Unfortunately, github.com/SAP/fosstars-rating-core is not REUSE compliant and does not fully adopt the recommendations to make software licensing easy for humans and machines alike. Have a look at our tutorial to learn about the three simple steps to become REUSE compliant.
To add the badge to your project's README.md
file,
use the following snippet:
[](https://api.reuse.software/info/github.com/SAP/fosstars-rating-core)
The API provides machine-readable artifacts for automatic analysis.
reuse spdx
command.
Commit 7b172f42f218f6cfad42f81bd9c9ef49de35b919
was checked on 07 Oct 2025 16:33:48 UTC
with the following result:
/opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert. warnings.warn( /opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert. warnings.warn( # MISSING LICENSES 'CC-BY-4.0");' found in: * src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java 'CC-BY-4.0\n"' found in: * src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java # INVALID SPDX LICENSE EXPRESSIONS 'src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java' contains invalid SPDX License Expressions: * CC-BY-4.0"); * CC-BY-4.0\n" # SUMMARY * Bad licenses: 0 * Deprecated licenses: 0 * Licenses without file extension: 0 * Missing licenses: CC-BY-4.0");, CC-BY-4.0\n" * Unused licenses: 0 * Used licenses: Apache-2.0, CC-BY-4.0");, CC-BY-4.0\n" * Read errors: 0 * Invalid SPDX License Expressions: 2 * Files with copyright information: 1093 / 1093 * Files with license information: 1093 / 1093 Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-( # RECOMMENDATIONS * Fix missing licenses: For at least one of the license identifiers provided by the 'SPDX-License-Identifier' tags, there is no corresponding license text file in the 'LICENSES' directory. For SPDX license identifiers, you can simply run 'reuse download --all' to get any missing ones. For custom licenses (starting with 'LicenseRef-'), you need to add these files yourself. * Fix invalid SPDX License Expressions: In one or more files there are SPDX License Expressions which cannot be parse. Check whether the value that follows 'SPDX-License-Identifier:' is correct. If the detected expression is not meant to be valid, put it between 'REUSE-IgnoreStart' and 'REUSE- IgnoreEnd' comments.