本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# Amazon Inspector SBOM 生成器许可证集合
Amazon Inspector SBOM 生成器可帮助跟踪软件物料清单(SBOM)中的许可证信息。它收集来自不同操作系统和编程语言的支持程序包的许可证信息。通过生成的 SBOM 中的标准化许可证表达式,您可以了解自己的许可义务。
## 收集许可证信息
**示例命令**
以下示例演示了如何收集目录中的许可证信息。
```
./inspector-sbomgen directory --path /path/to/your/directory/ --collect-licenses
```
**SBOM 组件示例**
以下示例显示了生成的 SBOM 中的组件条目。
```
"components": [
{
"bom-ref": "comp-2",
"type": "application",
"name": "sample-js-pkg",
"version": "1.2.3",
"licenses": [
{
"expression": "Apache-2.0 AND (MIT OR GPL-2.0-only)"
}
],
"purl": "pkg:npm/sample-js-pkg@1.2.3",
}
]
```
## 支持的程序包
许可证集合支持以下编程语言和操作系统程序包。
| 目标 | 软件包管理器 | 许可证信息源 | Type |
| --- | --- | --- | --- |
| Alma Linux | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Amazon Linux | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| CentOS | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Fedora | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| OpenSUSE | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Oracle Linux | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Photon OS | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| RHEL | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Rocky Linux | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| SLES | RPM | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | OS |
| Alpine Linux | APK | /lib/apk/db/installed | OS |
| Chainguard | APK | /lib/apk/db/installed | OS |
| Debian | DPKG | /usr/share/doc/\$1/copyright | OS |
| Ubuntu | DPKG | /usr/share/doc/\$1/copyright | OS |
| Node.js | Javascript | node\$1modules/\$1/package.json | 编程语言 |
| PHP | 编辑器程序包 | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | 编程语言 |
| Go | Go | LICENSE | 编程语言 |
| Python | Python/Egg/Wheel | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_cn/inspector/latest/user/sbom-generator-license-collection.html) | 编程语言 |
| Ruby | RubyGem | \$1.gemspec | 编程语言 |
| Rust | crate | Cargo.toml | 编程语言 |
### 许可证表达式标准化
SPDX 许可证表达式格式提供了开源软件中许可条款的准确表示形式。Amazon Inspector SBOM 生成器通过本节中描述的规则将所有许可证信息标准化为 SPDX 许可证表达式。这些规则提供了许可信息的一致性和兼容性。
**SPDX 短格式标识符映射**
所有许可证名称均映射到 SPDX 短格式标识符。例如,`MIT License` 缩短为 `MIT`。
**多个许可证组合**
您可以将多个许可证与 `AND` 运算符结合使用。以下示例命令展示了如何格式化处理您的命令。
```
MIT AND Apache-2.0
```
**自定义许可证前缀**
自定义许可证的前缀为 `LicenseRef`,例如 `LicenseRef-CompanyPrivate`。
**自定义异常前缀**
自定义异常的前缀为 `AdditionRef-`,例如 `AdditionRef-CustomException`。