SPDX support for .Net applications
Get Started
$ dotnet add package Tethys.SPDX.ExpressionParserReadme
Tethys.SPDX
The Software Package Data Exchange (SPDX) is an open standard for describing a software bill of material. SPDX focuses especially on licensing and copyright information.
License and copyright scanners like FOSSology for example use this standard to provide their scan results.
Having a format to describe all the different scenarios of license findings, license relations, and copyright findings is not trivial, so SPDX can get quite complex.
The libraries in this project support two tasks:
- load the SPDX license list and provide it to .Net applications
- parse SPDX files and provide the contained data in a .Net way
Please note that due to the complexity of the SPDX standard not all possible SPDX files can be parsed. But the libraries are open source, so feel free to enhance them.
Get Package
The following packages are available on NuGet:
- Tethys.SPDX.Interfaces
- Tethys.SPDX.KnownLicenses
- Tethys.SPDX.ExpressionParser
- Tethys.SPDX.Model
- Tethys.SPDX.SimpleSpdxParser
- Tethys.SPDX.Support
- Tethys.SPDX.Writer
This library has been influenced by the following GitHub projects:
- https://github.com/jslicense/spdx-expression-parse.js
- https://github.com/microsoft/spdx-simplify
- https://github.com/spdx/Spdx-Java-Library
System.Text.Json instead of Newtonsoft.Json
There an ongoing discussion whether to use System.Text.Json instead of Newtonsoft.Json.
Well, moving from Newtonsoft.Json to System.Text.Json is not straightforward and costs
quite some effort. SPDX JSON reading and writing is based on many Newtonsoft JsonConverters
and at the moment there is no plan to change this. If someone wants to take the challenge, well,
go ahead and do a pull request.
Current status:
The following packages do not use any JSON support:
- Tethys.SPDX.ExpressionParser
- Tethys.SPDX.Support
The following packages use System.Text.Json:
- Tethys.SPDX.Interfaces
- Tethys.SPDX.KnownLicenses, netstandard2.0
The following packages use Newtonsoft.Json:
- Tethys.SPDX.Model
- Tethys.SPDX.SimpleSpdxParser
- Tethys.SPDX.Writer
SPDX
See https://spdx.org/licenses/ for more details on SPDX, the software package data exchange format, the SPDX license identifiers and matching guidelines.
The Software Package Data Exchange (SPDX) Specification https://spdx.github.io/spdx-spec/
XML data of all SPDX licenses:
https://github.com/spdx/license-list-XML
How to use Tethys.SPDX
The SPDX license information is not part of the libraries, you have to download it from SPDX License List and place it in a local folder.
Very simple demo
A minimal code snippet looks like this
var knownLicenseManager = new KnownLicenseManager();
knownLicenseManager.LoadSpdxSourceFiles(...SPDX license files...);
knownLicenseManager.LoadSpdxExceptionFiles(...SPDX license exception files...);
var reader = new RdfParser(knownLicenseManager);
var spdxDoc = reader.ReadFromFile(...SPDX file...);
...
Just run the demo application
dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\yaml-0.1.0.zip.spdx2.rdf.xml
or
dotnet run --project .\SpdxParserDemo\SpdxParserDemo.csproj .\TestData\SPDXJSONExample-v2.3.spdx.json
Build
Requisites
- Visual Studio 2022
- NuGet access
Required NuGet Packages
- Tethys.Logging, version 1.6.1
- Tethys.Xml, version 1.1.0
- (Newtonsoft.Json, version 13.0.3)
- (System.Text,Json, version 8.0.3)
Build Solution
Just use the basic dotnet command:
dotnet build
License
Copyright (c) 2019-2025 T. Graf. Tethys.SPDX is licensed under the Apache License, Version 2.0.