Updates license compliance info matrix #1032

felickz · 2025-04-30T15:51:27Z

This documentation appears inaccurate. Based on warnings seen in SBOM tool run there is not support for Maven license information:

##[debug]License retrieval for component type maven is not supported yet.

but it is listed as supported:

The only supported ecosystems (this appears to be the only ILicenseInformationFetcher implemenataion) are:

sbom-tool/src/Microsoft.Sbom.Api/Executors/LicenseInformationFetcher.cs

Lines 54 to 80 in 6a2699d

    
                   switch (componentType) 
        
                   { 
        
                       case "npm": 
        
                           listOfComponentsForApi.Add($"{componentType}/npmjs/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       case "nuget": 
        
                           listOfComponentsForApi.Add($"{componentType}/nuget/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       case "gem": 
        
                           listOfComponentsForApi.Add($"{componentType}/rubygems/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       case "pypi": 
        
                           listOfComponentsForApi.Add($"{componentType}/pypi/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       case "cargo": 
        
                           listOfComponentsForApi.Add($"crate/cratesio/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       case "cocoapods": 
        
                           listOfComponentsForApi.Add($"pod/{componentType}/{clearlyDefinedNamespace}/{componentName}/{componentVersion}"); 
        
                           break; 
        
                       default: 
        
                           log.Debug($"License retrieval for component type {componentType} is not supported yet."); 
        
                           break; 
        
                   } 
        
               } 
        
           }

See rendered updates: https://github.com/felickz/sbom-tool/blob/patch-1/docs/feature-overview.md#packages-section

docs/feature-overview.md

DaveTryon · 2025-05-16T22:10:54Z

/azp run

DaveTryon · 2025-05-16T22:40:06Z

/azp run

Removes maven license compliance info

64da54e

felickz commented Apr 30, 2025

View reviewed changes

docs/feature-overview.md Show resolved Hide resolved

felickz commented Apr 30, 2025

View reviewed changes

docs/feature-overview.md Show resolved Hide resolved

felickz marked this pull request as ready for review April 30, 2025 16:24

felickz requested a review from a team as a code owner April 30, 2025 16:24

JoseRenan approved these changes May 8, 2025

View reviewed changes

Merge branch 'main' into patch-1

0d7d5cb

Merge branch 'main' into patch-1

25e9773

DaveTryon merged commit 0a680ff into microsoft:main May 16, 2025
4 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Updates license compliance info matrix #1032

Updates license compliance info matrix #1032

Uh oh!

felickz commented Apr 30, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

DaveTryon commented May 16, 2025

Uh oh!

DaveTryon commented May 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

	switch (componentType)
	{
	case "npm":
	listOfComponentsForApi.Add($"{componentType}/npmjs/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;
	case "nuget":
	listOfComponentsForApi.Add($"{componentType}/nuget/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;
	case "gem":
	listOfComponentsForApi.Add($"{componentType}/rubygems/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;
	case "pypi":
	listOfComponentsForApi.Add($"{componentType}/pypi/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;
	case "cargo":
	listOfComponentsForApi.Add($"crate/cratesio/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;
	case "cocoapods":
	listOfComponentsForApi.Add($"pod/{componentType}/{clearlyDefinedNamespace}/{componentName}/{componentVersion}");
	break;

	default:
	log.Debug($"License retrieval for component type {componentType} is not supported yet.");
	break;
	}
	}
	}

Updates license compliance info matrix #1032

Updates license compliance info matrix #1032

Uh oh!

Conversation

felickz commented Apr 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

DaveTryon commented May 16, 2025

Uh oh!

DaveTryon commented May 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

felickz commented Apr 30, 2025 •

edited

Loading