From c24f5fc8f4372d9b46ee8e3f1a685c7acb9ba02b Mon Sep 17 00:00:00 2001 From: Marcin Jelinski Date: Wed, 28 Jun 2023 14:37:36 +0200 Subject: [PATCH] scripts: sbom: Update SPDX License List This commit updates the SPDX license list to version 3.21. The license list is used by west ncs-sbom tool. Signed-off-by: Marcin Jelinski --- .../releases/release-notes-changelog.rst | 1 + .../sbom/data/spdx-licenses.yaml | 128 +++++++++++++++++- 2 files changed, 126 insertions(+), 3 deletions(-) diff --git a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst index b8f2722c96a..d86a8a7cfaf 100644 --- a/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst +++ b/doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst @@ -708,6 +708,7 @@ This section provides detailed lists of changes by :ref:`script `. * To reduce RAM usage, the script now runs the `Scancode-Toolkit`_ detector in a single process. This change slows down the licenses detector, because it is no longer executed simultaneously on all files. + * SPDX License List database updated to version 3.21. MCUboot ======= diff --git a/scripts/west_commands/sbom/data/spdx-licenses.yaml b/scripts/west_commands/sbom/data/spdx-licenses.yaml index 7fa5ee155f7..54f4a1cb003 100644 --- a/scripts/west_commands/sbom/data/spdx-licenses.yaml +++ b/scripts/west_commands/sbom/data/spdx-licenses.yaml @@ -1,5 +1,5 @@ -# Autogenerated from: https://raw.githubusercontent.com/spdx/license-list-data/v3.18/json/licenses.json -_version: "3.18" +# Autogenerated from: https://raw.githubusercontent.com/spdx/license-list-data/v3.21/json/licenses.json +_version: "3.21" 0BSD: name: "BSD Zero Clause License" AAL: @@ -50,8 +50,14 @@ APSL-1.2: name: "Apple Public Source License 1.2" APSL-2.0: name: "Apple Public Source License 2.0" +ASWF-Digital-Assets-1.0: + name: "ASWF Digital Assets License version 1.0" +ASWF-Digital-Assets-1.1: + name: "ASWF Digital Assets License 1.1" Abstyles: name: "Abstyles License" +AdaCore-doc: + name: "AdaCore Doc License" Adobe-2006: name: "Adobe Systems Incorporated Source Code License Agreement" Adobe-Glyph: @@ -116,6 +122,14 @@ BSD-4-Clause-Shortened: name: "BSD 4 Clause Shortened" BSD-4-Clause-UC: name: "BSD-4-Clause (University of California-Specific)" +BSD-4.3RENO: + name: "BSD 4.3 RENO License" +BSD-4.3TAHOE: + name: "BSD 4.3 TAHOE License" +BSD-Advertising-Acknowledgement: + name: "BSD Advertising Acknowledgement License" +BSD-Attribution-HPND-disclaimer: + name: "BSD with Attribution and HPND disclaimer" BSD-Protection: name: "BSD Protection License" BSD-Source-Code: @@ -136,12 +150,18 @@ BitTorrent-1.0: name: "BitTorrent Open Source License v1.0" BitTorrent-1.1: name: "BitTorrent Open Source License v1.1" +Bitstream-Charter: + name: "Bitstream Charter Font License" Bitstream-Vera: name: "Bitstream Vera Font License" BlueOak-1.0.0: name: "Blue Oak Model License 1.0.0" +Boehm-GC: + name: "Boehm-Demers-Weiser GC License" Borceux: name: "Borceux license" +Brian-Gladman-3-Clause: + name: "Brian Gladman 3-Clause License" C-UDA-1.0: name: "Computational Use of Data Agreement v1.0" CAL-1.0: @@ -202,6 +222,8 @@ CC-BY-NC-SA-1.0: name: "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic" CC-BY-NC-SA-2.0: name: "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic" +CC-BY-NC-SA-2.0-DE: + name: "Creative Commons Attribution Non Commercial Share Alike 2.0 Germany" CC-BY-NC-SA-2.0-FR: name: "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France" CC-BY-NC-SA-2.0-UK: @@ -244,6 +266,8 @@ CC-BY-SA-3.0-AT: name: "Creative Commons Attribution Share Alike 3.0 Austria" CC-BY-SA-3.0-DE: name: "Creative Commons Attribution Share Alike 3.0 Germany" +CC-BY-SA-3.0-IGO: + name: "Creative Commons Attribution-ShareAlike 3.0 IGO" CC-BY-SA-4.0: name: "Creative Commons Attribution Share Alike 4.0 International" CC-PDDC: @@ -284,6 +308,10 @@ CERN-OHL-S-2.0: name: "CERN Open Hardware Licence Version 2 - Strongly Reciprocal" CERN-OHL-W-2.0: name: "CERN Open Hardware Licence Version 2 - Weakly Reciprocal" +CFITSIO: + name: "CFITSIO License" +CMU-Mach: + name: "CMU Mach License" CNRI-Jython: name: "CNRI Jython License" CNRI-Python: @@ -304,10 +332,14 @@ Caldera: name: "Caldera License" ClArtistic: name: "Clarified Artistic License" +Clips: + name: "Clips License" Community-Spec-1.0: name: "Community Specification License 1.0" Condor-1.1: name: "Condor Public License v1.1" +Cornell-Lossless-JPEG: + name: "Cornell Lossless JPEG License" Crossword: name: "Crossword License" CrystalStacker: @@ -364,6 +396,8 @@ FSFUL: name: "FSF Unlimited License" FSFULLR: name: "FSF Unlimited License (with License Retention)" +FSFULLRWD: + name: "FSF Unlimited License (With License Retention and Warranty Disclaimer)" FTL: name: "Freetype Project License" Fair: @@ -466,10 +500,20 @@ Glide: name: "3dfx Glide License" Glulxe: name: "Glulxe License" +Graphics-Gems: + name: "Graphics Gems License" +HP-1986: + name: "Hewlett-Packard 1986 License" HPND: name: "Historical Permission Notice and Disclaimer" +HPND-Markus-Kuhn: + name: "Historical Permission Notice and Disclaimer - Markus Kuhn variant" +HPND-export-US: + name: "HPND with US Government export control warning" HPND-sell-variant: name: "Historical Permission Notice and Disclaimer - sell variant" +HPND-sell-variant-MIT-disclaimer: + name: "HPND sell variant with MIT disclaimer" HTMLTIDY: name: "HTML Tidy License" HaskellReport: @@ -480,8 +524,12 @@ IBM-pibs: name: "IBM PowerPC Initialization and Boot Software" ICU: name: "ICU License" +IEC-Code-Components-EULA: + name: "IEC Code Components End-user licence agreement" IJG: name: "Independent JPEG Group License" +IJG-short: + name: "Independent JPEG Group License - short" IPA: name: "IPA Font License" IPL-1.0: @@ -494,12 +542,16 @@ Imlib2: name: "Imlib2 License" Info-ZIP: name: "Info-ZIP License" +Inner-Net-2.0: + name: "Inner Net License v2.0" Intel: name: "Intel Open Source License" Intel-ACPI: name: "Intel ACPI Software License Agreement" Interbase-1.0: name: "Interbase Public License v1.0" +JPL-image: + name: "JPL Image Use Policy" JPNIC: name: "Japan Network Information Center License" JSON: @@ -508,6 +560,10 @@ Jam: name: "Jam License" JasPer-2.0: name: "JasPer License" +Kazlib: + name: "Kazlib License" +Knuth-CTAN: + name: "Knuth CTAN License" LAL-1.2: name: "Licence Art Libre 1.2" LAL-1.3: @@ -523,7 +579,7 @@ LGPL-2.0-or-later: LGPL-2.1: name: "GNU Lesser General Public License v2.1 only" LGPL-2.1+: - name: "GNU Library General Public License v2.1 or later" + name: "GNU Lesser General Public License v2.1 or later" LGPL-2.1-only: name: "GNU Lesser General Public License v2.1 only" LGPL-2.1-or-later: @@ -538,6 +594,8 @@ LGPL-3.0-or-later: name: "GNU Lesser General Public License v3.0 or later" LGPLLR: name: "Lesser General Public License For Linguistic Resources" +LOOP: + name: "Common Lisp LOOP License" LPL-1.0: name: "Lucent Public License Version 1.0" LPL-1.02: @@ -558,6 +616,8 @@ LZMA-SDK-9.22: name: "LZMA SDK License (versions 9.22 and beyond)" Latex2e: name: "Latex2e License" +Latex2e-translated-notice: + name: "Latex2e with translated notice permission" Leptonica: name: "Leptonica License" LiLiQ-P-1.1: @@ -570,16 +630,26 @@ Libpng: name: "libpng License" Linux-OpenIB: name: "Linux Kernel Variant of OpenIB.org license" +Linux-man-pages-1-para: + name: "Linux man-pages - 1 paragraph" Linux-man-pages-copyleft: name: "Linux man-pages Copyleft" +Linux-man-pages-copyleft-2-para: + name: "Linux man-pages Copyleft - 2 paragraphs" +Linux-man-pages-copyleft-var: + name: "Linux man-pages Copyleft Variant" MIT: name: "MIT License" MIT-0: name: "MIT No Attribution" MIT-CMU: name: "CMU License" +MIT-Festival: + name: "MIT Festival Variant" MIT-Modern-Variant: name: "MIT License Modern Variant" +MIT-Wu: + name: "MIT Tom Wu Variant" MIT-advertising: name: "Enlightenment License (e16)" MIT-enna: @@ -608,6 +678,8 @@ MTLL: name: "Matrix Template Library License" MakeIndex: name: "MakeIndex License" +Martin-Birgmeier: + name: "Martin Birgmeier License" Minpack: name: "Minpack License" MirOS: @@ -640,6 +712,8 @@ NIST-PD: name: "NIST Public Domain Notice" NIST-PD-fallback: name: "NIST Public Domain Notice with license fallback" +NIST-Software: + name: "NIST Software License" NLOD-1.0: name: "Norwegian Licence for Open Government Data (NLOD) 1.0" NLOD-2.0: @@ -684,6 +758,8 @@ ODC-By-1.0: name: "Open Data Commons Attribution License v1.0" ODbL-1.0: name: "Open Data Commons Open Database License v1.0" +OFFIS: + name: "OFFIS License" OFL-1.0: name: "SIL Open Font License 1.0" OFL-1.0-RFN: @@ -742,10 +818,14 @@ OLDAP-2.7: name: "Open LDAP Public License v2.7" OLDAP-2.8: name: "Open LDAP Public License v2.8" +OLFL-1.3: + name: "Open Logistics Foundation License Version 1.3" OML: name: "Open Market License" OPL-1.0: name: "Open Public License v1.0" +OPL-UK-3.0: + name: "United Kingdom Open Parliament Licence v3.0" OPUBL-1.0: name: "Open Publication License v1.0" OSET-PL-2.1: @@ -760,6 +840,8 @@ OSL-2.1: name: "Open Software License 2.1" OSL-3.0: name: "Open Software License 3.0" +OpenPBS-2.3: + name: "OpenPBS v2.3 Software License" OpenSSL: name: "OpenSSL License" PDDL-1.0: @@ -788,6 +870,8 @@ Python-2.0.1: name: "Python License 2.0.1" QPL-1.0: name: "Q Public License 1.0" +QPL-1.0-INRIA-2004: + name: "Q Public License 1.0 - INRIA 2004 variant" Qhull: name: "Qhull License" RHeCos-1.1: @@ -816,6 +900,8 @@ SGI-B-1.1: name: "SGI Free Software License B v1.1" SGI-B-2.0: name: "SGI Free Software License B v2.0" +SGP4: + name: "SGP4 Permission Notice" SHL-0.5: name: "Solderpad Hardware License v0.5" SHL-0.51: @@ -862,6 +948,10 @@ StandardML-NJ: name: "Standard ML of New Jersey License" SugarCRM-1.1.3: name: "SugarCRM Public License v1.1.3" +SunPro: + name: "SunPro License" +Symlinks: + name: "Symlinks License" TAPR-OHL-1.0: name: "TAPR Open Hardware License v1.0" TCL: @@ -874,10 +964,20 @@ TORQUE-1.1: name: "TORQUE v2.5+ Software License v1.1" TOSL: name: "Trusster Open Source License" +TPDL: + name: "Time::ParseDate License" +TPL-1.0: + name: "THOR Public License 1.0" +TTWL: + name: "Text-Tabs+Wrap License" TU-Berlin-1.0: name: "Technische Universitaet Berlin License 1.0" TU-Berlin-2.0: name: "Technische Universitaet Berlin License 2.0" +TermReadKey: + name: "TermReadKey License" +UCAR: + name: "UCAR License" UCL-1.0: name: "Upstream Compatibility License v1.0" UPL-1.0: @@ -888,6 +988,8 @@ Unicode-DFS-2016: name: "Unicode License Agreement - Data Files and Software (2016)" Unicode-TOU: name: "Unicode Terms of Use" +UnixCrypt: + name: "UnixCrypt License" Unlicense: name: "The Unlicense" VOSTROM: @@ -906,6 +1008,8 @@ WTFPL: name: "Do What The F*ck You Want To Public License" Watcom-1.0: name: "Sybase Open Watcom Public License 1.0" +Widget-Workshop: + name: "Widget Workshop License" Wsuipa: name: "Wsuipa License" X11: @@ -916,8 +1020,12 @@ XFree86-1.1: name: "XFree86 License 1.1" XSkat: name: "XSkat License" +Xdebug-1.03: + name: "Xdebug License v 1.03" Xerox: name: "Xerox License" +Xfig: + name: "Xfig License" Xnet: name: "X.Net License" YPL-1.0: @@ -946,6 +1054,8 @@ bzip2-1.0.5: name: "bzip2 and libbzip2 License v1.0.5" bzip2-1.0.6: name: "bzip2 and libbzip2 License v1.0.6" +checkmk: + name: "Checkmk License" copyleft-next-0.3.0: name: "copyleft-next 0.3.0" copyleft-next-0.3.1: @@ -954,6 +1064,8 @@ curl: name: "curl License" diffmark: name: "diffmark license" +dtoa: + name: "David M. Gay dtoa License" dvipdfm: name: "dvipdfm License" eCos-2.0: @@ -974,6 +1086,10 @@ libselinux-1.0: name: "libselinux public domain notice" libtiff: name: "libtiff License" +libutil-David-Nugent: + name: "libutil David Nugent License" +metamail: + name: "metamail License" mpi-permissive: name: "mpi Permissive License" mpich2: @@ -984,10 +1100,16 @@ psfrag: name: "psfrag License" psutils: name: "psutils License" +snprintf: + name: "snprintf License" +w3m: + name: "w3m License" wxWindows: name: "wxWindows Library License" xinetd: name: "xinetd License" +xlock: + name: "xlock License" xpp: name: "XPP License" zlib-acknowledgement: