REUSE compliance of SAP/fosstars-rating-core

Unfortunately, github.com/SAP/fosstars-rating-core is not REUSE compliant and does not fully adopt the recommendations to make software licensing easy for humans and machines alike. Have a look at our tutorial to learn about the three simple steps to become REUSE compliant.

Badge

To add the badge to your project's README.md file, use the following snippet:

[![REUSE status](https://api.reuse.software/badge/github.com/SAP/fosstars-rating-core)](https://api.reuse.software/info/github.com/SAP/fosstars-rating-core)

Machine-readable information

The API provides machine-readable artifacts for automatic analysis.

  • All information about the latest compliance check can also be accessed via a machine-parsable JSON file.
  • You can gather the automatically generated SPDX SBOM in Tag:Value format, based on the reuse spdx command.

Last lint output

Commit 7b172f42f218f6cfad42f81bd9c9ef49de35b919 was checked on 07 Oct 2025 16:33:48 UTC with the following result:

/opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert.
  warnings.warn(
/opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert.
  warnings.warn(
# MISSING LICENSES

'CC-BY-4.0");' found in:
* src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java
'CC-BY-4.0\n"' found in:
* src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java

# INVALID SPDX LICENSE EXPRESSIONS

'src/test/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSFTest.java' contains invalid SPDX License Expressions:
* CC-BY-4.0");
* CC-BY-4.0\n"

# SUMMARY

* Bad licenses: 0
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: CC-BY-4.0");, CC-BY-4.0\n"
* Unused licenses: 0
* Used licenses: Apache-2.0, CC-BY-4.0");, CC-BY-4.0\n"
* Read errors: 0
* Invalid SPDX License Expressions: 2
* Files with copyright information: 1093 / 1093
* Files with license information: 1093 / 1093

Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-(


# RECOMMENDATIONS

* Fix missing licenses: For at least one of the license identifiers provided by
  the 'SPDX-License-Identifier' tags, there is no corresponding license text
  file in the 'LICENSES' directory. For SPDX license identifiers, you can simply
  run 'reuse download --all' to get any missing ones. For custom licenses
  (starting with 'LicenseRef-'), you need to add these files yourself.
* Fix invalid SPDX License Expressions: In one or more files there are SPDX
  License Expressions which cannot be parse. Check whether the value that
  follows 'SPDX-License-Identifier:' is correct. If the detected expression is
  not meant to be valid, put it between 'REUSE-IgnoreStart' and 'REUSE-
  IgnoreEnd' comments.