Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 576
    • Issues 576
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 114
    • Merge requests 114
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source ProjectsISC Open Source Projects
  • BINDBIND
  • Issues
  • #2914
Closed
Open
Issue created Sep 20, 2021 by Vicky Risk@vickyDeveloper

SW Bill of Materials, SPDX

We need to support industry efforts to automate discovery of all the software contained in an open source project. The drivers include both compliance with open source licensing, and discovery of known vulnerable components.

SPDX is now the leading proposed solution, and was recently standardized by ISO. We are going to implement this using https://reuse.software (selected by sweng) to support initially, license discovery.

The process will require updating every file:

  • either use reuse addheader (as briefly documented in doc/dev/copyright);
  • or add record to .reuse/dep5. There are already entries for ISC MPL-2.0, ISC CC0-1.0 and FSF (libtool files) as well as many other licenses.
Assignee
Assign to
Time tracking