diff options
| author | aiuto <aiuto@google.com> | 2023-10-23 17:35:12 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-10-23 17:35:12 -0400 |
| commit | fb8609ecd50493d01267d32fabdef093ec7963e9 (patch) | |
| tree | f6ea0d93f21d6a6838972d19a081bbf5531282c1 | |
| parent | d29216818673fb3acdb701c90a539b877c53aa12 (diff) | |
| parent | 01b2ba19f36609d3684af3e4372cb23f2c86f5f0 (diff) | |
| download | bazelbuild-rules_license-fb8609ecd50493d01267d32fabdef093ec7963e9.tar.gz | |
Merge pull request #121 from aiuto/roadmap
update roadmap.
| -rw-r--r-- | README.md | 42 |
1 files changed, 39 insertions, 3 deletions
@@ -8,19 +8,55 @@ This repository contains a set of rules and tools for - the canonical package name and version - copyright information - ... and more TBD in the future -- gathering those license declarations into artifacts to ship with code +- gathering license declarations into artifacts to ship with code - applying organization specific compliance constriants against the set of packages used by a target. -- (eventually) producing SBOMs for built artifacts. +- producing SBOMs for built artifacts. WARNING: The code here is still in active initial development and will churn a lot. +## Contact + If you want to follow along: - Mailing list: [bazel-ssc@bazel.build](https://groups.google.com/a/bazel.build/g/bazel-ssc) - Monthly eng meeting: [calendar link](MjAyMjA4MjJUMTYwMDAwWiBjXzUzcHBwZzFudWthZXRmb3E5NzhxaXViNmxzQGc&tmsrc=c_53pppg1nukaetfoq978qiub6ls%40group.calendar.google.com&scp=ALL) - [Latest docs](https://bazelbuild.github.io/rules_license/latest.html) -Background reading: +## Roadmap + +*Last update: October 22, 2023* + +### Q4 2023 + +- Reference implementation for "packages used" tool + - produce JSON output usable for SBOM generation or other compliance reporting. +- Reference implementation for an SPDX SBOMM generator + - Support for reading bzlmod lock file + - Support for reading maven lock file +- "How To" guides + - produce a license audit + - produce an SBOM + +### Q1 2024 + +- Add support for other package manager lock file formats + - ? Python + - Golang + - NodeJS +- More SPDX SBOM fields + - support for including vendor SBOMs + - + +### Beyond + +- Performance improvements +- Sub-SBOMs for tools + + +- TBD + +## Background reading: + These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents. - [License Checking with Bazel](https://docs.google.com/document/d/1uwBuhAoBNrw8tmFs-NxlssI6VRolidGYdYqagLqHWt8/edit#). - [OSS Licenses and Bazel Dependency Management](https://docs.google.com/document/d/1oY53dQ0pOPEbEvIvQ3TvHcFKClkimlF9AtN89EPiVJU/edit#) |