597a-a0c8-4e16-865a-495ed44968a3">
    <metadata>
        <timestamp>2022-05-10T10:55:22.184404+00:00</timestamp>
        <tools>
            <tool>
                <vendor>CycloneDX</vendor>
                <name>cyclonedx-bom</name>
                <version>3.2.1</version>
            </tool>
            <tool>
                <vendor>CycloneDX</vendor>
                <name>cyclonedx-python-lib</name>
                <version>2.3.0</version>
                <externalReferences>
                    <reference type="issue-tracker">
                        <url>https://github.com/CycloneDX/cyclonedx-python-lib/issues</url>
                    </reference>
                    <reference type="website">
                        <url>https://cyclonedx.org</url>
                    </reference>
                    <reference type="build-system">
                        <url>https://github.com/CycloneDX/cyclonedx-python-lib/actions</url>
                    </reference>
                    <reference type="release-notes">
                        <url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md</url>
                    </reference>
                    <reference type="distribution">
                        <url>https://pypi.org/project/cyclonedx-python-lib/</url>
                    </reference>
                    <reference type="license">
                        <url>https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE</url>
                    </reference>
                    <reference type="documentation">
                        <url>https://cyclonedx.github.io/cyclonedx-python-lib/</url>
                    </reference>
                    <reference type="vcs">
                        <url>https://github.com/CycloneDX/cyclonedx-python-lib</url>
                    </reference>
                </externalReferences>
            </tool>
        </tools>
    </metadata>
    <components>
        <component type="library" bom-ref="2a328586-ba42-4df5-b3db-e5ac029f6ee0">
            <name>backports.entry-points-selectable</name>
            <version>1.1.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="54645fb8-8f51-4864-a214-c1a616ea8f6f">
            <name>mypy-extensions</name>
            <version>0.4.3</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="ce105b90-f633-4983-b3e7-dfb6066cfc06">
            <name>mccabe</name>
            <version>0.6.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="58efd767-cb8f-49f1-9051-73703245111d">
            <name>python-dateutil</name>
            <version>2.8.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="9785db04-e223-41a2-94e8-9f29444d7cd0">
            <name>filelock</name>
            <version>3.0.12</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="b32707b4-6c8f-43e7-8ccf-57499fa99374">
            <name>certifi</name>
            <version>2021.5.30</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="67b1b2d1-06db-4fe7-8110-1fc8f4e418b6">
            <name>py</name>
            <version>1.10.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="61400692-5fc0-4deb-a145-97a116aab675">
            <name>pydantic</name>
            <version>1.8.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="cb675fdb-fea3-4d7f-8d59-9d4d1ad72e4b">
            <name>black</name>
            <version>21.9b0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="f1b2a7d0-1068-489e-86d6-f6549007acc6">
            <name>pytest</name>
            <version>6.2.5</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="d283a720-926d-4c68-b0af-ce20f12c4389">
            <name>chardet</name>
            <version>4.0.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="bb4c31d4-ebbe-42d4-91b6-c9cb6d1534fe">
            <name>python-docx</name>
            <version>0.8.11</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="b5db2ceb-1c5f-4b40-8366-39dd5f1af891">
            <name>protobuf</name>
            <version>3.17.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="563bcee9-349e-4cc6-8c4e-0326d02a0d43">
            <name>pyflakes</name>
            <version>2.2.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="e648f228-3ba4-49c1-b1db-65972e828520">
            <name>boto3</name>
            <version>1.18.10</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="925accbc-68d4-4255-82c2-d0d6c267b9e3">
            <name>starlette</name>
            <version>0.14.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="88937207-066a-4331-8960-ef076f249f88">
            <name>pycparser</name>
            <version>2.20</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="d5d09008-b471-4cb1-b183-ac28cd4bdb7a">
            <name>s3transfer</name>
            <version>0.5.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="09a69df1-d02c-44cc-8918-db4ebaf14af6">
            <name>pyparsing</name>
            <version>2.4.7</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="fb8e483c-184f-4b38-97f4-a0b4112218ad">
            <name>distlib</name>
            <version>0.3.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="93ab31c7-bfe4-4222-95fe-708245c838d4">
            <name>charset-normalizer</name>
            <version>2.0.4</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="263dfc31-6f97-4ba5-9921-f120a0e7c8fc">
            <name>python-multipart</name>
            <version>0.0.5</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="cb716124-fa7e-4d9a-90c5-3a7a639bf03d">
            <name>ddtrace</name>
            <version>0.49.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="d7f2966b-f60d-4e03-b156-85e07228b57d">
            <name>pytest-mock</name>
            <version>3.6.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="1c18bebd-6758-49e6-b860-434d2fbc45f1">
            <name>pytest-cov</name>
            <version>2.12.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="7958a66f-fc95-4933-b1ab-8d8ce36bd200">
            <name>tenacity</name>
            <version>7.0.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="31e4fd11-a5a4-42dd-b9d3-218ee0e9765d">
            <name>pymongo</name>
            <version>3.11.4</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="056c2a17-11ea-41f9-a2dc-f1a9d174ae9a">
            <name>tox</name>
            <version>3.24.3</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="b26ffd70-1d62-487b-bad7-60e93c01acff">
            <name>virtualenv</name>
            <version>20.7.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="9e529e3a-c58d-4a65-8ead-4528c2ce0fc4">
            <name>mangum</name>
            <version>0.11.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="338b06f8-41da-4080-b5e9-1a564c299a3b">
            <name>platformdirs</name>
            <version>2.3.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="d2e2fe3e-e83e-4f88-b78b-7526d5b9e449">
            <name>aiofiles</name>
            <version>0.7.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="c0dea6da-2b21-4c54-8280-b37f3d5256c8">
            <name>iniconfig</name>
            <version>1.1.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="2d4d0a24-481b-4eaf-87da-83ae58b8e3a6">
            <name>attrs</name>
            <version>21.2.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="344b9785-8ce4-4fcf-ab42-2a431e23e540">
            <name>requests</name>
            <version>2.25.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="b6f984e3-0641-4698-a9fd-00f3ba158e74">
            <name>urllib3</name>
            <version>1.26.5</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="6710386f-2ecb-492a-aea0-c1480dc694a9">
            <name>tomli</name>
            <version>1.2.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="62603835-db87-486c-bb7f-176d6b7278f6">
            <name>cryptography</name>
            <version>3.4.7</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="e386e7c8-6bf8-4ee6-ba54-ceaf3a4c9b34">
            <name>jmespath</name>
            <version>0.10.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="be50bef1-8a5b-4e57-9b7a-6343b85c7f3b">
            <name>toml</name>
            <version>0.10.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="9ec76d89-2989-4db5-b89a-d0fc11d99b88">
            <name>typing-extensions</name>
            <version>3.10.0.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="b7c41033-7bc7-455d-89f8-2390ed71e393">
            <name>cachetools</name>
            <version>4.2.2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="7b719731-1724-451a-bb3c-1a94a98c5168">
            <name>fastapi</name>
            <version>0.65.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="e1bb75e9-7433-442f-8326-c6160825d551">
            <name>PyJWT</name>
            <version>2.1.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="76b41b32-7f9c-4957-8d75-528f3653870d">
            <name>flake9</name>
            <version>3.8.3.post2</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="62a269e2-e466-45a4-8fe9-3c20330e97d1">
            <name>pycodestyle</name>
            <version>2.6.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="53a0c59a-a373-429c-a167-4cce1fb3c54a">
            <name>isort</name>
            <version>5.9.3</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="81ee63a8-0157-47a4-95ba-8758321accaa">
            <name>idna</name>
            <version>2.10</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="5927aede-de71-4eda-a2bb-f442b431ce02">
            <name>packaging</name>
            <version>20.9</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="1e7093a3-cc1e-4e76-8e1e-a16f1c1a3fbf">
            <name>coverage</name>
            <version>5.5</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="6bb8fc72-fe21-40e0-8373-32000d1807e7">
            <name>six</name>
            <version>1.16.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="8e846f9c-66d3-4d9f-940d-723309ccfa32">
            <name>botocore</name>
            <version>1.21.14</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="200f3c17-de50-4ba4-a36a-78aec6211437">
            <name>cffi</name>
            <version>1.14.5</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="ff565c9d-1f4d-4183-b40f-a2ff3efce081">
            <name>click</name>
            <version>8.0.1</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="a198d286-5d2e-4c37-abf8-05987be12131">
            <name>regex</name>
            <version>2021.8.28</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="6718e52c-066c-4e22-8847-a461b80c4711">
            <name>pathspec</name>
            <version>0.9.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="c7909eda-db40-4c50-81be-5ff2374fdc3b">
            <name>lxml</name>
            <version>4.6.3</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="84da7b7c-0556-4ff9-98b2-847a352364b4">
            <name>pluggy</name>
            <version>1.0.0</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
        <component type="library" bom-ref="6d543618-1bf0-48d9-a7b7-068853db871d">
            <name>autoflake</name>
            <version>1.4</version>
            <purl>pkg:pypi/[email protected]</purl>
        </component>
    </components>
    <dependencies>
        <dependency ref="2a328586-ba42-4df5-b3db-e5ac029f6ee0" />
        <dependency ref="54645fb8-8f51-4864-a214-c1a616ea8f6f" />
        <dependency ref="ce105b90-f633-4983-b3e7-dfb6066cfc06" />
        <dependency ref="58efd767-cb8f-49f1-9051-73703245111d" />
        <dependency ref="9785db04-e223-41a2-94e8-9f29444d7cd0" />
        <dependency ref="b32707b4-6c8f-43e7-8ccf-57499fa99374" />
        <dependency ref="67b1b2d1-06db-4fe7-8110-1fc8f4e418b6" />
        <dependency ref="61400692-5fc0-4deb-a145-97a116aab675" />
        <dependency ref="cb675fdb-fea3-4d7f-8d59-9d4d1ad72e4b" />
        <dependency ref="f1b2a7d0-1068-489e-86d6-f6549007acc6" />
        <dependency ref="d283a720-926d-4c68-b0af-ce20f12c4389" />
        <dependency ref="bb4c31d4-ebbe-42d4-91b6-c9cb6d1534fe" />
        <dependency ref="b5db2ceb-1c5f-4b40-8366-39dd5f1af891" />
        <dependency ref="563bcee9-349e-4cc6-8c4e-0326d02a0d43" />
        <dependency ref="e648f228-3ba4-49c1-b1db-65972e828520" />
        <dependency ref="925accbc-68d4-4255-82c2-d0d6c267b9e3" />
        <dependency ref="88937207-066a-4331-8960-ef076f249f88" />
        <dependency ref="d5d09008-b471-4cb1-b183-ac28cd4bdb7a" />
        <dependency ref="09a69df1-d02c-44cc-8918-db4ebaf14af6" />
        <dependency ref="fb8e483c-184f-4b38-97f4-a0b4112218ad" />
        <dependency ref="93ab31c7-bfe4-4222-95fe-708245c838d4" />
        <dependency ref="263dfc31-6f97-4ba5-9921-f120a0e7c8fc" />
        <dependency ref="cb716124-fa7e-4d9a-90c5-3a7a639bf03d" />
        <dependency ref="d7f2966b-f60d-4e03-b156-85e07228b57d" />
        <dependency ref="1c18bebd-6758-49e6-b860-434d2fbc45f1" />
        <dependency ref="7958a66f-fc95-4933-b1ab-8d8ce36bd200" />
        <dependency ref="31e4fd11-a5a4-42dd-b9d3-218ee0e9765d" />
        <dependency ref="056c2a17-11ea-41f9-a2dc-f1a9d174ae9a" />
        <dependency ref="b26ffd70-1d62-487b-bad7-60e93c01acff" />
        <dependency ref="9e529e3a-c58d-4a65-8ead-4528c2ce0fc4" />
        <dependency ref="338b06f8-41da-4080-b5e9-1a564c299a3b" />
        <dependency ref="d2e2fe3e-e83e-4f88-b78b-7526d5b9e449" />
        <dependency ref="c0dea6da-2b21-4c54-8280-b37f3d5256c8" />
        <dependency ref="2d4d0a24-481b-4eaf-87da-83ae58b8e3a6" />
        <dependency ref="344b9785-8ce4-4fcf-ab42-2a431e23e540" />
        <dependency ref="b6f984e3-0641-4698-a9fd-00f3ba158e74" />
        <dependency ref="6710386f-2ecb-492a-aea0-c1480dc694a9" />
        <dependency ref="62603835-db87-486c-bb7f-176d6b7278f6" />
        <dependency ref="e386e7c8-6bf8-4ee6-ba54-ceaf3a4c9b34" />
        <dependency ref="be50bef1-8a5b-4e57-9b7a-6343b85c7f3b" />
        <dependency ref="9ec76d89-2989-4db5-b89a-d0fc11d99b88" />
        <dependency ref="b7c41033-7bc7-455d-89f8-2390ed71e393" />
        <dependency ref="7b719731-1724-451a-bb3c-1a94a98c5168" />
        <dependency ref="e1bb75e9-7433-442f-8326-c6160825d551" />
        <dependency ref="76b41b32-7f9c-4957-8d75-528f3653870d" />
        <dependency ref="62a269e2-e466-45a4-8fe9-3c20330e97d1" />
        <dependency ref="53a0c59a-a373-429c-a167-4cce1fb3c54a" />
        <dependency ref="81ee63a8-0157-47a4-95ba-8758321accaa" />
        <dependency ref="5927aede-de71-4eda-a2bb-f442b431ce02" />
        <dependency ref="1e7093a3-cc1e-4e76-8e1e-a16f1c1a3fbf" />
        <dependency ref="6bb8fc72-fe21-40e0-8373-32000d1807e7" />
        <dependency ref="8e846f9c-66d3-4d9f-940d-723309ccfa32" />
        <dependency ref="200f3c17-de50-4ba4-a36a-78aec6211437" />
        <dependency ref="ff565c9d-1f4d-4183-b40f-a2ff3efce081" />
        <dependency ref="a198d286-5d2e-4c37-abf8-05987be12131" />
        <dependency ref="6718e52c-066c-4e22-8847-a461b80c4711" />
        <dependency ref="c7909eda-db40-4c50-81be-5ff2374fdc3b" />
        <dependency ref="84da7b7c-0556-4ff9-98b2-847a352364b4" />
        <dependency ref="6d543618-1bf0-48d9-a7b7-068853db871d" />
    </dependencies>
</bom>

expected content included:

          "license": {
            "id": "Apache-2.0",
            "text": {
              "contentType": "text/plain",
              "encoding": "base64",
@jkowalleck
Copy link
Member

jkowalleck commented May 18, 2022
edited
Loading

hello @linroad123 .

what version of cyclonedx-python are you using? 3.2.1 ?
could you upload the requirements.txt here?
were the packages from that requirements.txt installed locally?

@jkowalleck jkowalleck added the question Further information is requested label May 18, 2022
@linroad123
Copy link
Author

Hi!

I am using version 3.2.1. using command

python3 -m cyclonedx_py -r

requirements.txt is as follows, and it is already installed locally.

aiofiles==0.7.0
attrs==21.2.0
autoflake==1.4
backports.entry-points-selectable==1.1.0
black==21.9b0
boto3==1.18.10
botocore==1.21.14
cachetools==4.2.2
certifi==2021.5.30
cffi==1.14.5
chardet==4.0.0
charset-normalizer==2.0.4
click==8.0.1
coverage==5.5
cryptography==3.4.7
ddtrace==0.49.2
distlib==0.3.2
fastapi==0.65.1
filelock==3.0.12
flake9==3.8.3.post2
idna==2.10
iniconfig==1.1.1
isort==5.9.3
jmespath==0.10.0
lxml==4.6.3
mangum==0.11.0
mccabe==0.6.1
mypy-extensions==0.4.3
packaging==20.9
pathspec==0.9.0
platformdirs==2.3.0
pluggy==1.0.0
protobuf==3.17.2
py==1.10.0
pycodestyle==2.6.0
pycparser==2.20
pydantic==1.8.2
pyflakes==2.2.0
PyJWT==2.1.0
pymongo==3.11.4
pyparsing==2.4.7
pytest==6.2.5
pytest-cov==2.12.1
pytest-mock==3.6.1
python-dateutil==2.8.1
python-docx==0.8.11
python-multipart==0.0.5
regex==2021.8.28
requests==2.25.1
s3transfer==0.5.0
six==1.16.0
starlette==0.14.2
tenacity==7.0.0
toml==0.10.2
tomli==1.2.1
tox==3.24.3
typing-extensions==3.10.0.0
urllib3==1.26.5
virtualenv==20.7.2

@jkowalleck jkowalleck added enhancement New feature or request and removed question Further information is requested labels May 20, 2022
@jkowalleck
Copy link
Member

thanks for the feature request and this reproducible example, @linroad123 .

@jkowalleck jkowalleck added the help wanted Extra attention is needed label May 20, 2022
@madpah madpah mentioned this issue Jun 27, 2022
Closed
@TheErk
Copy link

TheErk commented Aug 30, 2022

Any chance this issue is going to be addressed?
It seems that the license information is only generated when using environment (-e) and neither -r or -p ?

@jkowalleck
Copy link
Member

Any chance this issue is going to be addressed?
Eventually it will.

If you find this feature important, you might consider donating this feature.
This project is free open source software; feel free to contribute a solution via pull request.

Let us know if you need help or a guide where to start.

@jkowalleck jkowalleck changed the title SPDX license info SPDX license info from requirements.txt Jan 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed source: requirements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@TheErk @jkowalleck @linroad123