stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

semi implemented and features implemented save checkpoint

Browse Source
This commit is contained in:
master
2026-02-08 18:00:49 +02:00
parent 04360dff63
commit 1bf6bbf395
20895 changed files with 716795 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
docs/features/unchecked/scanner/java-license-metadata-with-spdx-normalization.md Normal file
View File

@@ -0,0 +1,23 @@
# Java License Metadata with SPDX Normalization
## Module
Scanner
## Status
IMPLEMENTED
## Description
Extracts license metadata from Maven POM license blocks, Gradle metadata, and JAR META-INF/LICENSE files, normalizing free-text license names to SPDX expression identifiers.
## Implementation Details
- **License Detection**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/License/JavaLicenseDetector.cs` - Detects licenses from POM, Gradle metadata, and META-INF/LICENSE files
- **SPDX Normalization**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/License/SpdxLicenseNormalizer.cs` - Normalizes free-text license names to SPDX expression identifiers
## E2E Test Plan
- [ ] Scan a Maven project and verify license metadata is extracted from POM `<licenses>` blocks
- [ ] Verify free-text license names (e.g., "The Apache License, Version 2.0") are normalized to SPDX identifiers (e.g., "Apache-2.0")
- [ ] Verify JAR META-INF/LICENSE file content is analyzed for license detection
- [ ] Verify license information appears in the generated SBOM
- [ ] Verify multi-license components produce valid SPDX expressions (e.g., "MIT OR Apache-2.0")