The Software Package Data Exchange (SPDX) is an open standard for describing a software bill of material. SPDX focuses especially on licensing and copyright imformation.
License and copyright scanners like FOSSology for example use this standard to provide their scan results.
Having a format to describe all the different scenarios of license findings, license relations, and copyright findings is not trivial, so SPDX can get quite complex.
The libraries in this project support two tasks:
- load the SPDX license list and provide it to .Net applications
- parse SPDX files and provide the contained data in a .Net way
Please note that due to the complexity of the SPDX standard not all possible SPDX files can be parsed. But the libraries are open source, so feel free to enhance them.
The following packages are available on NuGet:
- Tethys.SPDX.Interfaces
- Tethys.SPDX.KnownLicenses
- Tethys.SPDX.ExpressionParser
- Tethys.SPDX.Model
- Tethys.SPDX.SimpleSpdxParser
- Tethys.SPDX.Support
- Tethys.SPDX.Writer
This library has been influenced by the following GitHub projects:
- https://github.com/jslicense/spdx-expression-parse.js
- https://github.com/microsoft/spdx-simplify
- https://github.com/spdx/Spdx-Java-Library
See https://spdx.org/licenses/ for more details on SPDX, the software package data exchange format, the SPDX license identifiers and matching guidelines.
The Software Package Data Exchange (SPDX) Specification https://spdx.github.io/spdx-spec/
XML data of all SPDX licenses:
https://github.com/spdx/license-list-XML
The SPDX license information is not part of the libraries, you have to download it from SPDX License List and place it in a local folder.
A minimal code snippet looks like this
var knownLicenseManager = new KnownLicenseManager();
knownLicenseManager.LoadSpdxSourceFiles(...SPDX license files...);
knownLicenseManager.LoadSpdxExceptionFiles(...SPDX license exception files...);
var reader = new RdfParser(knownLicenseManager);
var spdxDoc = reader.ReadFromFile(...SPDX file...);
...
Just run the demo application
dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\yaml-0.1.0.zip.spdx2.rdf.xml
or
dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\SPDXJSONExample-v2.3.spdx.json
- Visual Studio 2022
- NuGet access
- Tethys.Logging, version 1.6.1
- Newtonsoft.Json, version 13.0.3
Just use the basic dotnet
command:
dotnet build
Tethys.SPDX is licensed under the Apache License, Version 2.0.