Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defect]: Multiple licenses not supported #545

Open
galmo-noma opened this issue Nov 24, 2024 · 1 comment
Open

[Defect]: Multiple licenses not supported #545

galmo-noma opened this issue Nov 24, 2024 · 1 comment
Labels
defect question

Comments

@galmo-noma
Copy link

Hello,

I am getting a warning since the schema does not correctly differentiate between the two options under licenseChoice. When filling more than one licenses (see example below), I am getting the warning that a maximum amount of 1 element is permitted in the schema, since it wrongly identifies my licenses as an SPDX expression and not license lists

For example, under components:

"licenses": [
                {
                    "license": {
                        "id": "CC-BY-SA-3.0",
                        "name": "Creative Commons Attribution Share Alike 3.0",
                        "url": "https://spdx.org/licenses/CC-BY-SA-3.0.html"
                    }
                },
                {
                    "license": {
                        "id": "GFDL-1.3",
                        "name": "GNU Free Documentation License family",
                        "url": "https://www.apache.org/licenses/LICENSE-2.0"
                    }
                }
            ],

Additional context

definition:

{
    "licenseChoice": {
        "title": "License Choice",
        "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)",
        "type": "array",
        "oneOf": [
            {
                "title": "Multiple licenses",
                "description": "A list of SPDX licenses and/or named licenses.",
                "type": "array",
                "items": {
                    "type": "object",
                    "title": "License",
                    "required": [
                        "license"
                    ],
                    "additionalProperties": false,
                    "properties": {
                        "license": {
                            "$ref": "#/definitions/license"
                        }
                    }
                }
            },
            {
                "title": "SPDX License Expression",
                "description": "A tuple of exactly one SPDX License Expression.",
                "type": "array",
                "additionalItems": false,
                "minItems": 1,
                "maxItems": 1,
                "items": [
                    {
                        "type": "object",
                        "additionalProperties": false,
                        "required": [
                            "expression"
                        ],
                        "properties": {
                            "expression": {
                                "type": "string",
                                "title": "SPDX License Expression",
                                "description": "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements",
                                "examples": [
                                    "Apache-2.0 AND (MIT OR GPL-2.0-only)",
                                    "GPL-3.0-only WITH Classpath-exception-2.0"
                                ]
                            },
                            "acknowledgement": {
                                "$ref": "#/definitions/licenseAcknowledgementEnumeration"
                            },
                            "bom-ref": {
                                "$ref": "#/definitions/refType",
                                "title": "BOM Reference",
                                "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links."
                            }
                        }
                    }
                ]
            }
        ]
    },
}

Add any other context about the problem here.
@jkowalleck
Copy link
Member

Thank you for the report, @galmo-noma .
Could you help us understand the background of the issue?

I am getting a warning [...]
[...] since it wrongly identifies my licenses as an SPDX expression [...]

What is giving you this warning? Could you share how the tool(?) is called exactly, which parameters/switches/arguments were used, and so on?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jkowalleck @galmo-noma