REUSE compliance of open-component-model/ocm-spec
Unfortunately, github.com/open-component-model/ocm-spec is not REUSE compliant and does not fully adopt the recommendations to make software licensing easy for humans and machines alike. Have a look at our tutorial to learn about the three simple steps to become REUSE compliant.
Badge
To add the badge to your project's README.md file,
use the following snippet:
[](https://api.reuse.software/info/github.com/open-component-model/ocm-spec)
Machine-readable information
The API provides machine-readable artifacts for automatic analysis.
- All information about the latest compliance check can also be accessed via a machine-parsable JSON file.
-
You can gather the automatically generated SPDX
SBOM in Tag:Value format, based on the
reuse spdxcommand.
Last lint output
Commit 8b81c869a0e31f4f46f894971dec21fb3c2d355b was checked on 20 May 2026 18:09:38 UTC
with the following result:
# MISSING LICENSES 'CC-BY-4.0' found in: * 1._Community_Specification_License-v1.md 'Community-Spec-1.0' found in: * .0_CS_Contributor_License_Agreement.md * .github/CODEOWNERS * .github/config/.markdownlint-cli2.yaml * .github/config/linkspector.yml * .github/config/spellcheck.yml * .github/config/wordlist.txt * .github/settings.yml * .github/workflows/verify-markdown.yml * .gitignore * .gitvote.yml * 1._Community_Specification_License-v1.md * 2._Scope.md * 3._Notices.md * 4._License.md * 5._Governance.md * 8._Code_of_Conduct.md * CONTRIBUTING.md * README.md * doc/01-model/01-model.md * doc/01-model/02-elements-toplevel.md * doc/01-model/03-elements-sub.md * doc/01-model/04-example.md * doc/01-model/06-conventions.md * doc/01-model/07-extensions.md * doc/01-model/README.md * doc/01-model/ocm-helm-indirect.png * doc/01-model/ocm-helm-simple.png * doc/01-model/ocmidentity.png * doc/01-model/ocmresourceaccess.png * doc/02-processing/01-references.md * doc/02-processing/02-signing.md * doc/02-processing/03-signing-process.md * doc/02-processing/04-signing-examples.md * doc/02-processing/05-component-descriptor-normalization.md * doc/02-processing/06-artifact-normalization.md * doc/02-processing/README.md * doc/03-persistence/01-operations.md * doc/03-persistence/02-mappings.md * doc/03-persistence/README.md * doc/03-persistence/ocm2oci-mapping.png * doc/04-extensions/00-component-descriptor/README.md * doc/04-extensions/00-component-descriptor/v2.md * doc/04-extensions/00-component-descriptor/v3.md * doc/04-extensions/01-artifact-types/README.md * doc/04-extensions/01-artifact-types/blob.md * doc/04-extensions/01-artifact-types/blueprint.md * doc/04-extensions/01-artifact-types/executable.md * doc/04-extensions/01-artifact-types/file-system.md * doc/04-extensions/01-artifact-types/gitops.md * doc/04-extensions/01-artifact-types/helmchart.md * doc/04-extensions/01-artifact-types/npm.md * doc/04-extensions/01-artifact-types/oci-artifact.md * doc/04-extensions/01-artifact-types/oci-image.md * doc/04-extensions/01-artifact-types/sbom.md * doc/04-extensions/01-artifact-types/template.md * doc/04-extensions/01-artifact-types/toiexecutor.md * doc/04-extensions/01-artifact-types/toipackage.md * doc/04-extensions/02-access-types/README.md * doc/04-extensions/02-access-types/github.md * doc/04-extensions/02-access-types/helm.md * doc/04-extensions/02-access-types/localblob.md * doc/04-extensions/02-access-types/npm.md * doc/04-extensions/02-access-types/ociartifact.md * doc/04-extensions/02-access-types/ociblob.md * doc/04-extensions/02-access-types/s3.md * doc/04-extensions/02-access-types/wget.md * doc/04-extensions/03-storage-backends/README.md * doc/04-extensions/03-storage-backends/component-archive.md * doc/04-extensions/03-storage-backends/ctf.md * doc/04-extensions/03-storage-backends/oci.md * doc/04-extensions/03-storage-backends/ocm2oci-mapping.png * doc/04-extensions/03-storage-backends/ocmembedding.png * doc/04-extensions/03-storage-backends/s3.md * doc/04-extensions/04-algorithms/README.md * doc/04-extensions/04-algorithms/artifact-normalization-types.md * doc/04-extensions/04-algorithms/component-descriptor-normalization-algorithms.md * doc/04-extensions/04-algorithms/digest-algorithms.md * doc/04-extensions/04-algorithms/label-merge-algorithms.md * doc/04-extensions/04-algorithms/signing-algorithms.md * doc/04-extensions/README.md * doc/04-extensions/common/formatspec.md * doc/05-guidelines/01-transport.md * doc/05-guidelines/02-contract.md * doc/05-guidelines/03-references.md * doc/05-guidelines/README.md * doc/OCM-Ecosystem.png * doc/OCM-Implementation-Model.pptx * doc/glossary.md * metadata.yaml * scripts/requirements.txt * scripts/toc_gen.py # UNUSED LICENSES The following licenses are not used: * LicenseRef-Community-Spec-1.0 # SUMMARY * Bad licenses: 0 * Deprecated licenses: 0 * Licenses without file extension: 0 * Missing licenses: CC-BY-4.0, Community-Spec-1.0 * Unused licenses: LicenseRef-Community-Spec-1.0 * Used licenses: CC-BY-4.0, Community-Spec-1.0 * Read errors: 0 * Invalid SPDX License Expressions: 0 * Files with copyright information: 91 / 91 * Files with license information: 91 / 91 Unfortunately, your project is not compliant with version 3.3 of the REUSE Specification :-( # RECOMMENDATIONS * Fix missing licenses: For at least one of the license identifiers provided by the 'SPDX-License-Identifier' tags, there is no corresponding license text file in the 'LICENSES' directory. For SPDX license identifiers, you can simply run 'reuse download --all' to get any missing ones. For custom licenses (starting with 'LicenseRef-'), you need to add these files yourself. * Fix unused licenses: At least one of the license text files in 'LICENSES' is not referenced by any file, e.g. by an 'SPDX-License-Identifier' tag. Please make sure that you either tag the accordingly licensed files properly, or delete the unused license text if you are sure that no file or code snippet is licensed as such.