REUSE compliance of fosslight/fosslight_dependency_scanner

Unfortunately, github.com/fosslight/fosslight_dependency_scanner is not REUSE compliant and does not fully adopt the recommendations to make software licensing easy for humans and machines alike. Have a look at our tutorial to learn about the three simple steps to become REUSE compliant.

Badge

To add the badge to your project's README.md file, use the following snippet: 

[![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_dependency_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency_scanner)

Machine-readable information

The API provides machine-readable artifacts for automatic analysis.

  • All information about the latest compliance check can also be accessed via a machine-parsable JSON file.
  • You can gather the automatically generated SPDX SBOM in Tag:Value format, based on the reuse spdx command.

Last lint output

Commit 13fe7a52985561bcb68e6455997c69f174447834 was checked on 27 Feb 2025 08:42:33 UTC with the following result: 

/opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert.
  warnings.warn(
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LicenseRef-3rd_party_licenses.txt, resolving to LicenseRef-3rd_party_licenses. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
/opt/venv/lib/python3.11/site-packages/reuse/project.py:332: PendingDeprecationWarning: '.reuse/dep5' is deprecated. You are recommended to instead use REUSE.toml. Use `reuse convert-dep5` to convert.
  warnings.warn(
reuse.project - WARNING - Could not resolve SPDX License Identifier of LICENSES/LicenseRef-3rd_party_licenses.txt, resolving to LicenseRef-3rd_party_licenses. Make sure the license is in the license list found at <https://spdx.org/licenses/> or that it starts with 'LicenseRef-', and that it has a file extension.
# BAD LICENSES

'LicenseRef-3rd_party_licenses' found in:
* LICENSES/LicenseRef-3rd_party_licenses.txt
* requirements.txt



# SUMMARY

* Bad licenses: LicenseRef-3rd_party_licenses
* Deprecated licenses: 0
* Licenses without file extension: 0
* Missing licenses: 0
* Unused licenses: 0
* Used licenses: MIT, Apache-2.0, LicenseRef-3rd_party_licenses
* Read errors: 0
* Files with copyright information: 7728 / 7728
* Files with license information: 7728 / 7728

Unfortunately, your project is not compliant with version 3.2 of the REUSE Specification :-(


# RECOMMENDATIONS

* Fix bad licenses: At least one license in the LICENSES directory and/or
  provided by 'SPDX-License-Identifier' tags is invalid. They are either not
  valid SPDX License Identifiers or do not start with 'LicenseRef-'. FAQ about
  custom licenses: https://reuse.software/faq/#custom-license