stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

save checkpoint

Browse Source
This commit is contained in:
master
2026-02-14 09:11:48 +02:00
parent 9ca2de05df
commit e9aeadc040
1512 changed files with 30863 additions and 4728 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/features/checked/scanner/java-license-metadata-with-spdx-normalization.md Normal file
View File

@@ -0,0 +1,34 @@
# Java License Metadata with SPDX Normalization
## Module
Scanner
## Status
VERIFIED
## Description
Extracts license metadata from Maven POM license blocks, Gradle metadata, and JAR META-INF/LICENSE files, normalizing free-text license names to SPDX expression identifiers.
## Implementation Details
- **License Detection**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/License/JavaLicenseDetector.cs` - Detects licenses from POM, Gradle metadata, and META-INF/LICENSE files
- **SPDX Normalization**:
- `src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.Lang.Java/Internal/License/SpdxLicenseNormalizer.cs` - Normalizes free-text license names to SPDX expression identifiers
## E2E Test Plan
- [ ] Scan a Maven project and verify license metadata is extracted from POM `<licenses>` blocks
- [ ] Verify free-text license names (e.g., "The Apache License, Version 2.0") are normalized to SPDX identifiers (e.g., "Apache-2.0")
- [ ] Verify JAR META-INF/LICENSE file content is analyzed for license detection
- [ ] Verify license information appears in the generated SBOM
- [ ] Verify multi-license components produce valid SPDX expressions (e.g., "MIT OR Apache-2.0")
---
## Verification
| Check | Result |
|-------|--------|
| Tier 0 - Source files exist | PASS |
| Tier 1 - Build + code review | PASS |
| Tier 2 - Integration tests | PASS |
| Verified | 2026-02-13T18:10:00Z |