tngraf/Tethys.SPDX

Provide a list of known SPDX licenses for .Net applications

Tethys.SPDX

The Software Package Data Exchange (SPDX) is an open standard for describing a software bill of material. SPDX focuses especially on licensing and copyright imformation.

License and copyright scanners like FOSSology for example use this standard to provide their scan results.

Having a format to describe all the different scenarios of license findings, license relations, and copyright findings is not trivial, so SPDX can get quite complex.

The libraries in this project support two tasks:

• load the SPDX license list and provide it to .Net applications
• parse SPDX files and provide the contained data in a .Net way

Please note that due to the complexity of the SPDX standard not all possible SPDX files can be parsed. But the libraries are open source, so feel free to enhance them.

Get Package

The following packages are available on NuGet:

• Tethys.SPDX.Interfaces
• Tethys.SPDX.KnownLicenses
• Tethys.SPDX.ExpressionParser
• Tethys.SPDX.Model
• Tethys.SPDX.SimpleSpdxParser
• Tethys.SPDX.Support
• Tethys.SPDX.Writer

This library has been influenced by the following GitHub projects:

• https://github.com/jslicense/spdx-expression-parse.js
• https://github.com/microsoft/spdx-simplify
• https://github.com/spdx/Spdx-Java-Library

SPDX

See https://spdx.org/licenses/ for more details on SPDX, the software package data exchange format, the SPDX license identifiers and matching guidelines.

The Software Package Data Exchange (SPDX) Specification https://spdx.github.io/spdx-spec/

XML data of all SPDX licenses:
https://github.com/spdx/license-list-XML

How to use Tethys.SPDX

The SPDX license information is not part of the libraries, you have to download it from SPDX License List and place it in a local folder.

Very simple demo

A minimal code snippet looks like this

var knownLicenseManager = new KnownLicenseManager();
knownLicenseManager.LoadSpdxSourceFiles(...SPDX license files...);
knownLicenseManager.LoadSpdxExceptionFiles(...SPDX license exception files...);

var reader = new RdfParser(knownLicenseManager);
var spdxDoc = reader.ReadFromFile(...SPDX file...);
...

Just run the demo application

dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\yaml-0.1.0.zip.spdx2.rdf.xml

or

dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\SPDXJSONExample-v2.3.spdx.json

Build

Requisites

• Visual Studio 2022
• NuGet access

Required NuGet Packages

• Tethys.Logging, version 1.6.1
• Newtonsoft.Json, version 13.0.3

Build Solution

Just use the basic dotnet command:

dotnet build

License

Tethys.SPDX is licensed under the Apache License, Version 2.0.