Skip to content

Commit 685bbe8

Browse files
committed
chore(licenses):SP-4223 add is_spdx_approved and url fields to licenses/components and licenses/component responses
1 parent bc00544 commit 685bbe8

5 files changed

Lines changed: 84 additions & 30 deletions

File tree

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
1212
- Added `error_message` and `error_code` fields to `ComponentLicenseInfo` message in license responses for error handling at the individual component level
1313
- Added error response example to license API README.md documentation
1414
- Added `component_url` field to `ComponentLicenseInfo` message providing a URL linking to the component's source or repository page
15+
- Added `is_spdx_approved` and `url` fields to `LicenseInfo` message indicating SPDX approval status and linking to the license reference page
1516

1617
## [0.33.0] - 2026-03-26
1718
### Added

api/licensesv2/scanoss-licenses.pb.go

Lines changed: 30 additions & 9 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

protobuf/scanoss/api/licenses/v2/README.md

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,11 @@ The method returns license information in two complementary formats:
2424

2525
The response includes these fields:
2626
- `purl` field: the requested component
27-
- `licenses` array: Always contains individual license objects found in the component
27+
- `licenses` array: Always contains individual license objects found in the component. Each license object includes:
28+
- `id`: SPDX identifier or licenseRef
29+
- `full_name`: Human-readable license name
30+
- `is_spdx_approved`: Whether the license is approved by the SPDX License List
31+
- `url`: URL to the license text or reference page
2832
- `statement` field: Contains SPDX expression when licensing terms are clearly determinable from source analysis
2933
- `version` field: Shows the specific version that was analyzed
3034
- `component_url` field: URL linking to the component's source or repository page
@@ -53,11 +57,15 @@ This allows consumers to understand all licensing obligations present in the com
5357
"licenses": [
5458
{
5559
"id": "LGPL-2.1-or-later",
56-
"full_name": "GNU Lesser General Public License v2.1 or later"
60+
"full_name": "GNU Lesser General Public License v2.1 or later",
61+
"is_spdx_approved": true,
62+
"url": "https://spdx.org/licenses/LGPL-2.1-or-later.html"
5763
},
5864
{
5965
"id": "GPL-2.0-or-later",
60-
"full_name": "GNU General Public License v2.0 or later"
66+
"full_name": "GNU General Public License v2.0 or later",
67+
"is_spdx_approved": true,
68+
"url": "https://spdx.org/licenses/GPL-2.0-or-later.html"
6169
}
6270
]
6371
},
@@ -89,8 +97,8 @@ Individual license objects are also provided for detailed analysis.
8997
"version": "1.5.0",
9098
"statement": "EPL-1.0 OR LGPL-2.1-only",
9199
"licenses": [
92-
{"id": "EPL-1.0", "full_name": "Eclipse Public License 1.0"},
93-
{"id": "LGPL-2.1-only", "full_name": "GNU Lesser General Public License v2.1 only"}
100+
{"id": "EPL-1.0", "full_name": "Eclipse Public License 1.0", "is_spdx_approved": true, "url": "https://spdx.org/licenses/EPL-1.0.html"},
101+
{"id": "LGPL-2.1-only", "full_name": "GNU Lesser General Public License v2.1 only", "is_spdx_approved": true, "url": "https://spdx.org/licenses/LGPL-2.1-only.html"}
94102
]
95103
},
96104
"status": {
@@ -118,8 +126,8 @@ This indicates users must comply with both licenses, generating the SPDX express
118126
"version": "1.1.1n",
119127
"statement": "OpenSSL AND SSLeay",
120128
"licenses": [
121-
{"id": "OpenSSL", "full_name": "OpenSSL License"},
122-
{"id": "SSLeay", "full_name": "Original SSLeay License"}
129+
{"id": "OpenSSL", "full_name": "OpenSSL License", "is_spdx_approved": false, "url": "https://www.openssl.org/source/license-openssl-ssleay.txt"},
130+
{"id": "SSLeay", "full_name": "Original SSLeay License", "is_spdx_approved": false, "url": "https://www.openssl.org/source/license-openssl-ssleay.txt"}
123131
]
124132
},
125133
"status": {

protobuf/scanoss/api/licenses/v2/scanoss-licenses.proto

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -128,8 +128,8 @@ service License {
128128
message ComponentLicenseResponse {
129129
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
130130
json_schema: {
131-
example: "{\"component\":{\"purl\": \"pkg:github/scanoss/engine@1.0.0\", \"requirement\": \"\", \"version\": \"1.0.0\", \"statement\": \"GPL-2.0\", \"licenses\": [{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\"}]}, \"status\": {\"status\": \"SUCCESS\", \"message\": \"Licenses Successfully retrieved\"}}";
132-
description: "Success example. For error cases, the component block includes error_message and error_code fields, e.g.: {\\\"component\\\":{\\\"purl\\\":\\\"pkg:github/scanoss/unknown-component\\\",\\\"requirement\\\":\\\"\\\",\\\"version\\\":\\\"\\\",\\\"statement\\\":\\\"\\\",\\\"licenses\\\":[],\\\"error_message\\\":\\\"Component version not found\\\",\\\"error_code\\\":\\\"VERSION_NOT_FOUND\\\"},\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}";
131+
example: "{\"component\":{\"purl\": \"pkg:github/scanoss/engine@1.0.0\", \"requirement\": \"\", \"version\": \"1.0.0\", \"statement\": \"GPL-2.0\", \"licenses\": [{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\", \"is_spdx_approved\": true, \"url\": \"https://spdx.org/licenses/GPL-2.0-only.html\"}], \"component_url\": \"https://github.com/scanoss/engine\"}, \"status\": {\"status\": \"SUCCESS\", \"message\": \"Licenses Successfully retrieved\"}}";
132+
description: "Success example. For error cases, the component block includes error_message and error_code fields, e.g.: {\\\"component\\\":{\\\"purl\\\":\\\"pkg:github/scanoss/unknown-component\\\",\\\"requirement\\\":\\\"\\\",\\\"version\\\":\\\"\\\",\\\"statement\\\":\\\"\\\",\\\"licenses\\\":[],\\\"component_url\\\":\\\"\\\",\\\"error_message\\\":\\\"Component version not found\\\",\\\"error_code\\\":\\\"VERSION_NOT_FOUND\\\"},\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}";
133133
}
134134
};
135135
// License info for the component
@@ -146,8 +146,8 @@ message ComponentLicenseResponse {
146146
message ComponentsLicenseResponse {
147147
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
148148
json_schema: {
149-
example: "{\"components\":[{\"purl\": \"pkg:github/scanoss/engine@1.0.0\", \"requirement\": \"\", \"version\": \"1.0.0\", \"statement\": \"GPL-2.0\", \"licenses\": [{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\"}]}, {\"purl\": \"pkg:github/scanoss/scanoss.py@v1.30.0\",\"requirement\": \"\",\"version\": \"v1.30.0\",\"statement\": \"MIT\", \"licenses\": [{\"id\": \"MIT\",\"full_name\": \"MIT License\"}]} ], \"status\": {\"status\": \"SUCCESS\", \"message\": \"Licenses Successfully retrieved\"}}";
150-
description: "Success example. For error cases, the component block includes error_message and error_code fields, e.g.: {\\\"components\\\":[{\\\"purl\\\":\\\"pkg:github/scanoss/unknown-component\\\",\\\"requirement\\\":\\\"\\\",\\\"version\\\":\\\"\\\",\\\"statement\\\":\\\"\\\",\\\"licenses\\\":[],\\\"error_message\\\":\\\"Component version not found\\\",\\\"error_code\\\":\\\"VERSION_NOT_FOUND\\\"}],\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}";
149+
example: "{\"components\":[{\"purl\": \"pkg:github/scanoss/engine@1.0.0\", \"requirement\": \"\", \"version\": \"1.0.0\", \"statement\": \"GPL-2.0\", \"licenses\": [{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\", \"is_spdx_approved\": true, \"url\": \"https://spdx.org/licenses/GPL-2.0-only.html\"}], \"component_url\": \"https://github.com/scanoss/engine\"}, {\"purl\": \"pkg:github/scanoss/scanoss.py@v1.30.0\",\"requirement\": \"\",\"version\": \"v1.30.0\",\"statement\": \"MIT\", \"licenses\": [{\"id\": \"MIT\",\"full_name\": \"MIT License\", \"is_spdx_approved\": true, \"url\": \"https://spdx.org/licenses/MIT.html\"}], \"component_url\": \"https://github.com/scanoss/scanoss.py\"}], \"status\": {\"status\": \"SUCCESS\", \"message\": \"Licenses Successfully retrieved\"}}";
150+
description: "Success example. For error cases, the component block includes error_message and error_code fields, e.g.: {\\\"components\\\":[{\\\"purl\\\":\\\"pkg:github/scanoss/unknown-component\\\",\\\"requirement\\\":\\\"\\\",\\\"version\\\":\\\"\\\",\\\"statement\\\":\\\"\\\",\\\"licenses\\\":[],\\\"component_url\\\":\\\"\\\",\\\"error_message\\\":\\\"Component version not found\\\",\\\"error_code\\\":\\\"VERSION_NOT_FOUND\\\"}],\\\"status\\\":{\\\"status\\\":\\\"SUCCESS\\\",\\\"message\\\":\\\"Success\\\"}}";
151151
}
152152
};
153153
// License info for each component in the batch
@@ -311,7 +311,7 @@ message OSADL {
311311
message LicenseInfo {
312312
option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_schema) = {
313313
json_schema: {
314-
example: "{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\"}"
314+
example: "{\"id\": \"GPL-2.0\", \"full_name\": \"GNU General Public License v2.0 only\", \"is_spdx_approved\": true, \"url\": \"https://spdx.org/licenses/GPL-2.0-only.html\"}"
315315
}
316316
};
317317

@@ -324,6 +324,11 @@ message LicenseInfo {
324324
// - For SPDX licenses: Official SPDX name (e.g., "MIT License", "GNU General Public License v2.0 only")
325325
// - For non SPDX licenses: Best normalized name from SCANOSS database or original statement
326326
string full_name = 2 [json_name = "full_name"];
327+
328+
// Indicates whether the license is approved by the SPDX License List
329+
bool is_spdx_approved = 3 [json_name = "is_spdx_approved"];
330+
// URL to the license text or reference page (e.g., SPDX license page or original license source)
331+
string url = 4;
327332
}
328333

329334
/*

0 commit comments

Comments
 (0)