diff mbox series

[dunfell,1/5] classes/create-spdx: Backport

Message ID 20230322204558.1386634-2-JPEWhacker@gmail.com
State Accepted, archived
Commit 48fbddf32ffa3ec44a788f42895c1730a84b5a91
Headers show
Series Backport SPDX support | expand

Commit Message

Joshua Watt March 22, 2023, 8:45 p.m. UTC
Backports the create-spdx classes from the latest versions on master.
This backport is a simple copy with no modifications, as its too
complex to cherry-pick all the corresponding changes. This will give an
appropriate base commit for subsequent changes and if necessary
additional backport cherry-picks from master in the future.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
---
 meta/classes/create-spdx-2.2.bbclass | 1069 +++++
 meta/classes/create-spdx.bbclass     |    8 +
 meta/files/spdx-licenses.json        | 5937 ++++++++++++++++++++++++++
 meta/lib/oe/sbom.py                  |   84 +
 meta/lib/oe/spdx.py                  |  357 ++
 5 files changed, 7455 insertions(+)
 create mode 100644 meta/classes/create-spdx-2.2.bbclass
 create mode 100644 meta/classes/create-spdx.bbclass
 create mode 100644 meta/files/spdx-licenses.json
 create mode 100644 meta/lib/oe/sbom.py
 create mode 100644 meta/lib/oe/spdx.py

Comments

Ernst Persson March 23, 2023, 1:42 p.m. UTC | #1
Den ons 22 mars 2023 kl 21:46 skrev Joshua Watt <JPEWhacker@gmail.com>:
>
> Backports the create-spdx classes from the latest versions on master.
> This backport is a simple copy with no modifications, as its too
> complex to cherry-pick all the corresponding changes. This will give an
> appropriate base commit for subsequent changes and if necessary
> additional backport cherry-picks from master in the future.
>
> Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> ---
>  meta/classes/create-spdx-2.2.bbclass | 1069 +++++
>  meta/classes/create-spdx.bbclass     |    8 +
>  meta/files/spdx-licenses.json        | 5937 ++++++++++++++++++++++++++
>  meta/lib/oe/sbom.py                  |   84 +
>  meta/lib/oe/spdx.py                  |  357 ++
>  5 files changed, 7455 insertions(+)
>  create mode 100644 meta/classes/create-spdx-2.2.bbclass
>  create mode 100644 meta/classes/create-spdx.bbclass
>  create mode 100644 meta/files/spdx-licenses.json
>  create mode 100644 meta/lib/oe/sbom.py
>  create mode 100644 meta/lib/oe/spdx.py
>
> diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
> new file mode 100644
> index 0000000000..13d13fe1fc
> --- /dev/null
> +++ b/meta/classes/create-spdx-2.2.bbclass
> @@ -0,0 +1,1069 @@
> +#
> +# Copyright OpenEmbedded Contributors
> +#
> +# SPDX-License-Identifier: GPL-2.0-only
> +#
> +
> +DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${MACHINE}"
> +
> +# The product name that the CVE database uses.  Defaults to BPN, but may need to
> +# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
> +CVE_PRODUCT ??= "${BPN}"
> +CVE_VERSION ??= "${PV}"
> +
> +SPDXDIR ??= "${WORKDIR}/spdx"
> +SPDXDEPLOY = "${SPDXDIR}/deploy"
> +SPDXWORK = "${SPDXDIR}/work"
> +SPDXIMAGEWORK = "${SPDXDIR}/image-work"
> +SPDXSDKWORK = "${SPDXDIR}/sdk-work"
> +
> +SPDX_TOOL_NAME ??= "oe-spdx-creator"
> +SPDX_TOOL_VERSION ??= "1.0"
> +
> +SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
> +
> +SPDX_INCLUDE_SOURCES ??= "0"
> +SPDX_ARCHIVE_SOURCES ??= "0"
> +SPDX_ARCHIVE_PACKAGED ??= "0"
> +
> +SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
> +SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
> +SPDX_PRETTY ??= "0"
> +
> +SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
> +
> +SPDX_CUSTOM_ANNOTATION_VARS ??= ""
> +
> +SPDX_ORG ??= "OpenEmbedded ()"
> +SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
> +SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
> +    this recipe. For SPDX documents create using this class during the build, this \
> +    is the contact information for the person or organization who is doing the \
> +    build."
> +
> +def extract_licenses(filename):
> +    import re
> +
> +    lic_regex = re.compile(rb'^\W*SPDX-License-Identifier:\s*([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
> +
> +    try:
> +        with open(filename, 'rb') as f:
> +            size = min(15000, os.stat(filename).st_size)
> +            txt = f.read(size)
> +            licenses = re.findall(lic_regex, txt)
> +            if licenses:
> +                ascii_licenses = [lic.decode('ascii') for lic in licenses]
> +                return ascii_licenses
> +    except Exception as e:
> +        bb.warn(f"Exception reading {filename}: {e}")
> +    return None
> +
> +def get_doc_namespace(d, doc):
> +    import uuid
> +    namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
> +    return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
> +
> +def create_annotation(d, comment):
> +    from datetime import datetime, timezone
> +
> +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> +    annotation = oe.spdx.SPDXAnnotation()
> +    annotation.annotationDate = creation_time
> +    annotation.annotationType = "OTHER"
> +    annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
> +    annotation.comment = comment
> +    return annotation
> +
> +def recipe_spdx_is_native(d, recipe):
> +    return any(a.annotationType == "OTHER" and
> +      a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and
> +      a.comment == "isNative" for a in recipe.annotations)
> +
> +def is_work_shared_spdx(d):
> +    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
> +
> +def get_json_indent(d):
> +    if d.getVar("SPDX_PRETTY") == "1":
> +        return 2
> +    return None
> +
> +python() {
> +    import json
> +    if d.getVar("SPDX_LICENSE_DATA"):
> +        return
> +
> +    with open(d.getVar("SPDX_LICENSES"), "r") as f:
> +        data = json.load(f)
> +        # Transform the license array to a dictionary
> +        data["licenses"] = {l["licenseId"]: l for l in data["licenses"]}
> +        d.setVar("SPDX_LICENSE_DATA", data)
> +}
> +
> +def convert_license_to_spdx(lic, document, d, existing={}):
> +    from pathlib import Path
> +    import oe.spdx
> +
> +    license_data = d.getVar("SPDX_LICENSE_DATA")
> +    extracted = {}
> +
> +    def add_extracted_license(ident, name):
> +        nonlocal document
> +
> +        if name in extracted:
> +            return
> +
> +        extracted_info = oe.spdx.SPDXExtractedLicensingInfo()
> +        extracted_info.name = name
> +        extracted_info.licenseId = ident
> +        extracted_info.extractedText = None
> +
> +        if name == "PD":
> +            # Special-case this.
> +            extracted_info.extractedText = "Software released to the public domain"
> +        else:
> +            # Seach for the license in COMMON_LICENSE_DIR and LICENSE_PATH
> +            for directory in [d.getVar('COMMON_LICENSE_DIR')] + (d.getVar('LICENSE_PATH') or '').split():
> +                try:
> +                    with (Path(directory) / name).open(errors="replace") as f:
> +                        extracted_info.extractedText = f.read()
> +                        break
> +                except FileNotFoundError:
> +                    pass
> +            if extracted_info.extractedText is None:
> +                # If it's not SPDX or PD, then NO_GENERIC_LICENSE must be set
> +                filename = d.getVarFlag('NO_GENERIC_LICENSE', name)
> +                if filename:
> +                    filename = d.expand("${S}/" + filename)
> +                    with open(filename, errors="replace") as f:
> +                        extracted_info.extractedText = f.read()
> +                else:
> +                    bb.error("Cannot find any text for license %s" % name)
> +
> +        extracted[name] = extracted_info
> +        document.hasExtractedLicensingInfos.append(extracted_info)
> +
> +    def convert(l):
> +        if l == "(" or l == ")":
> +            return l
> +
> +        if l == "&":
> +            return "AND"
> +
> +        if l == "|":
> +            return "OR"
> +
> +        if l == "CLOSED":
> +            return "NONE"
> +
> +        spdx_license = d.getVarFlag("SPDXLICENSEMAP", l) or l
> +        if spdx_license in license_data["licenses"]:
> +            return spdx_license
> +
> +        try:
> +            spdx_license = existing[l]
> +        except KeyError:
> +            spdx_license = "LicenseRef-" + l
> +            add_extracted_license(spdx_license, l)
> +
> +        return spdx_license
> +
> +    lic_split = lic.replace("(", " ( ").replace(")", " ) ").split()
> +
> +    return ' '.join(convert(l) for l in lic_split)
> +
> +def process_sources(d):
> +    pn = d.getVar('PN')
> +    assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
> +    if pn in assume_provided:
> +        for p in d.getVar("PROVIDES").split():
> +            if p != pn:
> +                pn = p
> +                break
> +
> +    # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
> +    # so avoid archiving source here.
> +    if pn.startswith('glibc-locale'):
> +        return False
> +    if d.getVar('PN') == "libtool-cross":
> +        return False
> +    if d.getVar('PN') == "libgcc-initial":
> +        return False
> +    if d.getVar('PN') == "shadow-sysroot":
> +        return False
> +
> +    # We just archive gcc-source for all the gcc related recipes
> +    if d.getVar('BPN') in ['gcc', 'libgcc']:
> +        bb.debug(1, 'spdx: There is bug in scan of %s is, do nothing' % pn)
> +        return False
> +
> +    return True
> +
> +
> +def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archive=None, ignore_dirs=[], ignore_top_level_dirs=[]):
> +    from pathlib import Path
> +    import oe.spdx
> +    import hashlib
> +
> +    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
> +    if source_date_epoch:
> +        source_date_epoch = int(source_date_epoch)
> +
> +    sha1s = []
> +    spdx_files = []
> +
> +    file_counter = 1
> +    for subdir, dirs, files in os.walk(topdir):
> +        dirs[:] = [d for d in dirs if d not in ignore_dirs]
> +        if subdir == str(topdir):
> +            dirs[:] = [d for d in dirs if d not in ignore_top_level_dirs]
> +
> +        for file in files:
> +            filepath = Path(subdir) / file
> +            filename = str(filepath.relative_to(topdir))
> +
> +            if not filepath.is_symlink() and filepath.is_file():
> +                spdx_file = oe.spdx.SPDXFile()
> +                spdx_file.SPDXID = get_spdxid(file_counter)
> +                for t in get_types(filepath):
> +                    spdx_file.fileTypes.append(t)
> +                spdx_file.fileName = filename
> +
> +                if archive is not None:
> +                    with filepath.open("rb") as f:
> +                        info = archive.gettarinfo(fileobj=f)
> +                        info.name = filename
> +                        info.uid = 0
> +                        info.gid = 0
> +                        info.uname = "root"
> +                        info.gname = "root"
> +
> +                        if source_date_epoch is not None and info.mtime > source_date_epoch:
> +                            info.mtime = source_date_epoch
> +
> +                        archive.addfile(info, f)
> +
> +                sha1 = bb.utils.sha1_file(filepath)
> +                sha1s.append(sha1)
> +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> +                        algorithm="SHA1",
> +                        checksumValue=sha1,
> +                    ))
> +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> +                        algorithm="SHA256",
> +                        checksumValue=bb.utils.sha256_file(filepath),
> +                    ))
> +
> +                if "SOURCE" in spdx_file.fileTypes:
> +                    extracted_lics = extract_licenses(filepath)
> +                    if extracted_lics:
> +                        spdx_file.licenseInfoInFiles = extracted_lics
> +
> +                doc.files.append(spdx_file)
> +                doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
> +                spdx_pkg.hasFiles.append(spdx_file.SPDXID)
> +
> +                spdx_files.append(spdx_file)
> +
> +                file_counter += 1
> +
> +    sha1s.sort()
> +    verifier = hashlib.sha1()
> +    for v in sha1s:
> +        verifier.update(v.encode("utf-8"))
> +    spdx_pkg.packageVerificationCode.packageVerificationCodeValue = verifier.hexdigest()
> +
> +    return spdx_files
> +
> +
> +def add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources):
> +    from pathlib import Path
> +    import hashlib
> +    import oe.packagedata
> +    import oe.spdx
> +
> +    debug_search_paths = [
> +        Path(d.getVar('PKGD')),
> +        Path(d.getVar('STAGING_DIR_TARGET')),
> +        Path(d.getVar('STAGING_DIR_NATIVE')),
> +        Path(d.getVar('STAGING_KERNEL_DIR')),
> +    ]
> +
> +    pkg_data = oe.packagedata.read_subpkgdata_extended(package, d)
> +
> +    if pkg_data is None:
> +        return
> +
> +    for file_path, file_data in pkg_data["files_info"].items():
> +        if not "debugsrc" in file_data:
> +            continue
> +
> +        for pkg_file in package_files:
> +            if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
> +                break
> +        else:
> +            bb.fatal("No package file found for %s" % str(file_path))
> +            continue
> +
> +        for debugsrc in file_data["debugsrc"]:
> +            ref_id = "NOASSERTION"
> +            for search in debug_search_paths:
> +                if debugsrc.startswith("/usr/src/kernel"):
> +                    debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '')
> +                else:
> +                    debugsrc_path = search / debugsrc.lstrip("/")
> +                if not debugsrc_path.exists():
> +                    continue
> +
> +                file_sha256 = bb.utils.sha256_file(debugsrc_path)
> +
> +                if file_sha256 in sources:
> +                    source_file = sources[file_sha256]
> +
> +                    doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
> +                    if doc_ref is None:
> +                        doc_ref = oe.spdx.SPDXExternalDocumentRef()
> +                        doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
> +                        doc_ref.spdxDocument = source_file.doc.documentNamespace
> +                        doc_ref.checksum.algorithm = "SHA1"
> +                        doc_ref.checksum.checksumValue = source_file.doc_sha1
> +                        package_doc.externalDocumentRefs.append(doc_ref)
> +
> +                    ref_id = "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID)
> +                else:
> +                    bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
> +                break
> +            else:
> +                bb.debug(1, "Debug source %s not found" % debugsrc)
> +
> +            package_doc.add_relationship(pkg_file, "GENERATED_FROM", ref_id, comment=debugsrc)
> +
> +def collect_dep_recipes(d, doc, spdx_recipe):
> +    from pathlib import Path
> +    import oe.sbom
> +    import oe.spdx
> +
> +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> +
> +    dep_recipes = []
> +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> +    deps = sorted(set(
> +        dep[0] for dep in taskdepdata.values() if
> +            dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
> +    ))
> +    for dep_pn in deps:
> +        dep_recipe_path = deploy_dir_spdx / "recipes" / ("recipe-%s.spdx.json" % dep_pn)
> +
> +        spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
> +
> +        for pkg in spdx_dep_doc.packages:
> +            if pkg.name == dep_pn:
> +                spdx_dep_recipe = pkg
> +                break
> +        else:
> +            continue
> +
> +        dep_recipes.append(oe.sbom.DepRecipe(spdx_dep_doc, spdx_dep_sha1, spdx_dep_recipe))
> +
> +        dep_recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> +        dep_recipe_ref.externalDocumentId = "DocumentRef-dependency-" + spdx_dep_doc.name
> +        dep_recipe_ref.spdxDocument = spdx_dep_doc.documentNamespace
> +        dep_recipe_ref.checksum.algorithm = "SHA1"
> +        dep_recipe_ref.checksum.checksumValue = spdx_dep_sha1
> +
> +        doc.externalDocumentRefs.append(dep_recipe_ref)
> +
> +        doc.add_relationship(
> +            "%s:%s" % (dep_recipe_ref.externalDocumentId, spdx_dep_recipe.SPDXID),
> +            "BUILD_DEPENDENCY_OF",
> +            spdx_recipe
> +        )
> +
> +    return dep_recipes
> +
> +collect_dep_recipes[vardepsexclude] += "BB_TASKDEPDATA"
> +collect_dep_recipes[vardeps] += "DEPENDS"
> +
> +def collect_dep_sources(d, dep_recipes):
> +    import oe.sbom
> +
> +    sources = {}
> +    for dep in dep_recipes:
> +        # Don't collect sources from native recipes as they
> +        # match non-native sources also.
> +        if recipe_spdx_is_native(d, dep.recipe):
> +            continue
> +        recipe_files = set(dep.recipe.hasFiles)
> +
> +        for spdx_file in dep.doc.files:
> +            if spdx_file.SPDXID not in recipe_files:
> +                continue
> +
> +            if "SOURCE" in spdx_file.fileTypes:
> +                for checksum in spdx_file.checksums:
> +                    if checksum.algorithm == "SHA256":
> +                        sources[checksum.checksumValue] = oe.sbom.DepSource(dep.doc, dep.doc_sha1, dep.recipe, spdx_file)
> +                        break
> +
> +    return sources
> +
> +def add_download_packages(d, doc, recipe):
> +    import os.path
> +    from bb.fetch2 import decodeurl, CHECKSUM_LIST
> +    import bb.process
> +    import oe.spdx
> +    import oe.sbom
> +
> +    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
> +        f = bb.fetch2.FetchData(src_uri, d)
> +
> +        for name in f.names:
> +            package = oe.spdx.SPDXPackage()
> +            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
> +            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
> +
> +            if f.type == "file":
> +                continue
> +
> +            uri = f.type
> +            proto = getattr(f, "proto", None)
> +            if proto is not None:
> +                uri = uri + "+" + proto
> +            uri = uri + "://" + f.host + f.path
> +
> +            if f.method.supports_srcrev():
> +                uri = uri + "@" + f.revisions[name]
> +
> +            if f.method.supports_checksum(f):
> +                for checksum_id in CHECKSUM_LIST:
> +                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
> +                        continue
> +
> +                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
> +                    if expected_checksum is None:
> +                        continue
> +
> +                    c = oe.spdx.SPDXChecksum()
> +                    c.algorithm = checksum_id.upper()
> +                    c.checksumValue = expected_checksum
> +                    package.checksums.append(c)
> +
> +            package.downloadLocation = uri
> +            doc.packages.append(package)
> +            doc.add_relationship(doc, "DESCRIBES", package)
> +            # In the future, we might be able to do more fancy dependencies,
> +            # but this should be sufficient for now
> +            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
> +
> +python do_create_spdx() {
> +    from datetime import datetime, timezone
> +    import oe.sbom
> +    import oe.spdx
> +    import uuid
> +    from pathlib import Path
> +    from contextlib import contextmanager
> +    import oe.cve_check
> +
> +    @contextmanager
> +    def optional_tarfile(name, guard, mode="w"):
> +        import tarfile
> +        import bb.compress.zstd
> +
> +        num_threads = int(d.getVar("BB_NUMBER_THREADS"))
> +
> +        if guard:
> +            name.parent.mkdir(parents=True, exist_ok=True)
> +            with bb.compress.zstd.open(name, mode=mode + "b", num_threads=num_threads) as f:
> +                with tarfile.open(fileobj=f, mode=mode + "|") as tf:
> +                    yield tf
> +        else:
> +            yield None
> +
> +
> +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> +    spdx_workdir = Path(d.getVar("SPDXWORK"))
> +    include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
> +    archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
> +    archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
> +
> +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> +
> +    doc = oe.spdx.SPDXDocument()
> +
> +    doc.name = "recipe-" + d.getVar("PN")
> +    doc.documentNamespace = get_doc_namespace(d, doc)
> +    doc.creationInfo.created = creation_time
> +    doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
> +    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> +    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> +    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> +    doc.creationInfo.creators.append("Person: N/A ()")
> +
> +    recipe = oe.spdx.SPDXPackage()
> +    recipe.name = d.getVar("PN")
> +    recipe.versionInfo = d.getVar("PV")
> +    recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
> +    recipe.supplier = d.getVar("SPDX_SUPPLIER")
> +    if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
> +        recipe.annotations.append(create_annotation(d, "isNative"))
> +
> +    homepage = d.getVar("HOMEPAGE")
> +    if homepage:
> +        recipe.homepage = homepage
> +
> +    license = d.getVar("LICENSE")
> +    if license:
> +        recipe.licenseDeclared = convert_license_to_spdx(license, doc, d)
> +
> +    summary = d.getVar("SUMMARY")
> +    if summary:
> +        recipe.summary = summary
> +
> +    description = d.getVar("DESCRIPTION")
> +    if description:
> +        recipe.description = description
> +
> +    if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
> +        for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
> +            recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var)))
> +
> +    # Some CVEs may be patched during the build process without incrementing the version number,
> +    # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
> +    # save the CVEs fixed by patches to source information field in the SPDX.
> +    patched_cves = oe.cve_check.get_patched_cves(d)
> +    patched_cves = list(patched_cves)
> +    patched_cves = ' '.join(patched_cves)
> +    if patched_cves:
> +        recipe.sourceInfo = "CVEs fixed: " + patched_cves
> +
> +    cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION"))
> +    if cpe_ids:
> +        for cpe_id in cpe_ids:
> +            cpe = oe.spdx.SPDXExternalReference()
> +            cpe.referenceCategory = "SECURITY"
> +            cpe.referenceType = "http://spdx.org/rdf/references/cpe23Type"
> +            cpe.referenceLocator = cpe_id
> +            recipe.externalRefs.append(cpe)
> +
> +    doc.packages.append(recipe)
> +    doc.add_relationship(doc, "DESCRIBES", recipe)
> +
> +    add_download_packages(d, doc, recipe)
> +
> +    if process_sources(d) and include_sources:
> +        recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
> +        with optional_tarfile(recipe_archive, archive_sources) as archive:
> +            spdx_get_src(d)
> +
> +            add_package_files(
> +                d,
> +                doc,
> +                recipe,
> +                spdx_workdir,
> +                lambda file_counter: "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), file_counter),
> +                lambda filepath: ["SOURCE"],
> +                ignore_dirs=[".git"],
> +                ignore_top_level_dirs=["temp"],
> +                archive=archive,
> +            )
> +
> +            if archive is not None:
> +                recipe.packageFileName = str(recipe_archive.name)
> +
> +    dep_recipes = collect_dep_recipes(d, doc, recipe)
> +
> +    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
> +    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
> +
> +    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> +    recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
> +    recipe_ref.spdxDocument = doc.documentNamespace
> +    recipe_ref.checksum.algorithm = "SHA1"
> +    recipe_ref.checksum.checksumValue = doc_sha1
> +
> +    sources = collect_dep_sources(d, dep_recipes)
> +    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
> +
> +    if not recipe_spdx_is_native(d, recipe):
> +        bb.build.exec_func("read_subpackage_metadata", d)
> +
> +        pkgdest = Path(d.getVar("PKGDEST"))
> +        for package in d.getVar("PACKAGES").split():
> +            if not oe.packagedata.packaged(package, d):
> +                continue
> +
> +            package_doc = oe.spdx.SPDXDocument()
> +            pkg_name = d.getVar("PKG:%s" % package) or package
> +            package_doc.name = pkg_name
> +            package_doc.documentNamespace = get_doc_namespace(d, package_doc)
> +            package_doc.creationInfo.created = creation_time
> +            package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
> +            package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> +            package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> +            package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> +            package_doc.creationInfo.creators.append("Person: N/A ()")
> +            package_doc.externalDocumentRefs.append(recipe_ref)
> +
> +            package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
> +
> +            spdx_package = oe.spdx.SPDXPackage()
> +
> +            spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
> +            spdx_package.name = pkg_name
> +            spdx_package.versionInfo = d.getVar("PV")
> +            spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
> +            spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
> +
> +            package_doc.packages.append(spdx_package)
> +
> +            package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
> +            package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
> +
> +            package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
> +            with optional_tarfile(package_archive, archive_packaged) as archive:
> +                package_files = add_package_files(
> +                    d,
> +                    package_doc,
> +                    spdx_package,
> +                    pkgdest / package,
> +                    lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
> +                    lambda filepath: ["BINARY"],
> +                    ignore_top_level_dirs=['CONTROL', 'DEBIAN'],
> +                    archive=archive,
> +                )
> +
> +                if archive is not None:
> +                    spdx_package.packageFileName = str(package_archive.name)
> +
> +            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
> +
> +            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
> +}
> +# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
> +addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
> +
> +SSTATETASKS += "do_create_spdx"
> +do_create_spdx[sstate-inputdirs] = "${SPDXDEPLOY}"
> +do_create_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> +
> +python do_create_spdx_setscene () {
> +    sstate_setscene(d)
> +}
> +addtask do_create_spdx_setscene
> +
> +do_create_spdx[dirs] = "${SPDXWORK}"
> +do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
> +do_create_spdx[depends] += "${PATCHDEPENDENCY}"
> +do_create_spdx[deptask] = "do_create_spdx"
> +
> +def collect_package_providers(d):
> +    from pathlib import Path
> +    import oe.sbom
> +    import oe.spdx
> +    import json
> +
> +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> +
> +    providers = {}
> +
> +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> +    deps = sorted(set(
> +        dep[0] for dep in taskdepdata.values() if dep[0] != d.getVar("PN")
> +    ))
> +    deps.append(d.getVar("PN"))
> +
> +    for dep_pn in deps:
> +        recipe_data = oe.packagedata.read_pkgdata(dep_pn, d)
> +
> +        for pkg in recipe_data.get("PACKAGES", "").split():
> +
> +            pkg_data = oe.packagedata.read_subpkgdata_dict(pkg, d)
> +            rprovides = set(n for n, _ in bb.utils.explode_dep_versions2(pkg_data.get("RPROVIDES", "")).items())
> +            rprovides.add(pkg)
> +
> +            for r in rprovides:
> +                providers[r] = pkg
> +
> +    return providers
> +
> +collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
> +
> +python do_create_runtime_spdx() {
> +    from datetime import datetime, timezone
> +    import oe.sbom
> +    import oe.spdx
> +    import oe.packagedata
> +    from pathlib import Path
> +
> +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> +    spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
> +    is_native = bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d)
> +
> +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> +
> +    providers = collect_package_providers(d)
> +
> +    if not is_native:
> +        bb.build.exec_func("read_subpackage_metadata", d)
> +
> +        dep_package_cache = {}
> +
> +        pkgdest = Path(d.getVar("PKGDEST"))
> +        for package in d.getVar("PACKAGES").split():
> +            localdata = bb.data.createCopy(d)
> +            pkg_name = d.getVar("PKG:%s" % package) or package
> +            localdata.setVar("PKG", pkg_name)
> +            localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
> +
> +            if not oe.packagedata.packaged(package, localdata):
> +                continue
> +
> +            pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
> +
> +            package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
> +
> +            for p in package_doc.packages:
> +                if p.name == pkg_name:
> +                    spdx_package = p
> +                    break
> +            else:
> +                bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
> +
> +            runtime_doc = oe.spdx.SPDXDocument()
> +            runtime_doc.name = "runtime-" + pkg_name
> +            runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
> +            runtime_doc.creationInfo.created = creation_time
> +            runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
> +            runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> +            runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> +            runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> +            runtime_doc.creationInfo.creators.append("Person: N/A ()")
> +
> +            package_ref = oe.spdx.SPDXExternalDocumentRef()
> +            package_ref.externalDocumentId = "DocumentRef-package-" + package
> +            package_ref.spdxDocument = package_doc.documentNamespace
> +            package_ref.checksum.algorithm = "SHA1"
> +            package_ref.checksum.checksumValue = package_doc_sha1
> +
> +            runtime_doc.externalDocumentRefs.append(package_ref)
> +
> +            runtime_doc.add_relationship(
> +                runtime_doc.SPDXID,
> +                "AMENDS",
> +                "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
> +            )
> +
> +            deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
> +            seen_deps = set()
> +            for dep, _ in deps.items():
> +                if dep in seen_deps:
> +                    continue
> +
> +                if dep not in providers:
> +                    continue
> +
> +                dep = providers[dep]
> +
> +                if not oe.packagedata.packaged(dep, localdata):
> +                    continue
> +
> +                dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
> +                dep_pkg = dep_pkg_data["PKG"]
> +
> +                if dep in dep_package_cache:
> +                    (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
> +                else:
> +                    dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
> +
> +                    spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
> +
> +                    for pkg in spdx_dep_doc.packages:
> +                        if pkg.name == dep_pkg:
> +                            dep_spdx_package = pkg
> +                            break
> +                    else:
> +                        bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
> +
> +                    dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
> +                    dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
> +                    dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
> +                    dep_package_ref.checksum.algorithm = "SHA1"
> +                    dep_package_ref.checksum.checksumValue = spdx_dep_sha1
> +
> +                    dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
> +
> +                runtime_doc.externalDocumentRefs.append(dep_package_ref)
> +
> +                runtime_doc.add_relationship(
> +                    "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
> +                    "RUNTIME_DEPENDENCY_OF",
> +                    "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
> +                )
> +                seen_deps.add(dep)
> +
> +            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
> +}
> +
> +addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
> +SSTATETASKS += "do_create_runtime_spdx"
> +do_create_runtime_spdx[sstate-inputdirs] = "${SPDXRUNTIMEDEPLOY}"
> +do_create_runtime_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> +
> +python do_create_runtime_spdx_setscene () {
> +    sstate_setscene(d)
> +}
> +addtask do_create_runtime_spdx_setscene
> +
> +do_create_runtime_spdx[dirs] = "${SPDXRUNTIMEDEPLOY}"
> +do_create_runtime_spdx[cleandirs] = "${SPDXRUNTIMEDEPLOY}"
> +do_create_runtime_spdx[rdeptask] = "do_create_spdx"
> +
> +def spdx_get_src(d):
> +    """
> +    save patched source of the recipe in SPDX_WORKDIR.
> +    """
> +    import shutil
> +    spdx_workdir = d.getVar('SPDXWORK')
> +    spdx_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
> +    pn = d.getVar('PN')
> +
> +    workdir = d.getVar("WORKDIR")
> +
> +    try:
> +        # The kernel class functions require it to be on work-shared, so we dont change WORKDIR
> +        if not is_work_shared_spdx(d):
> +            # Change the WORKDIR to make do_unpack do_patch run in another dir.
> +            d.setVar('WORKDIR', spdx_workdir)
> +            # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
> +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> +
> +            # The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
> +            # possibly requiring of the following tasks (such as some recipes's
> +            # do_patch required 'B' existed).
> +            bb.utils.mkdirhier(d.getVar('B'))
> +
> +            bb.build.exec_func('do_unpack', d)
> +        # Copy source of kernel to spdx_workdir
> +        if is_work_shared_spdx(d):
> +            share_src = d.getVar('WORKDIR')
> +            d.setVar('WORKDIR', spdx_workdir)
> +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> +            src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
> +            bb.utils.mkdirhier(src_dir)
> +            if bb.data.inherits_class('kernel',d):
> +                share_src = d.getVar('STAGING_KERNEL_DIR')
> +            cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
> +            cmd_copy_shared_res = os.popen(cmd_copy_share).read()
> +            bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
> +
> +            git_path = src_dir + "/.git"
> +            if os.path.exists(git_path):
> +                shutils.rmtree(git_path)
> +
> +        # Make sure gcc and kernel sources are patched only once
> +        if not (d.getVar('SRC_URI') == "" or is_work_shared_spdx(d)):
> +            bb.build.exec_func('do_patch', d)
> +
> +        # Some userland has no source.
> +        if not os.path.exists( spdx_workdir ):
> +            bb.utils.mkdirhier(spdx_workdir)
> +    finally:
> +        d.setVar("WORKDIR", workdir)
> +
> +do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> +do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
> +
> +ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
> +
> +do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> +do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
> +POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = " sdk_host_combine_spdx; "
> +POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = " sdk_target_combine_spdx; "
> +
> +python image_combine_spdx() {
> +    import os
> +    import oe.sbom
> +    from pathlib import Path
> +    from oe.rootfs import image_list_installed_packages
> +
> +    image_name = d.getVar("IMAGE_NAME")
> +    image_link_name = d.getVar("IMAGE_LINK_NAME")
> +    imgdeploydir = Path(d.getVar("IMGDEPLOYDIR"))
> +    img_spdxid = oe.sbom.get_image_spdxid(image_name)
> +    packages = image_list_installed_packages(d)
> +
> +    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages, Path(d.getVar("SPDXIMAGEWORK")))
> +
> +    def make_image_link(target_path, suffix):
> +        if image_link_name:
> +            link = imgdeploydir / (image_link_name + suffix)
> +            if link != target_path:
> +                link.symlink_to(os.path.relpath(target_path, link.parent))
> +
> +    spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
> +    make_image_link(spdx_tar_path, ".spdx.tar.zst")

The image link should be called tar.gz also. Probably best to make a
gzip-from-the-start version for Dunfell,
or perhaps squash everything?

> +}
> +
> +python sdk_host_combine_spdx() {
> +    sdk_combine_spdx(d, "host")
> +}
> +
> +python sdk_target_combine_spdx() {
> +    sdk_combine_spdx(d, "target")
> +}
> +
> +def sdk_combine_spdx(d, sdk_type):
> +    import oe.sbom
> +    from pathlib import Path
> +    from oe.sdk import sdk_list_installed_packages
> +
> +    sdk_name = d.getVar("SDK_NAME") + "-" + sdk_type
> +    sdk_deploydir = Path(d.getVar("SDKDEPLOYDIR"))
> +    sdk_spdxid = oe.sbom.get_sdk_spdxid(sdk_name)
> +    sdk_packages = sdk_list_installed_packages(d, sdk_type == "target")
> +    combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages, Path(d.getVar('SPDXSDKWORK')))
> +
> +def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx_workdir):
> +    import os
> +    import oe.spdx
> +    import oe.sbom
> +    import io
> +    import json
> +    from datetime import timezone, datetime
> +    from pathlib import Path
> +    import tarfile
> +    import bb.compress.zstd
> +
> +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> +    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
> +
> +    doc = oe.spdx.SPDXDocument()
> +    doc.name = rootfs_name
> +    doc.documentNamespace = get_doc_namespace(d, doc)
> +    doc.creationInfo.created = creation_time
> +    doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
> +    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> +    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> +    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> +    doc.creationInfo.creators.append("Person: N/A ()")
> +
> +    image = oe.spdx.SPDXPackage()
> +    image.name = d.getVar("PN")
> +    image.versionInfo = d.getVar("PV")
> +    image.SPDXID = rootfs_spdxid
> +    image.supplier = d.getVar("SPDX_SUPPLIER")
> +
> +    doc.packages.append(image)
> +
> +    for name in sorted(packages.keys()):
> +        pkg_spdx_path = deploy_dir_spdx / "packages" / (name + ".spdx.json")
> +        pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
> +
> +        for p in pkg_doc.packages:
> +            if p.name == name:
> +                pkg_ref = oe.spdx.SPDXExternalDocumentRef()
> +                pkg_ref.externalDocumentId = "DocumentRef-%s" % pkg_doc.name
> +                pkg_ref.spdxDocument = pkg_doc.documentNamespace
> +                pkg_ref.checksum.algorithm = "SHA1"
> +                pkg_ref.checksum.checksumValue = pkg_doc_sha1
> +
> +                doc.externalDocumentRefs.append(pkg_ref)
> +                doc.add_relationship(image, "CONTAINS", "%s:%s" % (pkg_ref.externalDocumentId, p.SPDXID))
> +                break
> +        else:
> +            bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path))
> +
> +        runtime_spdx_path = deploy_dir_spdx / "runtime" / ("runtime-" + name + ".spdx.json")
> +        runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path)
> +
> +        runtime_ref = oe.spdx.SPDXExternalDocumentRef()
> +        runtime_ref.externalDocumentId = "DocumentRef-%s" % runtime_doc.name
> +        runtime_ref.spdxDocument = runtime_doc.documentNamespace
> +        runtime_ref.checksum.algorithm = "SHA1"
> +        runtime_ref.checksum.checksumValue = runtime_doc_sha1
> +
> +        # "OTHER" isn't ideal here, but I can't find a relationship that makes sense
> +        doc.externalDocumentRefs.append(runtime_ref)
> +        doc.add_relationship(
> +            image,
> +            "OTHER",
> +            "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID),
> +            comment="Runtime dependencies for %s" % name
> +        )
> +
> +    image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
> +
> +    with image_spdx_path.open("wb") as f:
> +        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
> +
> +    num_threads = int(d.getVar("BB_NUMBER_THREADS"))
> +
> +    visited_docs = set()
> +
> +    index = {"documents": []}
> +
> +    spdx_tar_path = rootfs_deploydir / (rootfs_name + ".spdx.tar.zst")
> +    with bb.compress.zstd.open(spdx_tar_path, "w", num_threads=num_threads) as f:
> +        with tarfile.open(fileobj=f, mode="w|") as tar:
> +            def collect_spdx_document(path):
> +                nonlocal tar
> +                nonlocal deploy_dir_spdx
> +                nonlocal source_date_epoch
> +                nonlocal index
> +
> +                if path in visited_docs:
> +                    return
> +
> +                visited_docs.add(path)
> +
> +                with path.open("rb") as f:
> +                    doc, sha1 = oe.sbom.read_doc(f)
> +                    f.seek(0)
> +
> +                    if doc.documentNamespace in visited_docs:
> +                        return
> +
> +                    bb.note("Adding SPDX document %s" % path)
> +                    visited_docs.add(doc.documentNamespace)
> +                    info = tar.gettarinfo(fileobj=f)
> +
> +                    info.name = doc.name + ".spdx.json"
> +                    info.uid = 0
> +                    info.gid = 0
> +                    info.uname = "root"
> +                    info.gname = "root"
> +
> +                    if source_date_epoch is not None and info.mtime > int(source_date_epoch):
> +                        info.mtime = int(source_date_epoch)
> +
> +                    tar.addfile(info, f)
> +
> +                    index["documents"].append({
> +                        "filename": info.name,
> +                        "documentNamespace": doc.documentNamespace,
> +                        "sha1": sha1,
> +                    })
> +
> +                for ref in doc.externalDocumentRefs:
> +                    ref_path = deploy_dir_spdx / "by-namespace" / ref.spdxDocument.replace("/", "_")
> +                    collect_spdx_document(ref_path)
> +
> +            collect_spdx_document(image_spdx_path)
> +
> +            index["documents"].sort(key=lambda x: x["filename"])
> +
> +            index_str = io.BytesIO(json.dumps(
> +                index,
> +                sort_keys=True,
> +                indent=get_json_indent(d),
> +            ).encode("utf-8"))
> +
> +            info = tarfile.TarInfo()
> +            info.name = "index.json"
> +            info.size = len(index_str.getvalue())
> +            info.uid = 0
> +            info.gid = 0
> +            info.uname = "root"
> +            info.gname = "root"
> +
> +            tar.addfile(info, fileobj=index_str)
> diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
> new file mode 100644
> index 0000000000..19c6c0ff0b
> --- /dev/null
> +++ b/meta/classes/create-spdx.bbclass
> @@ -0,0 +1,8 @@
> +#
> +# Copyright OpenEmbedded Contributors
> +#
> +# SPDX-License-Identifier: GPL-2.0-only
> +#
> +# Include this class when you don't care what version of SPDX you get; it will
> +# be updated to the latest stable version that is supported
> +inherit create-spdx-2.2
> diff --git a/meta/files/spdx-licenses.json b/meta/files/spdx-licenses.json
> new file mode 100644
> index 0000000000..ef926164ec
> --- /dev/null
> +++ b/meta/files/spdx-licenses.json
> @@ -0,0 +1,5937 @@
> +{
> +  "licenseListVersion": "3.14",
> +  "licenses": [
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-1.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-1.0.json",
> +      "referenceNumber": 0,
> +      "name": "GNU General Public License v1.0 only",
> +      "licenseId": "GPL-1.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/bzip2-1.0.6.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.6.json",
> +      "referenceNumber": 1,
> +      "name": "bzip2 and libbzip2 License v1.0.6",
> +      "licenseId": "bzip2-1.0.6",
> +      "seeAlso": [
> +        "https://sourceware.org/git/?p\u003dbzip2.git;a\u003dblob;f\u003dLICENSE;hb\u003dbzip2-1.0.6",
> +        "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Intel-ACPI.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Intel-ACPI.json",
> +      "referenceNumber": 2,
> +      "name": "Intel ACPI Software License Agreement",
> +      "licenseId": "Intel-ACPI",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/XSkat.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/XSkat.json",
> +      "referenceNumber": 3,
> +      "name": "XSkat License",
> +      "licenseId": "XSkat",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/XSkat_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.json",
> +      "referenceNumber": 4,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic",
> +      "licenseId": "CC-BY-NC-SA-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Plexus.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Plexus.json",
> +      "referenceNumber": 5,
> +      "name": "Plexus Classworlds License",
> +      "licenseId": "Plexus",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Giftware.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Giftware.json",
> +      "referenceNumber": 6,
> +      "name": "Giftware License",
> +      "licenseId": "Giftware",
> +      "seeAlso": [
> +        "http://liballeg.org/license.html#allegro-4-the-giftware-license"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BitTorrent-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.0.json",
> +      "referenceNumber": 7,
> +      "name": "BitTorrent Open Source License v1.0",
> +      "licenseId": "BitTorrent-1.0",
> +      "seeAlso": [
> +        "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1\u003d1.1\u0026r2\u003d1.1.1.1\u0026diff_format\u003ds"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APSL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APSL-1.1.json",
> +      "referenceNumber": 8,
> +      "name": "Apple Public Source License 1.1",
> +      "licenseId": "APSL-1.1",
> +      "seeAlso": [
> +        "http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.json",
> +      "referenceNumber": 9,
> +      "name": "GNU General Public License v2.0 w/GCC Runtime Library exception",
> +      "licenseId": "GPL-2.0-with-GCC-exception",
> +      "seeAlso": [
> +        "https://gcc.gnu.org/git/?p\u003dgcc.git;a\u003dblob;f\u003dgcc/libgcc1.c;h\u003d762f5143fc6eed57b6797c82710f3538aa52b40b;hb\u003dcb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/UPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/UPL-1.0.json",
> +      "referenceNumber": 10,
> +      "name": "Universal Permissive License v1.0",
> +      "licenseId": "UPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/UPL"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/wxWindows.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/wxWindows.json",
> +      "referenceNumber": 11,
> +      "name": "wxWindows Library License",
> +      "licenseId": "wxWindows",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/WXwindows"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Caldera.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Caldera.json",
> +      "referenceNumber": 12,
> +      "name": "Caldera License",
> +      "licenseId": "Caldera",
> +      "seeAlso": [
> +        "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Zend-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Zend-2.0.json",
> +      "referenceNumber": 13,
> +      "name": "Zend License v2.0",
> +      "licenseId": "Zend-2.0",
> +      "seeAlso": [
> +        "https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CUA-OPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CUA-OPL-1.0.json",
> +      "referenceNumber": 14,
> +      "name": "CUA Office Public License v1.0",
> +      "licenseId": "CUA-OPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/CUA-OPL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/JPNIC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/JPNIC.json",
> +      "referenceNumber": 15,
> +      "name": "Japan Network Information Center License",
> +      "licenseId": "JPNIC",
> +      "seeAlso": [
> +        "https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SAX-PD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SAX-PD.json",
> +      "referenceNumber": 16,
> +      "name": "Sax Public Domain Notice",
> +      "licenseId": "SAX-PD",
> +      "seeAlso": [
> +        "http://www.saxproject.org/copying.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.5.json",
> +      "referenceNumber": 17,
> +      "name": "Creative Commons Attribution No Derivatives 2.5 Generic",
> +      "licenseId": "CC-BY-ND-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/eGenix.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/eGenix.json",
> +      "referenceNumber": 18,
> +      "name": "eGenix.com Public License 1.1.0",
> +      "licenseId": "eGenix",
> +      "seeAlso": [
> +        "http://www.egenix.com/products/eGenix.com-Public-License-1.1.0.pdf",
> +        "https://fedoraproject.org/wiki/Licensing/eGenix.com_Public_License_1.1.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPLLR.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPLLR.json",
> +      "referenceNumber": 19,
> +      "name": "Lesser General Public License For Linguistic Resources",
> +      "licenseId": "LGPLLR",
> +      "seeAlso": [
> +        "http://www-igm.univ-mlv.fr/~unitex/lgpllr.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.2.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.2.json",
> +      "referenceNumber": 20,
> +      "name": "Open LDAP Public License 2.2.2",
> +      "licenseId": "OLDAP-2.2.2",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003ddf2cc1e21eb7c160695f5b7cffd6296c151ba188"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.json",
> +      "referenceNumber": 21,
> +      "name": "Creative Commons Attribution No Derivatives 3.0 Germany",
> +      "licenseId": "CC-BY-ND-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/IPA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/IPA.json",
> +      "referenceNumber": 22,
> +      "name": "IPA Font License",
> +      "licenseId": "IPA",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/IPA"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NCSA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NCSA.json",
> +      "referenceNumber": 23,
> +      "name": "University of Illinois/NCSA Open Source License",
> +      "licenseId": "NCSA",
> +      "seeAlso": [
> +        "http://otm.illinois.edu/uiuc_openSource",
> +        "https://opensource.org/licenses/NCSA"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/W3C.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/W3C.json",
> +      "referenceNumber": 24,
> +      "name": "W3C Software Notice and License (2002-12-31)",
> +      "licenseId": "W3C",
> +      "seeAlso": [
> +        "http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.html",
> +        "https://opensource.org/licenses/W3C"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Adobe-2006.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Adobe-2006.json",
> +      "referenceNumber": 25,
> +      "name": "Adobe Systems Incorporated Source Code License Agreement",
> +      "licenseId": "Adobe-2006",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/AdobeLicense"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Net-SNMP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Net-SNMP.json",
> +      "referenceNumber": 26,
> +      "name": "Net-SNMP License",
> +      "licenseId": "Net-SNMP",
> +      "seeAlso": [
> +        "http://net-snmp.sourceforge.net/about/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-4.0.json",
> +      "referenceNumber": 27,
> +      "name": "Creative Commons Attribution Share Alike 4.0 International",
> +      "licenseId": "CC-BY-SA-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/YPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/YPL-1.0.json",
> +      "referenceNumber": 28,
> +      "name": "Yahoo! Public License v1.0",
> +      "licenseId": "YPL-1.0",
> +      "seeAlso": [
> +        "http://www.zimbra.com/license/yahoo_public_license_1.0.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Nunit.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/Nunit.json",
> +      "referenceNumber": 29,
> +      "name": "Nunit License",
> +      "licenseId": "Nunit",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Nunit"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MITNFA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MITNFA.json",
> +      "referenceNumber": 30,
> +      "name": "MIT +no-false-attribs license",
> +      "licenseId": "MITNFA",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MITNFA"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PHP-3.01.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PHP-3.01.json",
> +      "referenceNumber": 31,
> +      "name": "PHP License v3.01",
> +      "licenseId": "PHP-3.01",
> +      "seeAlso": [
> +        "http://www.php.net/license/3_01.txt"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-Source-Code.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-Source-Code.json",
> +      "referenceNumber": 32,
> +      "name": "BSD Source Code Attribution",
> +      "licenseId": "BSD-Source-Code",
> +      "seeAlso": [
> +        "https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.5.json",
> +      "referenceNumber": 33,
> +      "name": "Creative Commons Attribution Share Alike 2.5 Generic",
> +      "licenseId": "CC-BY-SA-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Motosoto.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Motosoto.json",
> +      "referenceNumber": 34,
> +      "name": "Motosoto License",
> +      "licenseId": "Motosoto",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Motosoto"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSL-1.1.json",
> +      "referenceNumber": 35,
> +      "name": "Open Software License 1.1",
> +      "licenseId": "OSL-1.1",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/OSL1.1"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NGPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NGPL.json",
> +      "referenceNumber": 36,
> +      "name": "Nethack General Public License",
> +      "licenseId": "NGPL",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/NGPL"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-2.5-AU.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5-AU.json",
> +      "referenceNumber": 37,
> +      "name": "Creative Commons Attribution 2.5 Australia",
> +      "licenseId": "CC-BY-2.5-AU",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/2.5/au/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Unicode-TOU.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Unicode-TOU.json",
> +      "referenceNumber": 38,
> +      "name": "Unicode Terms of Use",
> +      "licenseId": "Unicode-TOU",
> +      "seeAlso": [
> +        "http://www.unicode.org/copyright.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.json",
> +      "referenceNumber": 39,
> +      "name": "BSD 3-Clause No Nuclear License",
> +      "licenseId": "BSD-3-Clause-No-Nuclear-License",
> +      "seeAlso": [
> +        "http://download.oracle.com/otn-pub/java/licenses/bsd.txt?AuthParam\u003d1467140197_43d516ce1776bd08a58235a7785be1cc"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OPUBL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OPUBL-1.0.json",
> +      "referenceNumber": 40,
> +      "name": "Open Publication License v1.0",
> +      "licenseId": "OPUBL-1.0",
> +      "seeAlso": [
> +        "http://opencontent.org/openpub/",
> +        "https://www.debian.org/opl",
> +        "https://www.ctan.org/license/opl"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.json",
> +      "referenceNumber": 41,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales",
> +      "licenseId": "CC-BY-NC-SA-2.0-UK",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NLOD-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NLOD-2.0.json",
> +      "referenceNumber": 42,
> +      "name": "Norwegian Licence for Open Government Data (NLOD) 2.0",
> +      "licenseId": "NLOD-2.0",
> +      "seeAlso": [
> +        "http://data.norge.no/nlod/en/2.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/gnuplot.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/gnuplot.json",
> +      "referenceNumber": 43,
> +      "name": "gnuplot License",
> +      "licenseId": "gnuplot",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Gnuplot"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EPICS.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EPICS.json",
> +      "referenceNumber": 44,
> +      "name": "EPICS Open License",
> +      "licenseId": "EPICS",
> +      "seeAlso": [
> +        "https://epics.anl.gov/license/open.php"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Info-ZIP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Info-ZIP.json",
> +      "referenceNumber": 45,
> +      "name": "Info-ZIP License",
> +      "licenseId": "Info-ZIP",
> +      "seeAlso": [
> +        "http://www.info-zip.org/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.json",
> +      "referenceNumber": 46,
> +      "name": "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)",
> +      "licenseId": "OLDAP-2.0",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcbf50f4e1185a21abd4c0a54d3f4341fe28f36ea"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CERN-OHL-P-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-P-2.0.json",
> +      "referenceNumber": 47,
> +      "name": "CERN Open Hardware Licence Version 2 - Permissive",
> +      "licenseId": "CERN-OHL-P-2.0",
> +      "seeAlso": [
> +        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.json",
> +      "referenceNumber": 48,
> +      "name": "BSD 3-Clause No Nuclear Warranty",
> +      "licenseId": "BSD-3-Clause-No-Nuclear-Warranty",
> +      "seeAlso": [
> +        "https://jogamp.org/git/?p\u003dgluegen.git;a\u003dblob_plain;f\u003dLICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AML.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AML.json",
> +      "referenceNumber": 49,
> +      "name": "Apple MIT License",
> +      "licenseId": "AML",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Apple_MIT_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MulanPSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MulanPSL-1.0.json",
> +      "referenceNumber": 50,
> +      "name": "Mulan Permissive Software License, Version 1",
> +      "licenseId": "MulanPSL-1.0",
> +      "seeAlso": [
> +        "https://license.coscl.org.cn/MulanPSL/",
> +        "https://github.com/yuwenlong/longphp/blob/25dfb70cc2a466dc4bb55ba30901cbce08d164b5/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Multics.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Multics.json",
> +      "referenceNumber": 51,
> +      "name": "Multics License",
> +      "licenseId": "Multics",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Multics"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/VSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/VSL-1.0.json",
> +      "referenceNumber": 52,
> +      "name": "Vovida Software License v1.0",
> +      "licenseId": "VSL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/VSL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RSA-MD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RSA-MD.json",
> +      "referenceNumber": 53,
> +      "name": "RSA Message-Digest License",
> +      "licenseId": "RSA-MD",
> +      "seeAlso": [
> +        "http://www.faqs.org/rfcs/rfc1321.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-PDDC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-PDDC.json",
> +      "referenceNumber": 54,
> +      "name": "Creative Commons Public Domain Dedication and Certification",
> +      "licenseId": "CC-PDDC",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/publicdomain/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.json",
> +      "referenceNumber": 55,
> +      "name": "Creative Commons Attribution Share Alike 2.1 Japan",
> +      "licenseId": "CC-BY-SA-2.1-JP",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPPL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPPL-1.2.json",
> +      "referenceNumber": 56,
> +      "name": "LaTeX Project Public License v1.2",
> +      "licenseId": "LPPL-1.2",
> +      "seeAlso": [
> +        "http://www.latex-project.org/lppl/lppl-1-2.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Spencer-94.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Spencer-94.json",
> +      "referenceNumber": 57,
> +      "name": "Spencer License 94",
> +      "licenseId": "Spencer-94",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.2.json",
> +      "referenceNumber": 58,
> +      "name": "Open LDAP Public License v1.2",
> +      "licenseId": "OLDAP-1.2",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d42b0383c50c299977b5893ee695cf4e486fb0dc7"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/O-UDA-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/O-UDA-1.0.json",
> +      "referenceNumber": 59,
> +      "name": "Open Use of Data Agreement v1.0",
> +      "licenseId": "O-UDA-1.0",
> +      "seeAlso": [
> +        "https://github.com/microsoft/Open-Use-of-Data-Agreement/blob/v1.0/O-UDA-1.0.md",
> +        "https://cdla.dev/open-use-of-data-agreement-v1-0/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.7.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.7.json",
> +      "referenceNumber": 60,
> +      "name": "Open LDAP Public License v2.7",
> +      "licenseId": "OLDAP-2.7",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d47c2415c1df81556eeb39be6cad458ef87c534a2"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Glulxe.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Glulxe.json",
> +      "referenceNumber": 61,
> +      "name": "Glulxe License",
> +      "licenseId": "Glulxe",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Glulxe"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/iMatix.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/iMatix.json",
> +      "referenceNumber": 62,
> +      "name": "iMatix Standard Function Library Agreement",
> +      "licenseId": "iMatix",
> +      "seeAlso": [
> +        "http://legacy.imatix.com/html/sfl/sfl4.htm#license"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TAPR-OHL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TAPR-OHL-1.0.json",
> +      "referenceNumber": 63,
> +      "name": "TAPR Open Hardware License v1.0",
> +      "licenseId": "TAPR-OHL-1.0",
> +      "seeAlso": [
> +        "https://www.tapr.org/OHL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NBPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NBPL-1.0.json",
> +      "referenceNumber": 64,
> +      "name": "Net Boolean Public License v1",
> +      "licenseId": "NBPL-1.0",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d37b4b3f6cc4bf34e1d3dec61e69914b9819d8894"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LiLiQ-R-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LiLiQ-R-1.1.json",
> +      "referenceNumber": 65,
> +      "name": "Licence Libre du Québec – Réciprocité version 1.1",
> +      "licenseId": "LiLiQ-R-1.1",
> +      "seeAlso": [
> +        "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-liliq-r-v1-1/",
> +        "http://opensource.org/licenses/LiLiQ-R-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Noweb.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Noweb.json",
> +      "referenceNumber": 66,
> +      "name": "Noweb License",
> +      "licenseId": "Noweb",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Noweb"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC0-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC0-1.0.json",
> +      "referenceNumber": 67,
> +      "name": "Creative Commons Zero v1.0 Universal",
> +      "licenseId": "CC0-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-Protection.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-Protection.json",
> +      "referenceNumber": 68,
> +      "name": "BSD Protection License",
> +      "licenseId": "BSD-Protection",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/BSD_Protection_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.5.json",
> +      "referenceNumber": 69,
> +      "name": "Creative Commons Attribution Non Commercial 2.5 Generic",
> +      "licenseId": "CC-BY-NC-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Zlib.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Zlib.json",
> +      "referenceNumber": 70,
> +      "name": "zlib License",
> +      "licenseId": "Zlib",
> +      "seeAlso": [
> +        "http://www.zlib.net/zlib_license.html",
> +        "https://opensource.org/licenses/Zlib"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.json",
> +      "referenceNumber": 71,
> +      "name": "GNU Free Documentation License v1.3 or later - invariants",
> +      "licenseId": "GFDL-1.3-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-3.0-AT.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-AT.json",
> +      "referenceNumber": 72,
> +      "name": "Creative Commons Attribution 3.0 Austria",
> +      "licenseId": "CC-BY-3.0-AT",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/3.0/at/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPPL-1.3c.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPPL-1.3c.json",
> +      "referenceNumber": 73,
> +      "name": "LaTeX Project Public License v1.3c",
> +      "licenseId": "LPPL-1.3c",
> +      "seeAlso": [
> +        "http://www.latex-project.org/lppl/lppl-1-3c.txt",
> +        "https://opensource.org/licenses/LPPL-1.3c"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EPL-1.0.json",
> +      "referenceNumber": 74,
> +      "name": "Eclipse Public License 1.0",
> +      "licenseId": "EPL-1.0",
> +      "seeAlso": [
> +        "http://www.eclipse.org/legal/epl-v10.html",
> +        "https://opensource.org/licenses/EPL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.json",
> +      "referenceNumber": 75,
> +      "name": "GNU Free Documentation License v1.1 or later - invariants",
> +      "licenseId": "GFDL-1.1-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ANTLR-PD-fallback.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ANTLR-PD-fallback.json",
> +      "referenceNumber": 76,
> +      "name": "ANTLR Software Rights Notice with license fallback",
> +      "licenseId": "ANTLR-PD-fallback",
> +      "seeAlso": [
> +        "http://www.antlr2.org/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.4.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.4.json",
> +      "referenceNumber": 77,
> +      "name": "Open LDAP Public License v2.4",
> +      "licenseId": "OLDAP-2.4",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcd1284c4a91a8a380d904eee68d1583f989ed386"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.3.json",
> +      "referenceNumber": 78,
> +      "name": "Open LDAP Public License v2.3",
> +      "licenseId": "OLDAP-2.3",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dd32cf54a32d581ab475d23c810b0a7fbaf8d63c3"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ZPL-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ZPL-2.1.json",
> +      "referenceNumber": 79,
> +      "name": "Zope Public License 2.1",
> +      "licenseId": "ZPL-2.1",
> +      "seeAlso": [
> +        "http://old.zope.org/Resources/ZPL/"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Apache-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Apache-2.0.json",
> +      "referenceNumber": 80,
> +      "name": "Apache License 2.0",
> +      "licenseId": "Apache-2.0",
> +      "seeAlso": [
> +        "https://www.apache.org/licenses/LICENSE-2.0",
> +        "https://opensource.org/licenses/Apache-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SGI-B-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SGI-B-2.0.json",
> +      "referenceNumber": 81,
> +      "name": "SGI Free Software License B v2.0",
> +      "licenseId": "SGI-B-2.0",
> +      "seeAlso": [
> +        "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Hippocratic-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Hippocratic-2.1.json",
> +      "referenceNumber": 82,
> +      "name": "Hippocratic License 2.1",
> +      "licenseId": "Hippocratic-2.1",
> +      "seeAlso": [
> +        "https://firstdonoharm.dev/version/2/1/license.html",
> +        "https://github.com/EthicalSource/hippocratic-license/blob/58c0e646d64ff6fbee275bfe2b9492f914e3ab2a/LICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.json",
> +      "referenceNumber": 83,
> +      "name": "Creative Commons Attribution Share Alike 3.0 Germany",
> +      "licenseId": "CC-BY-SA-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.json",
> +      "referenceNumber": 84,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic",
> +      "licenseId": "CC-BY-NC-SA-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.1-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-or-later.json",
> +      "referenceNumber": 85,
> +      "name": "GNU Lesser General Public License v2.1 or later",
> +      "licenseId": "LGPL-2.1-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
> +        "https://opensource.org/licenses/LGPL-2.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-3.0-US.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-US.json",
> +      "referenceNumber": 86,
> +      "name": "Creative Commons Attribution 3.0 United States",
> +      "licenseId": "CC-BY-3.0-US",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/3.0/us/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TCP-wrappers.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TCP-wrappers.json",
> +      "referenceNumber": 87,
> +      "name": "TCP Wrappers License",
> +      "licenseId": "TCP-wrappers",
> +      "seeAlso": [
> +        "http://rc.quest.com/topics/openssh/license.php#tcpwrappers"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.json",
> +      "referenceNumber": 88,
> +      "name": "GNU Free Documentation License v1.2 or later - invariants",
> +      "licenseId": "GFDL-1.2-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Eurosym.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Eurosym.json",
> +      "referenceNumber": 89,
> +      "name": "Eurosym License",
> +      "licenseId": "Eurosym",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Eurosym"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1.json",
> +      "referenceNumber": 90,
> +      "name": "GNU Free Documentation License v1.1",
> +      "licenseId": "GFDL-1.1",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPPL-1.0.json",
> +      "referenceNumber": 91,
> +      "name": "LaTeX Project Public License v1.0",
> +      "licenseId": "LPPL-1.0",
> +      "seeAlso": [
> +        "http://www.latex-project.org/lppl/lppl-1-0.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.0+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0+.json",
> +      "referenceNumber": 92,
> +      "name": "GNU Library General Public License v2 or later",
> +      "licenseId": "LGPL-2.0+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SGI-B-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SGI-B-1.0.json",
> +      "referenceNumber": 93,
> +      "name": "SGI Free Software License B v1.0",
> +      "licenseId": "SGI-B-1.0",
> +      "seeAlso": [
> +        "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APL-1.0.json",
> +      "referenceNumber": 94,
> +      "name": "Adaptive Public License 1.0",
> +      "licenseId": "APL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/APL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/libtiff.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/libtiff.json",
> +      "referenceNumber": 95,
> +      "name": "libtiff License",
> +      "licenseId": "libtiff",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/libtiff"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AFL-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AFL-2.1.json",
> +      "referenceNumber": 96,
> +      "name": "Academic Free License v2.1",
> +      "licenseId": "AFL-2.1",
> +      "seeAlso": [
> +        "http://opensource.linux-mirror.org/licenses/afl-2.1.txt"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-1.0.json",
> +      "referenceNumber": 97,
> +      "name": "Creative Commons Attribution Non Commercial 1.0 Generic",
> +      "licenseId": "CC-BY-NC-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GD.json",
> +      "referenceNumber": 98,
> +      "name": "GD License",
> +      "licenseId": "GD",
> +      "seeAlso": [
> +        "https://libgd.github.io/manuals/2.3.0/files/license-txt.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AFL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AFL-1.1.json",
> +      "referenceNumber": 99,
> +      "name": "Academic Free License v1.1",
> +      "licenseId": "AFL-1.1",
> +      "seeAlso": [
> +        "http://opensource.linux-mirror.org/licenses/afl-1.1.txt",
> +        "http://wayback.archive.org/web/20021004124254/http://www.opensource.org/licenses/academic.php"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.json",
> +      "referenceNumber": 100,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO",
> +      "licenseId": "CC-BY-NC-ND-3.0-IGO",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Unicode-DFS-2015.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2015.json",
> +      "referenceNumber": 101,
> +      "name": "Unicode License Agreement - Data Files and Software (2015)",
> +      "licenseId": "Unicode-DFS-2015",
> +      "seeAlso": [
> +        "https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-only.json",
> +      "referenceNumber": 102,
> +      "name": "GNU Free Documentation License v1.2 only",
> +      "licenseId": "GFDL-1.2-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MPL-1.1.json",
> +      "referenceNumber": 103,
> +      "name": "Mozilla Public License 1.1",
> +      "licenseId": "MPL-1.1",
> +      "seeAlso": [
> +        "http://www.mozilla.org/MPL/MPL-1.1.html",
> +        "https://opensource.org/licenses/MPL-1.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-only.json",
> +      "referenceNumber": 104,
> +      "name": "GNU General Public License v2.0 only",
> +      "licenseId": "GPL-2.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-4.0.json",
> +      "referenceNumber": 105,
> +      "name": "Creative Commons Attribution Non Commercial 4.0 International",
> +      "licenseId": "CC-BY-NC-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FreeImage.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FreeImage.json",
> +      "referenceNumber": 106,
> +      "name": "FreeImage Public License v1.0",
> +      "licenseId": "FreeImage",
> +      "seeAlso": [
> +        "http://freeimage.sourceforge.net/freeimage-license.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SHL-0.51.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SHL-0.51.json",
> +      "referenceNumber": 107,
> +      "name": "Solderpad Hardware License, Version 0.51",
> +      "licenseId": "SHL-0.51",
> +      "seeAlso": [
> +        "https://solderpad.org/licenses/SHL-0.51/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CNRI-Jython.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CNRI-Jython.json",
> +      "referenceNumber": 108,
> +      "name": "CNRI Jython License",
> +      "licenseId": "CNRI-Jython",
> +      "seeAlso": [
> +        "http://www.jython.org/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ZPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ZPL-1.1.json",
> +      "referenceNumber": 109,
> +      "name": "Zope Public License 1.1",
> +      "licenseId": "ZPL-1.1",
> +      "seeAlso": [
> +        "http://old.zope.org/Resources/License/ZPL-1.1"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Afmparse.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Afmparse.json",
> +      "referenceNumber": 110,
> +      "name": "Afmparse License",
> +      "licenseId": "Afmparse",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Afmparse"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.1.json",
> +      "referenceNumber": 111,
> +      "name": "Open LDAP Public License v2.1",
> +      "licenseId": "OLDAP-2.1",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db0d176738e96a0d3b9f85cb51e140a86f21be715"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Rdisc.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Rdisc.json",
> +      "referenceNumber": 112,
> +      "name": "Rdisc License",
> +      "licenseId": "Rdisc",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Rdisc_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Imlib2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Imlib2.json",
> +      "referenceNumber": 113,
> +      "name": "Imlib2 License",
> +      "licenseId": "Imlib2",
> +      "seeAlso": [
> +        "http://trac.enlightenment.org/e/browser/trunk/imlib2/COPYING",
> +        "https://git.enlightenment.org/legacy/imlib2.git/tree/COPYING"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-4-Clause-Shortened.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-Shortened.json",
> +      "referenceNumber": 114,
> +      "name": "BSD 4 Clause Shortened",
> +      "licenseId": "BSD-4-Clause-Shortened",
> +      "seeAlso": [
> +        "https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Sendmail.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Sendmail.json",
> +      "referenceNumber": 115,
> +      "name": "Sendmail License",
> +      "licenseId": "Sendmail",
> +      "seeAlso": [
> +        "http://www.sendmail.com/pdfs/open_source/sendmail_license.pdf",
> +        "https://web.archive.org/web/20160322142305/https://www.sendmail.com/pdfs/open_source/sendmail_license.pdf"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5.json",
> +      "referenceNumber": 116,
> +      "name": "Creative Commons Attribution 2.5 Generic",
> +      "licenseId": "CC-BY-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AAL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AAL.json",
> +      "referenceNumber": 117,
> +      "name": "Attribution Assurance License",
> +      "licenseId": "AAL",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/attribution"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.json",
> +      "referenceNumber": 118,
> +      "name": "Mozilla Public License 2.0 (no copyleft exception)",
> +      "licenseId": "MPL-2.0-no-copyleft-exception",
> +      "seeAlso": [
> +        "http://www.mozilla.org/MPL/2.0/",
> +        "https://opensource.org/licenses/MPL-2.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.json",
> +      "referenceNumber": 119,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic",
> +      "licenseId": "CC-BY-NC-ND-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-3.0-NL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-NL.json",
> +      "referenceNumber": 120,
> +      "name": "Creative Commons Attribution 3.0 Netherlands",
> +      "licenseId": "CC-BY-3.0-NL",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/3.0/nl/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPL-1.02.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPL-1.02.json",
> +      "referenceNumber": 121,
> +      "name": "Lucent Public License v1.02",
> +      "licenseId": "LPL-1.02",
> +      "seeAlso": [
> +        "http://plan9.bell-labs.com/plan9/license.html",
> +        "https://opensource.org/licenses/LPL-1.02"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ECL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ECL-1.0.json",
> +      "referenceNumber": 122,
> +      "name": "Educational Community License v1.0",
> +      "licenseId": "ECL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/ECL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.0-no-RFN.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.0-no-RFN.json",
> +      "referenceNumber": 123,
> +      "name": "SIL Open Font License 1.0 with no Reserved Font Name",
> +      "licenseId": "OFL-1.0-no-RFN",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.json",
> +      "referenceNumber": 124,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany",
> +      "licenseId": "CC-BY-NC-SA-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0.json",
> +      "referenceNumber": 125,
> +      "name": "Creative Commons Attribution Share Alike 3.0 Unported",
> +      "licenseId": "CC-BY-SA-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NTP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NTP.json",
> +      "referenceNumber": 126,
> +      "name": "NTP License",
> +      "licenseId": "NTP",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/NTP"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MPL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MPL-2.0.json",
> +      "referenceNumber": 127,
> +      "name": "Mozilla Public License 2.0",
> +      "licenseId": "MPL-2.0",
> +      "seeAlso": [
> +        "https://www.mozilla.org/MPL/2.0/",
> +        "https://opensource.org/licenses/MPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APSL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APSL-1.2.json",
> +      "referenceNumber": 128,
> +      "name": "Apple Public Source License 1.2",
> +      "licenseId": "APSL-1.2",
> +      "seeAlso": [
> +        "http://www.samurajdata.se/opensource/mirror/licenses/apsl.php"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.json",
> +      "referenceNumber": 129,
> +      "name": "GNU Free Documentation License v1.2 only - no invariants",
> +      "licenseId": "GFDL-1.2-no-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Artistic-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Artistic-2.0.json",
> +      "referenceNumber": 130,
> +      "name": "Artistic License 2.0",
> +      "licenseId": "Artistic-2.0",
> +      "seeAlso": [
> +        "http://www.perlfoundation.org/artistic_license_2_0",
> +        "https://www.perlfoundation.org/artistic-license-20.html",
> +        "https://opensource.org/licenses/artistic-license-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0.json",
> +      "referenceNumber": 131,
> +      "name": "GNU General Public License v2.0 only",
> +      "licenseId": "GPL-2.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RSCPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RSCPL.json",
> +      "referenceNumber": 132,
> +      "name": "Ricoh Source Code Public License",
> +      "licenseId": "RSCPL",
> +      "seeAlso": [
> +        "http://wayback.archive.org/web/20060715140826/http://www.risource.org/RPL/RPL-1.0A.shtml",
> +        "https://opensource.org/licenses/RSCPL"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Sleepycat.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Sleepycat.json",
> +      "referenceNumber": 133,
> +      "name": "Sleepycat License",
> +      "licenseId": "Sleepycat",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Sleepycat"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/xpp.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/xpp.json",
> +      "referenceNumber": 134,
> +      "name": "XPP License",
> +      "licenseId": "xpp",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/xpp"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDLA-Sharing-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDLA-Sharing-1.0.json",
> +      "referenceNumber": 135,
> +      "name": "Community Data License Agreement Sharing 1.0",
> +      "licenseId": "CDLA-Sharing-1.0",
> +      "seeAlso": [
> +        "https://cdla.io/sharing-1-0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ClArtistic.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ClArtistic.json",
> +      "referenceNumber": 136,
> +      "name": "Clarified Artistic License",
> +      "licenseId": "ClArtistic",
> +      "seeAlso": [
> +        "http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/",
> +        "http://www.ncftp.com/ncftp/doc/LICENSE.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-1.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-only.json",
> +      "referenceNumber": 137,
> +      "name": "Affero General Public License v1.0 only",
> +      "licenseId": "AGPL-1.0-only",
> +      "seeAlso": [
> +        "http://www.affero.org/oagpl.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-DE.json",
> +      "referenceNumber": 138,
> +      "name": "Creative Commons Attribution 3.0 Germany",
> +      "licenseId": "CC-BY-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AFL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AFL-2.0.json",
> +      "referenceNumber": 139,
> +      "name": "Academic Free License v2.0",
> +      "licenseId": "AFL-2.0",
> +      "seeAlso": [
> +        "http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Intel.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Intel.json",
> +      "referenceNumber": 140,
> +      "name": "Intel Open Source License",
> +      "licenseId": "Intel",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Intel"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.json",
> +      "referenceNumber": 141,
> +      "name": "GNU Free Documentation License v1.1 or later - no invariants",
> +      "licenseId": "GFDL-1.1-no-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APAFML.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APAFML.json",
> +      "referenceNumber": 142,
> +      "name": "Adobe Postscript AFM License",
> +      "licenseId": "APAFML",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2.json",
> +      "referenceNumber": 143,
> +      "name": "GNU Free Documentation License v1.2",
> +      "licenseId": "GFDL-1.2",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SISSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SISSL.json",
> +      "referenceNumber": 144,
> +      "name": "Sun Industry Standards Source License v1.1",
> +      "licenseId": "SISSL",
> +      "seeAlso": [
> +        "http://www.openoffice.org/licenses/sissl_license.html",
> +        "https://opensource.org/licenses/SISSL"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Naumen.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Naumen.json",
> +      "referenceNumber": 145,
> +      "name": "Naumen Public License",
> +      "licenseId": "Naumen",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Naumen"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/HTMLTIDY.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/HTMLTIDY.json",
> +      "referenceNumber": 146,
> +      "name": "HTML Tidy License",
> +      "licenseId": "HTMLTIDY",
> +      "seeAlso": [
> +        "https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.8.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.8.json",
> +      "referenceNumber": 147,
> +      "name": "Open LDAP Public License v2.8",
> +      "licenseId": "OLDAP-2.8",
> +      "seeAlso": [
> +        "http://www.openldap.org/software/release/license.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/blessing.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/blessing.json",
> +      "referenceNumber": 148,
> +      "name": "SQLite Blessing",
> +      "licenseId": "blessing",
> +      "seeAlso": [
> +        "https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln\u003d4-9",
> +        "https://sqlite.org/src/artifact/df5091916dbb40e6"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.0.json",
> +      "referenceNumber": 149,
> +      "name": "Creative Commons Attribution No Derivatives 2.0 Generic",
> +      "licenseId": "CC-BY-ND-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGTSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGTSL.json",
> +      "referenceNumber": 150,
> +      "name": "Open Group Test Suite License",
> +      "licenseId": "OGTSL",
> +      "seeAlso": [
> +        "http://www.opengroup.org/testing/downloads/The_Open_Group_TSL.txt",
> +        "https://opensource.org/licenses/OGTSL"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-or-later.json",
> +      "referenceNumber": 151,
> +      "name": "GNU Library General Public License v2 or later",
> +      "licenseId": "LGPL-2.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Parity-7.0.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Parity-7.0.0.json",
> +      "referenceNumber": 152,
> +      "name": "The Parity Public License 7.0.0",
> +      "licenseId": "Parity-7.0.0",
> +      "seeAlso": [
> +        "https://paritylicense.com/versions/7.0.0.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-1.0.json",
> +      "referenceNumber": 153,
> +      "name": "Creative Commons Attribution No Derivatives 1.0 Generic",
> +      "licenseId": "CC-BY-ND-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/dvipdfm.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/dvipdfm.json",
> +      "referenceNumber": 154,
> +      "name": "dvipdfm License",
> +      "licenseId": "dvipdfm",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/dvipdfm"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CNRI-Python.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CNRI-Python.json",
> +      "referenceNumber": 155,
> +      "name": "CNRI Python License",
> +      "licenseId": "CNRI-Python",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/CNRI-Python"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-4-Clause-UC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-UC.json",
> +      "referenceNumber": 156,
> +      "name": "BSD-4-Clause (University of California-Specific)",
> +      "licenseId": "BSD-4-Clause-UC",
> +      "seeAlso": [
> +        "http://www.freebsd.org/copyright/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NLOD-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NLOD-1.0.json",
> +      "referenceNumber": 157,
> +      "name": "Norwegian Licence for Open Government Data (NLOD) 1.0",
> +      "licenseId": "NLOD-1.0",
> +      "seeAlso": [
> +        "http://data.norge.no/nlod/en/1.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MS-RL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MS-RL.json",
> +      "referenceNumber": 158,
> +      "name": "Microsoft Reciprocal License",
> +      "licenseId": "MS-RL",
> +      "seeAlso": [
> +        "http://www.microsoft.com/opensource/licenses.mspx",
> +        "https://opensource.org/licenses/MS-RL"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.json",
> +      "referenceNumber": 159,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 4.0 International",
> +      "licenseId": "CC-BY-NC-SA-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/HaskellReport.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/HaskellReport.json",
> +      "referenceNumber": 160,
> +      "name": "Haskell Language Report License",
> +      "licenseId": "HaskellReport",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-1.0.json",
> +      "referenceNumber": 161,
> +      "name": "Creative Commons Attribution 1.0 Generic",
> +      "licenseId": "CC-BY-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/UCL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/UCL-1.0.json",
> +      "referenceNumber": 162,
> +      "name": "Upstream Compatibility License v1.0",
> +      "licenseId": "UCL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/UCL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Mup.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Mup.json",
> +      "referenceNumber": 163,
> +      "name": "Mup License",
> +      "licenseId": "Mup",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Mup"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SMPPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SMPPL.json",
> +      "referenceNumber": 164,
> +      "name": "Secure Messaging Protocol Public License",
> +      "licenseId": "SMPPL",
> +      "seeAlso": [
> +        "https://github.com/dcblake/SMP/blob/master/Documentation/License.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PHP-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PHP-3.0.json",
> +      "referenceNumber": 165,
> +      "name": "PHP License v3.0",
> +      "licenseId": "PHP-3.0",
> +      "seeAlso": [
> +        "http://www.php.net/license/3_0.txt",
> +        "https://opensource.org/licenses/PHP-3.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GL2PS.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GL2PS.json",
> +      "referenceNumber": 166,
> +      "name": "GL2PS License",
> +      "licenseId": "GL2PS",
> +      "seeAlso": [
> +        "http://www.geuz.org/gl2ps/COPYING.GL2PS"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CrystalStacker.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CrystalStacker.json",
> +      "referenceNumber": 167,
> +      "name": "CrystalStacker License",
> +      "licenseId": "CrystalStacker",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd\u003dLicensing/CrystalStacker"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/W3C-20150513.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/W3C-20150513.json",
> +      "referenceNumber": 168,
> +      "name": "W3C Software Notice and Document License (2015-05-13)",
> +      "licenseId": "W3C-20150513",
> +      "seeAlso": [
> +        "https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NIST-PD-fallback.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NIST-PD-fallback.json",
> +      "referenceNumber": 169,
> +      "name": "NIST Public Domain Notice with license fallback",
> +      "licenseId": "NIST-PD-fallback",
> +      "seeAlso": [
> +        "https://github.com/usnistgov/jsip/blob/59700e6926cbe96c5cdae897d9a7d2656b42abe3/LICENSE",
> +        "https://github.com/usnistgov/fipy/blob/86aaa5c2ba2c6f1be19593c5986071cf6568cc34/LICENSE.rst"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGL-UK-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGL-UK-1.0.json",
> +      "referenceNumber": 170,
> +      "name": "Open Government Licence v1.0",
> +      "licenseId": "OGL-UK-1.0",
> +      "seeAlso": [
> +        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CPL-1.0.json",
> +      "referenceNumber": 171,
> +      "name": "Common Public License 1.0",
> +      "licenseId": "CPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/CPL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.1-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-only.json",
> +      "referenceNumber": 172,
> +      "name": "GNU Lesser General Public License v2.1 only",
> +      "licenseId": "LGPL-2.1-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
> +        "https://opensource.org/licenses/LGPL-2.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ZPL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ZPL-2.0.json",
> +      "referenceNumber": 173,
> +      "name": "Zope Public License 2.0",
> +      "licenseId": "ZPL-2.0",
> +      "seeAlso": [
> +        "http://old.zope.org/Resources/License/ZPL-2.0",
> +        "https://opensource.org/licenses/ZPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Frameworx-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Frameworx-1.0.json",
> +      "referenceNumber": 174,
> +      "name": "Frameworx Open License 1.0",
> +      "licenseId": "Frameworx-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Frameworx-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-3.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-only.json",
> +      "referenceNumber": 175,
> +      "name": "GNU Affero General Public License v3.0 only",
> +      "licenseId": "AGPL-3.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/agpl.txt",
> +        "https://opensource.org/licenses/AGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/DRL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/DRL-1.0.json",
> +      "referenceNumber": 176,
> +      "name": "Detection Rule License 1.0",
> +      "licenseId": "DRL-1.0",
> +      "seeAlso": [
> +        "https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EFL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EFL-2.0.json",
> +      "referenceNumber": 177,
> +      "name": "Eiffel Forum License v2.0",
> +      "licenseId": "EFL-2.0",
> +      "seeAlso": [
> +        "http://www.eiffel-nice.org/license/eiffel-forum-license-2.html",
> +        "https://opensource.org/licenses/EFL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Spencer-99.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Spencer-99.json",
> +      "referenceNumber": 178,
> +      "name": "Spencer License 99",
> +      "licenseId": "Spencer-99",
> +      "seeAlso": [
> +        "http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.json",
> +      "referenceNumber": 179,
> +      "name": "Cryptographic Autonomy License 1.0 (Combined Work Exception)",
> +      "licenseId": "CAL-1.0-Combined-Work-Exception",
> +      "seeAlso": [
> +        "http://cryptographicautonomylicense.com/license-text.html",
> +        "https://opensource.org/licenses/CAL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-only.json",
> +      "referenceNumber": 180,
> +      "name": "GNU Free Documentation License v1.1 only - invariants",
> +      "licenseId": "GFDL-1.1-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TCL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TCL.json",
> +      "referenceNumber": 181,
> +      "name": "TCL/TK License",
> +      "licenseId": "TCL",
> +      "seeAlso": [
> +        "http://www.tcl.tk/software/tcltk/license.html",
> +        "https://fedoraproject.org/wiki/Licensing/TCL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SHL-0.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SHL-0.5.json",
> +      "referenceNumber": 182,
> +      "name": "Solderpad Hardware License v0.5",
> +      "licenseId": "SHL-0.5",
> +      "seeAlso": [
> +        "https://solderpad.org/licenses/SHL-0.5/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.0-RFN.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.0-RFN.json",
> +      "referenceNumber": 183,
> +      "name": "SIL Open Font License 1.0 with Reserved Font Name",
> +      "licenseId": "OFL-1.0-RFN",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0.json",
> +      "referenceNumber": 184,
> +      "name": "GNU Library General Public License v2 only",
> +      "licenseId": "LGPL-2.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CERN-OHL-W-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-W-2.0.json",
> +      "referenceNumber": 185,
> +      "name": "CERN Open Hardware Licence Version 2 - Weakly Reciprocal",
> +      "licenseId": "CERN-OHL-W-2.0",
> +      "seeAlso": [
> +        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Glide.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Glide.json",
> +      "referenceNumber": 186,
> +      "name": "3dfx Glide License",
> +      "licenseId": "Glide",
> +      "seeAlso": [
> +        "http://www.users.on.net/~triforce/glidexp/COPYING.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/mpich2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/mpich2.json",
> +      "referenceNumber": 187,
> +      "name": "mpich2 License",
> +      "licenseId": "mpich2",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MIT"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/psutils.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/psutils.json",
> +      "referenceNumber": 188,
> +      "name": "psutils License",
> +      "licenseId": "psutils",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/psutils"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SPL-1.0.json",
> +      "referenceNumber": 189,
> +      "name": "Sun Public License v1.0",
> +      "licenseId": "SPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/SPL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Apache-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Apache-1.1.json",
> +      "referenceNumber": 190,
> +      "name": "Apache License 1.1",
> +      "licenseId": "Apache-1.1",
> +      "seeAlso": [
> +        "http://apache.org/licenses/LICENSE-1.1",
> +        "https://opensource.org/licenses/Apache-1.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-4.0.json",
> +      "referenceNumber": 191,
> +      "name": "Creative Commons Attribution No Derivatives 4.0 International",
> +      "licenseId": "CC-BY-ND-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FreeBSD-DOC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FreeBSD-DOC.json",
> +      "referenceNumber": 192,
> +      "name": "FreeBSD Documentation License",
> +      "licenseId": "FreeBSD-DOC",
> +      "seeAlso": [
> +        "https://www.freebsd.org/copyright/freebsd-doc-license/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SCEA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SCEA.json",
> +      "referenceNumber": 193,
> +      "name": "SCEA Shared Source License",
> +      "licenseId": "SCEA",
> +      "seeAlso": [
> +        "http://research.scea.com/scea_shared_source_license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Latex2e.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Latex2e.json",
> +      "referenceNumber": 194,
> +      "name": "Latex2e License",
> +      "licenseId": "Latex2e",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Latex2e"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Artistic-1.0-cl8.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-cl8.json",
> +      "referenceNumber": 195,
> +      "name": "Artistic License 1.0 w/clause 8",
> +      "licenseId": "Artistic-1.0-cl8",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Artistic-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SGI-B-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SGI-B-1.1.json",
> +      "referenceNumber": 196,
> +      "name": "SGI Free Software License B v1.1",
> +      "licenseId": "SGI-B-1.1",
> +      "seeAlso": [
> +        "http://oss.sgi.com/projects/FreeB/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NRL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NRL.json",
> +      "referenceNumber": 197,
> +      "name": "NRL License",
> +      "licenseId": "NRL",
> +      "seeAlso": [
> +        "http://web.mit.edu/network/isakmp/nrllicense.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SWL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SWL.json",
> +      "referenceNumber": 198,
> +      "name": "Scheme Widget Library (SWL) Software License Agreement",
> +      "licenseId": "SWL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/SWL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Zed.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Zed.json",
> +      "referenceNumber": 199,
> +      "name": "Zed License",
> +      "licenseId": "Zed",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Zed"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CERN-OHL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.1.json",
> +      "referenceNumber": 200,
> +      "name": "CERN Open Hardware Licence v1.1",
> +      "licenseId": "CERN-OHL-1.1",
> +      "seeAlso": [
> +        "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RHeCos-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RHeCos-1.1.json",
> +      "referenceNumber": 201,
> +      "name": "Red Hat eCos Public License v1.1",
> +      "licenseId": "RHeCos-1.1",
> +      "seeAlso": [
> +        "http://ecos.sourceware.org/old-license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/JasPer-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/JasPer-2.0.json",
> +      "referenceNumber": 202,
> +      "name": "JasPer License",
> +      "licenseId": "JasPer-2.0",
> +      "seeAlso": [
> +        "http://www.ece.uvic.ca/~mdadams/jasper/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SSPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SSPL-1.0.json",
> +      "referenceNumber": 203,
> +      "name": "Server Side Public License, v 1",
> +      "licenseId": "SSPL-1.0",
> +      "seeAlso": [
> +        "https://www.mongodb.com/licensing/server-side-public-license"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0+.json",
> +      "referenceNumber": 204,
> +      "name": "GNU General Public License v2.0 or later",
> +      "licenseId": "GPL-2.0+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-2.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-1.4.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.4.json",
> +      "referenceNumber": 205,
> +      "name": "Open LDAP Public License v1.4",
> +      "licenseId": "OLDAP-1.4",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dc9f95c2f3f2ffb5e0ae55fe7388af75547660941"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/libpng-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/libpng-2.0.json",
> +      "referenceNumber": 206,
> +      "name": "PNG Reference Library version 2",
> +      "licenseId": "libpng-2.0",
> +      "seeAlso": [
> +        "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.json",
> +      "referenceNumber": 207,
> +      "name": "CNRI Python Open Source GPL Compatible License Agreement",
> +      "licenseId": "CNRI-Python-GPL-Compatible",
> +      "seeAlso": [
> +        "http://www.python.org/download/releases/1.6.1/download_win/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Aladdin.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Aladdin.json",
> +      "referenceNumber": 208,
> +      "name": "Aladdin Free Public License",
> +      "licenseId": "Aladdin",
> +      "seeAlso": [
> +        "http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-1.0.json",
> +      "referenceNumber": 209,
> +      "name": "CeCILL Free Software License Agreement v1.0",
> +      "licenseId": "CECILL-1.0",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Ruby.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Ruby.json",
> +      "referenceNumber": 210,
> +      "name": "Ruby License",
> +      "licenseId": "Ruby",
> +      "seeAlso": [
> +        "http://www.ruby-lang.org/en/LICENSE.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NPL-1.1.json",
> +      "referenceNumber": 211,
> +      "name": "Netscape Public License v1.1",
> +      "licenseId": "NPL-1.1",
> +      "seeAlso": [
> +        "http://www.mozilla.org/MPL/NPL/1.1/"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ImageMagick.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ImageMagick.json",
> +      "referenceNumber": 212,
> +      "name": "ImageMagick License",
> +      "licenseId": "ImageMagick",
> +      "seeAlso": [
> +        "http://www.imagemagick.org/script/license.php"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Cube.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Cube.json",
> +      "referenceNumber": 213,
> +      "name": "Cube License",
> +      "licenseId": "Cube",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Cube"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-only.json",
> +      "referenceNumber": 214,
> +      "name": "GNU Free Documentation License v1.1 only",
> +      "licenseId": "GFDL-1.1-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.0.json",
> +      "referenceNumber": 215,
> +      "name": "Creative Commons Attribution 2.0 Generic",
> +      "licenseId": "CC-BY-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AFL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AFL-1.2.json",
> +      "referenceNumber": 216,
> +      "name": "Academic Free License v1.2",
> +      "licenseId": "AFL-1.2",
> +      "seeAlso": [
> +        "http://opensource.linux-mirror.org/licenses/afl-1.2.txt",
> +        "http://wayback.archive.org/web/20021204204652/http://www.opensource.org/licenses/academic.php"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0.json",
> +      "referenceNumber": 217,
> +      "name": "Creative Commons Attribution Share Alike 2.0 Generic",
> +      "licenseId": "CC-BY-SA-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-2.0.json",
> +      "referenceNumber": 218,
> +      "name": "CeCILL Free Software License Agreement v2.0",
> +      "licenseId": "CECILL-2.0",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL_V2-en.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-advertising.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-advertising.json",
> +      "referenceNumber": 219,
> +      "name": "Enlightenment License (e16)",
> +      "licenseId": "MIT-advertising",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.json",
> +      "referenceNumber": 220,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic",
> +      "licenseId": "CC-BY-NC-SA-2.5",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Artistic-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0.json",
> +      "referenceNumber": 221,
> +      "name": "Artistic License 1.0",
> +      "licenseId": "Artistic-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Artistic-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSL-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSL-3.0.json",
> +      "referenceNumber": 222,
> +      "name": "Open Software License 3.0",
> +      "licenseId": "OSL-3.0",
> +      "seeAlso": [
> +        "https://web.archive.org/web/20120101081418/http://rosenlaw.com:80/OSL3.0.htm",
> +        "https://opensource.org/licenses/OSL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/X11.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/X11.json",
> +      "referenceNumber": 223,
> +      "name": "X11 License",
> +      "licenseId": "X11",
> +      "seeAlso": [
> +        "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Bahyph.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Bahyph.json",
> +      "referenceNumber": 224,
> +      "name": "Bahyph License",
> +      "licenseId": "Bahyph",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Bahyph"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.0.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.1.json",
> +      "referenceNumber": 225,
> +      "name": "Open LDAP Public License v2.0.1",
> +      "licenseId": "OLDAP-2.0.1",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db6d68acd14e51ca3aab4428bf26522aa74873f0e"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EUDatagrid.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EUDatagrid.json",
> +      "referenceNumber": 226,
> +      "name": "EU DataGrid Software License",
> +      "licenseId": "EUDatagrid",
> +      "seeAlso": [
> +        "http://eu-datagrid.web.cern.ch/eu-datagrid/license.html",
> +        "https://opensource.org/licenses/EUDatagrid"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MTLL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MTLL.json",
> +      "referenceNumber": 227,
> +      "name": "Matrix Template Library License",
> +      "licenseId": "MTLL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-only.json",
> +      "referenceNumber": 228,
> +      "name": "GNU Free Documentation License v1.2 only - invariants",
> +      "licenseId": "GFDL-1.2-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.json",
> +      "referenceNumber": 229,
> +      "name": "GNU Free Documentation License v1.3 or later - no invariants",
> +      "licenseId": "GFDL-1.3-no-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/curl.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/curl.json",
> +      "referenceNumber": 230,
> +      "name": "curl License",
> +      "licenseId": "curl",
> +      "seeAlso": [
> +        "https://github.com/bagder/curl/blob/master/COPYING"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LAL-1.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LAL-1.3.json",
> +      "referenceNumber": 231,
> +      "name": "Licence Art Libre 1.3",
> +      "licenseId": "LAL-1.3",
> +      "seeAlso": [
> +        "https://artlibre.org/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/DSDP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/DSDP.json",
> +      "referenceNumber": 232,
> +      "name": "DSDP License",
> +      "licenseId": "DSDP",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/DSDP"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CERN-OHL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.2.json",
> +      "referenceNumber": 233,
> +      "name": "CERN Open Hardware Licence v1.2",
> +      "licenseId": "CERN-OHL-1.2",
> +      "seeAlso": [
> +        "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TOSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TOSL.json",
> +      "referenceNumber": 234,
> +      "name": "Trusster Open Source License",
> +      "licenseId": "TOSL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/TOSL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.json",
> +      "referenceNumber": 235,
> +      "name": "GNU General Public License v3.0 w/Autoconf exception",
> +      "licenseId": "GPL-3.0-with-autoconf-exception",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/autoconf-exception-3.0.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0.json",
> +      "referenceNumber": 236,
> +      "name": "Creative Commons Attribution 3.0 Unported",
> +      "licenseId": "CC-BY-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Qhull.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Qhull.json",
> +      "referenceNumber": 237,
> +      "name": "Qhull License",
> +      "licenseId": "Qhull",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Qhull"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.json",
> +      "referenceNumber": 238,
> +      "name": "GNU Free Documentation License v1.3 only - no invariants",
> +      "licenseId": "GFDL-1.3-no-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TORQUE-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TORQUE-1.1.json",
> +      "referenceNumber": 239,
> +      "name": "TORQUE v2.5+ Software License v1.1",
> +      "licenseId": "TORQUE-1.1",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/TORQUEv1.1"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MS-PL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MS-PL.json",
> +      "referenceNumber": 240,
> +      "name": "Microsoft Public License",
> +      "licenseId": "MS-PL",
> +      "seeAlso": [
> +        "http://www.microsoft.com/opensource/licenses.mspx",
> +        "https://opensource.org/licenses/MS-PL"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Apache-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Apache-1.0.json",
> +      "referenceNumber": 241,
> +      "name": "Apache License 1.0",
> +      "licenseId": "Apache-1.0",
> +      "seeAlso": [
> +        "http://www.apache.org/licenses/LICENSE-1.0"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/copyleft-next-0.3.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.1.json",
> +      "referenceNumber": 242,
> +      "name": "copyleft-next 0.3.1",
> +      "licenseId": "copyleft-next-0.3.1",
> +      "seeAlso": [
> +        "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-or-later.json",
> +      "referenceNumber": 243,
> +      "name": "GNU Free Documentation License v1.2 or later",
> +      "licenseId": "GFDL-1.2-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0+.json",
> +      "referenceNumber": 244,
> +      "name": "GNU General Public License v3.0 or later",
> +      "licenseId": "GPL-3.0+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-3.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MulanPSL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MulanPSL-2.0.json",
> +      "referenceNumber": 245,
> +      "name": "Mulan Permissive Software License, Version 2",
> +      "licenseId": "MulanPSL-2.0",
> +      "seeAlso": [
> +        "https://license.coscl.org.cn/MulanPSL2/"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FSFAP.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FSFAP.json",
> +      "referenceNumber": 246,
> +      "name": "FSF All Permissive License",
> +      "licenseId": "FSFAP",
> +      "seeAlso": [
> +        "https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Xerox.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Xerox.json",
> +      "referenceNumber": 247,
> +      "name": "Xerox License",
> +      "licenseId": "Xerox",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Xerox"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDDL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDDL-1.0.json",
> +      "referenceNumber": 248,
> +      "name": "Common Development and Distribution License 1.0",
> +      "licenseId": "CDDL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/cddl1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-only.json",
> +      "referenceNumber": 249,
> +      "name": "GNU Free Documentation License v1.3 only - invariants",
> +      "licenseId": "GFDL-1.3-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/etalab-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/etalab-2.0.json",
> +      "referenceNumber": 250,
> +      "name": "Etalab Open License 2.0",
> +      "licenseId": "etalab-2.0",
> +      "seeAlso": [
> +        "https://github.com/DISIC/politique-de-contribution-open-source/blob/master/LICENSE.pdf",
> +        "https://raw.githubusercontent.com/DISIC/politique-de-contribution-open-source/master/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/XFree86-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/XFree86-1.1.json",
> +      "referenceNumber": 251,
> +      "name": "XFree86 License 1.1",
> +      "licenseId": "XFree86-1.1",
> +      "seeAlso": [
> +        "http://www.xfree86.org/current/LICENSE4.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SNIA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SNIA.json",
> +      "referenceNumber": 252,
> +      "name": "SNIA Public License 1.1",
> +      "licenseId": "SNIA",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/SNIA_Public_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPPL-1.1.json",
> +      "referenceNumber": 253,
> +      "name": "LaTeX Project Public License v1.1",
> +      "licenseId": "LPPL-1.1",
> +      "seeAlso": [
> +        "http://www.latex-project.org/lppl/lppl-1-1.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CATOSL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CATOSL-1.1.json",
> +      "referenceNumber": 254,
> +      "name": "Computer Associates Trusted Open Source License 1.1",
> +      "licenseId": "CATOSL-1.1",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/CATOSL-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TU-Berlin-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TU-Berlin-2.0.json",
> +      "referenceNumber": 255,
> +      "name": "Technische Universitaet Berlin License 2.0",
> +      "licenseId": "TU-Berlin-2.0",
> +      "seeAlso": [
> +        "https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3.json",
> +      "referenceNumber": 256,
> +      "name": "GNU Free Documentation License v1.3",
> +      "licenseId": "GFDL-1.3",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-or-later.json",
> +      "referenceNumber": 257,
> +      "name": "GNU Free Documentation License v1.3 or later",
> +      "licenseId": "GFDL-1.3-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LAL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LAL-1.2.json",
> +      "referenceNumber": 258,
> +      "name": "Licence Art Libre 1.2",
> +      "licenseId": "LAL-1.2",
> +      "seeAlso": [
> +        "http://artlibre.org/licence/lal/licence-art-libre-12/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ICU.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ICU.json",
> +      "referenceNumber": 259,
> +      "name": "ICU License",
> +      "licenseId": "ICU",
> +      "seeAlso": [
> +        "http://source.icu-project.org/repos/icu/icu/trunk/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FTL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FTL.json",
> +      "referenceNumber": 260,
> +      "name": "Freetype Project License",
> +      "licenseId": "FTL",
> +      "seeAlso": [
> +        "http://freetype.fis.uniroma2.it/FTL.TXT",
> +        "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT",
> +        "http://gitlab.freedesktop.org/freetype/freetype/-/raw/master/docs/FTL.TXT"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MirOS.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MirOS.json",
> +      "referenceNumber": 261,
> +      "name": "The MirOS Licence",
> +      "licenseId": "MirOS",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/MirOS"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.json",
> +      "referenceNumber": 262,
> +      "name": "BSD 2-Clause NetBSD License",
> +      "licenseId": "BSD-2-Clause-NetBSD",
> +      "seeAlso": [
> +        "http://www.netbsd.org/about/redistribution.html#default"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.json",
> +      "referenceNumber": 263,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported",
> +      "licenseId": "CC-BY-NC-ND-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSET-PL-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSET-PL-2.1.json",
> +      "referenceNumber": 264,
> +      "name": "OSET Public License version 2.1",
> +      "licenseId": "OSET-PL-2.1",
> +      "seeAlso": [
> +        "http://www.osetfoundation.org/public-license",
> +        "https://opensource.org/licenses/OPL-2.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.json",
> +      "referenceNumber": 265,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic",
> +      "licenseId": "CC-BY-NC-ND-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SISSL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SISSL-1.2.json",
> +      "referenceNumber": 266,
> +      "name": "Sun Industry Standards Source License v1.2",
> +      "licenseId": "SISSL-1.2",
> +      "seeAlso": [
> +        "http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Wsuipa.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Wsuipa.json",
> +      "referenceNumber": 267,
> +      "name": "Wsuipa License",
> +      "licenseId": "Wsuipa",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Wsuipa"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Zimbra-1.4.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Zimbra-1.4.json",
> +      "referenceNumber": 268,
> +      "name": "Zimbra Public License v1.4",
> +      "licenseId": "Zimbra-1.4",
> +      "seeAlso": [
> +        "http://www.zimbra.com/legal/zimbra-public-license-1-4"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Linux-OpenIB.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Linux-OpenIB.json",
> +      "referenceNumber": 269,
> +      "name": "Linux Kernel Variant of OpenIB.org license",
> +      "licenseId": "Linux-OpenIB",
> +      "seeAlso": [
> +        "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-3.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0.json",
> +      "referenceNumber": 270,
> +      "name": "GNU Lesser General Public License v3.0 only",
> +      "licenseId": "LGPL-3.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/LGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.5.json",
> +      "referenceNumber": 271,
> +      "name": "Open LDAP Public License v2.5",
> +      "licenseId": "OLDAP-2.5",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d6852b9d90022e8593c98205413380536b1b5a7cf"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AMPAS.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AMPAS.json",
> +      "referenceNumber": 272,
> +      "name": "Academy of Motion Picture Arts and Sciences BSD",
> +      "licenseId": "AMPAS",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-1.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-1.0-or-later.json",
> +      "referenceNumber": 273,
> +      "name": "GNU General Public License v1.0 or later",
> +      "licenseId": "GPL-1.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BUSL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BUSL-1.1.json",
> +      "referenceNumber": 274,
> +      "name": "Business Source License 1.1",
> +      "licenseId": "BUSL-1.1",
> +      "seeAlso": [
> +        "https://mariadb.com/bsl11/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Adobe-Glyph.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Adobe-Glyph.json",
> +      "referenceNumber": 275,
> +      "name": "Adobe Glyph List License",
> +      "licenseId": "Adobe-Glyph",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/0BSD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/0BSD.json",
> +      "referenceNumber": 276,
> +      "name": "BSD Zero Clause License",
> +      "licenseId": "0BSD",
> +      "seeAlso": [
> +        "http://landley.net/toybox/license.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/W3C-19980720.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/W3C-19980720.json",
> +      "referenceNumber": 277,
> +      "name": "W3C Software Notice and License (1998-07-20)",
> +      "licenseId": "W3C-19980720",
> +      "seeAlso": [
> +        "http://www.w3.org/Consortium/Legal/copyright-software-19980720.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FSFUL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FSFUL.json",
> +      "referenceNumber": 278,
> +      "name": "FSF Unlimited License",
> +      "licenseId": "FSFUL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.json",
> +      "referenceNumber": 279,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported",
> +      "licenseId": "CC-BY-NC-SA-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/DOC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/DOC.json",
> +      "referenceNumber": 280,
> +      "name": "DOC License",
> +      "licenseId": "DOC",
> +      "seeAlso": [
> +        "http://www.cs.wustl.edu/~schmidt/ACE-copying.html",
> +        "https://www.dre.vanderbilt.edu/~schmidt/ACE-copying.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TMate.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TMate.json",
> +      "referenceNumber": 281,
> +      "name": "TMate Open Source License",
> +      "licenseId": "TMate",
> +      "seeAlso": [
> +        "http://svnkit.com/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-open-group.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-open-group.json",
> +      "referenceNumber": 282,
> +      "name": "MIT Open Group variant",
> +      "licenseId": "MIT-open-group",
> +      "seeAlso": [
> +        "https://gitlab.freedesktop.org/xorg/app/iceauth/-/blob/master/COPYING",
> +        "https://gitlab.freedesktop.org/xorg/app/xvinfo/-/blob/master/COPYING",
> +        "https://gitlab.freedesktop.org/xorg/app/xsetroot/-/blob/master/COPYING",
> +        "https://gitlab.freedesktop.org/xorg/app/xauth/-/blob/master/COPYING"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AMDPLPA.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AMDPLPA.json",
> +      "referenceNumber": 283,
> +      "name": "AMD\u0027s plpa_map.c License",
> +      "licenseId": "AMDPLPA",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Condor-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Condor-1.1.json",
> +      "referenceNumber": 284,
> +      "name": "Condor Public License v1.1",
> +      "licenseId": "Condor-1.1",
> +      "seeAlso": [
> +        "http://research.cs.wisc.edu/condor/license.html#condor",
> +        "http://web.archive.org/web/20111123062036/http://research.cs.wisc.edu/condor/license.html#condor"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.json",
> +      "referenceNumber": 285,
> +      "name": "PolyForm Noncommercial License 1.0.0",
> +      "licenseId": "PolyForm-Noncommercial-1.0.0",
> +      "seeAlso": [
> +        "https://polyformproject.org/licenses/noncommercial/1.0.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.json",
> +      "referenceNumber": 286,
> +      "name": "BSD 3-Clause No Military License",
> +      "licenseId": "BSD-3-Clause-No-Military-License",
> +      "seeAlso": [
> +        "https://gitlab.syncad.com/hive/dhive/-/blob/master/LICENSE",
> +        "https://github.com/greymass/swift-eosio/blob/master/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-4.0.json",
> +      "referenceNumber": 287,
> +      "name": "Creative Commons Attribution 4.0 International",
> +      "licenseId": "CC-BY-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGL-Canada-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGL-Canada-2.0.json",
> +      "referenceNumber": 288,
> +      "name": "Open Government Licence - Canada",
> +      "licenseId": "OGL-Canada-2.0",
> +      "seeAlso": [
> +        "https://open.canada.ca/en/open-government-licence-canada"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.json",
> +      "referenceNumber": 289,
> +      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO",
> +      "licenseId": "CC-BY-NC-SA-3.0-IGO",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EFL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EFL-1.0.json",
> +      "referenceNumber": 290,
> +      "name": "Eiffel Forum License v1.0",
> +      "licenseId": "EFL-1.0",
> +      "seeAlso": [
> +        "http://www.eiffel-nice.org/license/forum.txt",
> +        "https://opensource.org/licenses/EFL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Newsletr.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Newsletr.json",
> +      "referenceNumber": 291,
> +      "name": "Newsletr License",
> +      "licenseId": "Newsletr",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Newsletr"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/copyleft-next-0.3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.0.json",
> +      "referenceNumber": 292,
> +      "name": "copyleft-next 0.3.0",
> +      "licenseId": "copyleft-next-0.3.0",
> +      "seeAlso": [
> +        "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-or-later.json",
> +      "referenceNumber": 293,
> +      "name": "GNU General Public License v3.0 or later",
> +      "licenseId": "GPL-3.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDLA-Permissive-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-2.0.json",
> +      "referenceNumber": 294,
> +      "name": "Community Data License Agreement Permissive 2.0",
> +      "licenseId": "CDLA-Permissive-2.0",
> +      "seeAlso": [
> +        "https://cdla.dev/permissive-2-0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-ND-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0.json",
> +      "referenceNumber": 295,
> +      "name": "Creative Commons Attribution No Derivatives 3.0 Unported",
> +      "licenseId": "CC-BY-ND-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/C-UDA-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/C-UDA-1.0.json",
> +      "referenceNumber": 296,
> +      "name": "Computational Use of Data Agreement v1.0",
> +      "licenseId": "C-UDA-1.0",
> +      "seeAlso": [
> +        "https://github.com/microsoft/Computational-Use-of-Data-Agreement/blob/master/C-UDA-1.0.md",
> +        "https://cdla.dev/computational-use-of-data-agreement-v1-0/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Barr.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Barr.json",
> +      "referenceNumber": 297,
> +      "name": "Barr License",
> +      "licenseId": "Barr",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Barr"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Vim.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Vim.json",
> +      "referenceNumber": 298,
> +      "name": "Vim License",
> +      "licenseId": "Vim",
> +      "seeAlso": [
> +        "http://vimdoc.sourceforge.net/htmldoc/uganda.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.json",
> +      "referenceNumber": 299,
> +      "name": "GNU General Public License v2.0 w/Classpath exception",
> +      "licenseId": "GPL-2.0-with-classpath-exception",
> +      "seeAlso": [
> +        "https://www.gnu.org/software/classpath/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BitTorrent-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.1.json",
> +      "referenceNumber": 300,
> +      "name": "BitTorrent Open Source License v1.1",
> +      "licenseId": "BitTorrent-1.1",
> +      "seeAlso": [
> +        "http://directory.fsf.org/wiki/License:BitTorrentOSL1.1"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDL-1.0.json",
> +      "referenceNumber": 301,
> +      "name": "Common Documentation License 1.0",
> +      "licenseId": "CDL-1.0",
> +      "seeAlso": [
> +        "http://www.opensource.apple.com/cdl/",
> +        "https://fedoraproject.org/wiki/Licensing/Common_Documentation_License",
> +        "https://www.gnu.org/licenses/license-list.html#ACDL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-1.0.json",
> +      "referenceNumber": 302,
> +      "name": "Creative Commons Attribution Share Alike 1.0 Generic",
> +      "licenseId": "CC-BY-SA-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ADSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ADSL.json",
> +      "referenceNumber": 303,
> +      "name": "Amazon Digital Services License",
> +      "licenseId": "ADSL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PostgreSQL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PostgreSQL.json",
> +      "referenceNumber": 304,
> +      "name": "PostgreSQL License",
> +      "licenseId": "PostgreSQL",
> +      "seeAlso": [
> +        "http://www.postgresql.org/about/licence",
> +        "https://opensource.org/licenses/PostgreSQL"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.1.json",
> +      "referenceNumber": 305,
> +      "name": "SIL Open Font License 1.1",
> +      "licenseId": "OFL-1.1",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
> +        "https://opensource.org/licenses/OFL-1.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NPL-1.0.json",
> +      "referenceNumber": 306,
> +      "name": "Netscape Public License v1.0",
> +      "licenseId": "NPL-1.0",
> +      "seeAlso": [
> +        "http://www.mozilla.org/MPL/NPL/1.0/"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/xinetd.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/xinetd.json",
> +      "referenceNumber": 307,
> +      "name": "xinetd License",
> +      "licenseId": "xinetd",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Xinetd_License"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-only.json",
> +      "referenceNumber": 308,
> +      "name": "GNU Library General Public License v2 only",
> +      "licenseId": "LGPL-2.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/zlib-acknowledgement.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/zlib-acknowledgement.json",
> +      "referenceNumber": 309,
> +      "name": "zlib/libpng License with Acknowledgement",
> +      "licenseId": "zlib-acknowledgement",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.1.json",
> +      "referenceNumber": 310,
> +      "name": "Open LDAP Public License v2.2.1",
> +      "licenseId": "OLDAP-2.2.1",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d4bc786f34b50aa301be6f5600f58a980070f481e"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APSL-1.0.json",
> +      "referenceNumber": 311,
> +      "name": "Apple Public Source License 1.0",
> +      "licenseId": "APSL-1.0",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-LBNL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-LBNL.json",
> +      "referenceNumber": 312,
> +      "name": "Lawrence Berkeley National Labs BSD variant license",
> +      "licenseId": "BSD-3-Clause-LBNL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/LBNLBSD"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GLWTPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GLWTPL.json",
> +      "referenceNumber": 313,
> +      "name": "Good Luck With That Public License",
> +      "licenseId": "GLWTPL",
> +      "seeAlso": [
> +        "https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-3.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-only.json",
> +      "referenceNumber": 314,
> +      "name": "GNU Lesser General Public License v3.0 only",
> +      "licenseId": "LGPL-3.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/LGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGC-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGC-1.0.json",
> +      "referenceNumber": 315,
> +      "name": "OGC Software License, Version 1.0",
> +      "licenseId": "OGC-1.0",
> +      "seeAlso": [
> +        "https://www.ogc.org/ogc/software/1.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Dotseqn.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Dotseqn.json",
> +      "referenceNumber": 316,
> +      "name": "Dotseqn License",
> +      "licenseId": "Dotseqn",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Dotseqn"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MakeIndex.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MakeIndex.json",
> +      "referenceNumber": 317,
> +      "name": "MakeIndex License",
> +      "licenseId": "MakeIndex",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MakeIndex"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-only.json",
> +      "referenceNumber": 318,
> +      "name": "GNU General Public License v3.0 only",
> +      "licenseId": "GPL-3.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.json",
> +      "referenceNumber": 319,
> +      "name": "BSD 3-Clause No Nuclear License 2014",
> +      "licenseId": "BSD-3-Clause-No-Nuclear-License-2014",
> +      "seeAlso": [
> +        "https://java.net/projects/javaeetutorial/pages/BerkeleyLicense"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-1.0-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-1.0-only.json",
> +      "referenceNumber": 320,
> +      "name": "GNU General Public License v1.0 only",
> +      "licenseId": "GPL-1.0-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/IJG.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/IJG.json",
> +      "referenceNumber": 321,
> +      "name": "Independent JPEG Group License",
> +      "licenseId": "IJG",
> +      "seeAlso": [
> +        "http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev\u003d1.2"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-1.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-or-later.json",
> +      "referenceNumber": 322,
> +      "name": "Affero General Public License v1.0 or later",
> +      "licenseId": "AGPL-1.0-or-later",
> +      "seeAlso": [
> +        "http://www.affero.org/oagpl.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.1-no-RFN.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.1-no-RFN.json",
> +      "referenceNumber": 323,
> +      "name": "SIL Open Font License 1.1 with no Reserved Font Name",
> +      "licenseId": "OFL-1.1-no-RFN",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
> +        "https://opensource.org/licenses/OFL-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSL-1.0.json",
> +      "referenceNumber": 324,
> +      "name": "Boost Software License 1.0",
> +      "licenseId": "BSL-1.0",
> +      "seeAlso": [
> +        "http://www.boost.org/LICENSE_1_0.txt",
> +        "https://opensource.org/licenses/BSL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Libpng.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Libpng.json",
> +      "referenceNumber": 325,
> +      "name": "libpng License",
> +      "licenseId": "Libpng",
> +      "seeAlso": [
> +        "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0.json",
> +      "referenceNumber": 326,
> +      "name": "Creative Commons Attribution Non Commercial 3.0 Unported",
> +      "licenseId": "CC-BY-NC-3.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/3.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.0.json",
> +      "referenceNumber": 327,
> +      "name": "Creative Commons Attribution Non Commercial 2.0 Generic",
> +      "licenseId": "CC-BY-NC-2.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/2.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Unlicense.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Unlicense.json",
> +      "referenceNumber": 328,
> +      "name": "The Unlicense",
> +      "licenseId": "Unlicense",
> +      "seeAlso": [
> +        "https://unlicense.org/"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPL-1.0.json",
> +      "referenceNumber": 329,
> +      "name": "Lucent Public License Version 1.0",
> +      "licenseId": "LPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/LPL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/bzip2-1.0.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.5.json",
> +      "referenceNumber": 330,
> +      "name": "bzip2 and libbzip2 License v1.0.5",
> +      "licenseId": "bzip2-1.0.5",
> +      "seeAlso": [
> +        "https://sourceware.org/bzip2/1.0.5/bzip2-manual-1.0.5.html",
> +        "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Entessa.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Entessa.json",
> +      "referenceNumber": 331,
> +      "name": "Entessa Public License v1.0",
> +      "licenseId": "Entessa",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Entessa"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-2-Clause-Patent.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Patent.json",
> +      "referenceNumber": 332,
> +      "name": "BSD-2-Clause Plus Patent License",
> +      "licenseId": "BSD-2-Clause-Patent",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/BSDplusPatent"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ECL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ECL-2.0.json",
> +      "referenceNumber": 333,
> +      "name": "Educational Community License v2.0",
> +      "licenseId": "ECL-2.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/ECL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Crossword.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Crossword.json",
> +      "referenceNumber": 334,
> +      "name": "Crossword License",
> +      "licenseId": "Crossword",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Crossword"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.json",
> +      "referenceNumber": 335,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic",
> +      "licenseId": "CC-BY-NC-ND-1.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OCLC-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OCLC-2.0.json",
> +      "referenceNumber": 336,
> +      "name": "OCLC Research Public License 2.0",
> +      "licenseId": "OCLC-2.0",
> +      "seeAlso": [
> +        "http://www.oclc.org/research/activities/software/license/v2final.htm",
> +        "https://opensource.org/licenses/OCLC-2.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-1.1.json",
> +      "referenceNumber": 337,
> +      "name": "CeCILL Free Software License Agreement v1.1",
> +      "licenseId": "CECILL-1.1",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-2.1.json",
> +      "referenceNumber": 338,
> +      "name": "CeCILL Free Software License Agreement v2.1",
> +      "licenseId": "CECILL-2.1",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGDL-Taiwan-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGDL-Taiwan-1.0.json",
> +      "referenceNumber": 339,
> +      "name": "Taiwan Open Government Data License, version 1.0",
> +      "licenseId": "OGDL-Taiwan-1.0",
> +      "seeAlso": [
> +        "https://data.gov.tw/license"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Abstyles.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Abstyles.json",
> +      "referenceNumber": 340,
> +      "name": "Abstyles License",
> +      "licenseId": "Abstyles",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Abstyles"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/libselinux-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/libselinux-1.0.json",
> +      "referenceNumber": 341,
> +      "name": "libselinux public domain notice",
> +      "licenseId": "libselinux-1.0",
> +      "seeAlso": [
> +        "https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ANTLR-PD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ANTLR-PD.json",
> +      "referenceNumber": 342,
> +      "name": "ANTLR Software Rights Notice",
> +      "licenseId": "ANTLR-PD",
> +      "seeAlso": [
> +        "http://www.antlr2.org/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-or-later.json",
> +      "referenceNumber": 343,
> +      "name": "GNU General Public License v2.0 or later",
> +      "licenseId": "GPL-2.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/IPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/IPL-1.0.json",
> +      "referenceNumber": 344,
> +      "name": "IBM Public License v1.0",
> +      "licenseId": "IPL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/IPL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-enna.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-enna.json",
> +      "referenceNumber": 345,
> +      "name": "enna License",
> +      "licenseId": "MIT-enna",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MIT#enna"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CPOL-1.02.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CPOL-1.02.json",
> +      "referenceNumber": 346,
> +      "name": "Code Project Open License 1.02",
> +      "licenseId": "CPOL-1.02",
> +      "seeAlso": [
> +        "http://www.codeproject.com/info/cpol10.aspx"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.json",
> +      "referenceNumber": 347,
> +      "name": "Creative Commons Attribution Share Alike 3.0 Austria",
> +      "licenseId": "CC-BY-SA-3.0-AT",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/3.0/at/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.json",
> +      "referenceNumber": 348,
> +      "name": "GNU General Public License v3.0 w/GCC Runtime Library exception",
> +      "licenseId": "GPL-3.0-with-GCC-exception",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gcc-exception-3.1.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-1-Clause.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-1-Clause.json",
> +      "referenceNumber": 349,
> +      "name": "BSD 1-Clause License",
> +      "licenseId": "BSD-1-Clause",
> +      "seeAlso": [
> +        "https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision\u003d326823"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NTP-0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NTP-0.json",
> +      "referenceNumber": 350,
> +      "name": "NTP No Attribution",
> +      "licenseId": "NTP-0",
> +      "seeAlso": [
> +        "https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SugarCRM-1.1.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SugarCRM-1.1.3.json",
> +      "referenceNumber": 351,
> +      "name": "SugarCRM Public License v1.1.3",
> +      "licenseId": "SugarCRM-1.1.3",
> +      "seeAlso": [
> +        "http://www.sugarcrm.com/crm/SPL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT.json",
> +      "referenceNumber": 352,
> +      "name": "MIT License",
> +      "licenseId": "MIT",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/MIT"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.1-RFN.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.1-RFN.json",
> +      "referenceNumber": 353,
> +      "name": "SIL Open Font License 1.1 with Reserved Font Name",
> +      "licenseId": "OFL-1.1-RFN",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
> +        "https://opensource.org/licenses/OFL-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Watcom-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Watcom-1.0.json",
> +      "referenceNumber": 354,
> +      "name": "Sybase Open Watcom Public License 1.0",
> +      "licenseId": "Watcom-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Watcom-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.json",
> +      "referenceNumber": 355,
> +      "name": "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France",
> +      "licenseId": "CC-BY-NC-SA-2.0-FR",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ODbL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ODbL-1.0.json",
> +      "referenceNumber": 356,
> +      "name": "Open Data Commons Open Database License v1.0",
> +      "licenseId": "ODbL-1.0",
> +      "seeAlso": [
> +        "http://www.opendatacommons.org/licenses/odbl/1.0/",
> +        "https://opendatacommons.org/licenses/odbl/1-0/"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/FSFULLR.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/FSFULLR.json",
> +      "referenceNumber": 357,
> +      "name": "FSF Unlimited License (with License Retention)",
> +      "licenseId": "FSFULLR",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-1.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.3.json",
> +      "referenceNumber": 358,
> +      "name": "Open LDAP Public License v1.3",
> +      "licenseId": "OLDAP-1.3",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003de5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SSH-OpenSSH.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SSH-OpenSSH.json",
> +      "referenceNumber": 359,
> +      "name": "SSH OpenSSH license",
> +      "licenseId": "SSH-OpenSSH",
> +      "seeAlso": [
> +        "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-2-Clause.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause.json",
> +      "referenceNumber": 360,
> +      "name": "BSD 2-Clause \"Simplified\" License",
> +      "licenseId": "BSD-2-Clause",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/BSD-2-Clause"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/HPND.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/HPND.json",
> +      "referenceNumber": 361,
> +      "name": "Historical Permission Notice and Disclaimer",
> +      "licenseId": "HPND",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/HPND"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Zimbra-1.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Zimbra-1.3.json",
> +      "referenceNumber": 362,
> +      "name": "Zimbra Public License v1.3",
> +      "licenseId": "Zimbra-1.3",
> +      "seeAlso": [
> +        "http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Borceux.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Borceux.json",
> +      "referenceNumber": 363,
> +      "name": "Borceux license",
> +      "licenseId": "Borceux",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Borceux"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.1.json",
> +      "referenceNumber": 364,
> +      "name": "Open LDAP Public License v1.1",
> +      "licenseId": "OLDAP-1.1",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d806557a5ad59804ef3a44d5abfbe91d706b0791f"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OFL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OFL-1.0.json",
> +      "referenceNumber": 365,
> +      "name": "SIL Open Font License 1.0",
> +      "licenseId": "OFL-1.0",
> +      "seeAlso": [
> +        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NASA-1.3.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NASA-1.3.json",
> +      "referenceNumber": 366,
> +      "name": "NASA Open Source Agreement 1.3",
> +      "licenseId": "NASA-1.3",
> +      "seeAlso": [
> +        "http://ti.arc.nasa.gov/opensource/nosa/",
> +        "https://opensource.org/licenses/NASA-1.3"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/VOSTROM.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/VOSTROM.json",
> +      "referenceNumber": 367,
> +      "name": "VOSTROM Public License for Open Source",
> +      "licenseId": "VOSTROM",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/VOSTROM"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-0.json",
> +      "referenceNumber": 368,
> +      "name": "MIT No Attribution",
> +      "licenseId": "MIT-0",
> +      "seeAlso": [
> +        "https://github.com/aws/mit-0",
> +        "https://romanrm.net/mit-zero",
> +        "https://github.com/awsdocs/aws-cloud9-user-guide/blob/master/LICENSE-SAMPLECODE"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ISC.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ISC.json",
> +      "referenceNumber": 369,
> +      "name": "ISC License",
> +      "licenseId": "ISC",
> +      "seeAlso": [
> +        "https://www.isc.org/licenses/",
> +        "https://www.isc.org/downloads/software-support-policy/isc-license/",
> +        "https://opensource.org/licenses/ISC"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Unicode-DFS-2016.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2016.json",
> +      "referenceNumber": 370,
> +      "name": "Unicode License Agreement - Data Files and Software (2016)",
> +      "licenseId": "Unicode-DFS-2016",
> +      "seeAlso": [
> +        "http://www.unicode.org/copyright.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BlueOak-1.0.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BlueOak-1.0.0.json",
> +      "referenceNumber": 371,
> +      "name": "Blue Oak Model License 1.0.0",
> +      "licenseId": "BlueOak-1.0.0",
> +      "seeAlso": [
> +        "https://blueoakcouncil.org/license/1.0.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.json",
> +      "referenceNumber": 372,
> +      "name": "Licence Libre du Québec – Réciprocité forte version 1.1",
> +      "licenseId": "LiLiQ-Rplus-1.1",
> +      "seeAlso": [
> +        "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-forte-liliq-r-v1-1/",
> +        "http://opensource.org/licenses/LiLiQ-Rplus-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NOSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NOSL.json",
> +      "referenceNumber": 373,
> +      "name": "Netizen Open Source License",
> +      "licenseId": "NOSL",
> +      "seeAlso": [
> +        "http://bits.netizen.com.au/licenses/NOSL/nosl.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SMLNJ.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SMLNJ.json",
> +      "referenceNumber": 374,
> +      "name": "Standard ML of New Jersey License",
> +      "licenseId": "SMLNJ",
> +      "seeAlso": [
> +        "https://www.smlnj.org/license.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-3.0+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0+.json",
> +      "referenceNumber": 375,
> +      "name": "GNU Lesser General Public License v3.0 or later",
> +      "licenseId": "LGPL-3.0+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/LGPL-3.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CPAL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CPAL-1.0.json",
> +      "referenceNumber": 376,
> +      "name": "Common Public Attribution License 1.0",
> +      "licenseId": "CPAL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/CPAL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PSF-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PSF-2.0.json",
> +      "referenceNumber": 377,
> +      "name": "Python Software Foundation License 2.0",
> +      "licenseId": "PSF-2.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Python-2.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RPL-1.5.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RPL-1.5.json",
> +      "referenceNumber": 378,
> +      "name": "Reciprocal Public License 1.5",
> +      "licenseId": "RPL-1.5",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/RPL-1.5"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.json",
> +      "referenceNumber": 379,
> +      "name": "BSD 2-Clause FreeBSD License",
> +      "licenseId": "BSD-2-Clause-FreeBSD",
> +      "seeAlso": [
> +        "http://www.freebsd.org/copyright/freebsd-license.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-Modern-Variant.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-Modern-Variant.json",
> +      "referenceNumber": 380,
> +      "name": "MIT License Modern Variant",
> +      "licenseId": "MIT-Modern-Variant",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing:MIT#Modern_Variants",
> +        "https://ptolemy.berkeley.edu/copyright.htm",
> +        "https://pirlwww.lpl.arizona.edu/resources/guide/software/PerlTk/Tixlic.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Nokia.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Nokia.json",
> +      "referenceNumber": 381,
> +      "name": "Nokia Open Source License",
> +      "licenseId": "Nokia",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/nokia"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.json",
> +      "referenceNumber": 382,
> +      "name": "GNU Free Documentation License v1.1 only - no invariants",
> +      "licenseId": "GFDL-1.1-no-invariants-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PDDL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PDDL-1.0.json",
> +      "referenceNumber": 383,
> +      "name": "Open Data Commons Public Domain Dedication \u0026 License 1.0",
> +      "licenseId": "PDDL-1.0",
> +      "seeAlso": [
> +        "http://opendatacommons.org/licenses/pddl/1.0/",
> +        "https://opendatacommons.org/licenses/pddl/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EUPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EUPL-1.0.json",
> +      "referenceNumber": 384,
> +      "name": "European Union Public License 1.0",
> +      "licenseId": "EUPL-1.0",
> +      "seeAlso": [
> +        "http://ec.europa.eu/idabc/en/document/7330.html",
> +        "http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id\u003d31096"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDDL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDDL-1.1.json",
> +      "referenceNumber": 385,
> +      "name": "Common Development and Distribution License 1.1",
> +      "licenseId": "CDDL-1.1",
> +      "seeAlso": [
> +        "http://glassfish.java.net/public/CDDL+GPL_1_1.html",
> +        "https://javaee.github.io/glassfish/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.3-only.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-only.json",
> +      "referenceNumber": 386,
> +      "name": "GNU Free Documentation License v1.3 only",
> +      "licenseId": "GFDL-1.3-only",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/fdl-1.3.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.6.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.6.json",
> +      "referenceNumber": 387,
> +      "name": "Open LDAP Public License v2.6",
> +      "licenseId": "OLDAP-2.6",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d1cae062821881f41b73012ba816434897abf4205"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/JSON.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/JSON.json",
> +      "referenceNumber": 388,
> +      "name": "JSON License",
> +      "licenseId": "JSON",
> +      "seeAlso": [
> +        "http://www.json.org/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-3.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-or-later.json",
> +      "referenceNumber": 389,
> +      "name": "GNU Lesser General Public License v3.0 or later",
> +      "licenseId": "LGPL-3.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/LGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-3.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-3.0.json",
> +      "referenceNumber": 390,
> +      "name": "GNU General Public License v3.0 only",
> +      "licenseId": "GPL-3.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
> +        "https://opensource.org/licenses/GPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Fair.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Fair.json",
> +      "referenceNumber": 391,
> +      "name": "Fair License",
> +      "licenseId": "Fair",
> +      "seeAlso": [
> +        "http://fairlicense.org/",
> +        "https://opensource.org/licenses/Fair"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-with-font-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-font-exception.json",
> +      "referenceNumber": 392,
> +      "name": "GNU General Public License v2.0 w/Font exception",
> +      "licenseId": "GPL-2.0-with-font-exception",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/gpl-faq.html#FontException"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSL-2.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSL-2.1.json",
> +      "referenceNumber": 393,
> +      "name": "Open Software License 2.1",
> +      "licenseId": "OSL-2.1",
> +      "seeAlso": [
> +        "http://web.archive.org/web/20050212003940/http://www.rosenlaw.com/osl21.htm",
> +        "https://opensource.org/licenses/OSL-2.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LPPL-1.3a.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LPPL-1.3a.json",
> +      "referenceNumber": 394,
> +      "name": "LaTeX Project Public License v1.3a",
> +      "licenseId": "LPPL-1.3a",
> +      "seeAlso": [
> +        "http://www.latex-project.org/lppl/lppl-1-3a.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NAIST-2003.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NAIST-2003.json",
> +      "referenceNumber": 395,
> +      "name": "Nara Institute of Science and Technology License (2003)",
> +      "licenseId": "NAIST-2003",
> +      "seeAlso": [
> +        "https://enterprise.dejacode.com/licenses/public/naist-2003/#license-text",
> +        "https://github.com/nodejs/node/blob/4a19cc8947b1bba2b2d27816ec3d0edf9b28e503/LICENSE#L343"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.json",
> +      "referenceNumber": 396,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 4.0 International",
> +      "licenseId": "CC-BY-NC-ND-4.0",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.json",
> +      "referenceNumber": 397,
> +      "name": "Creative Commons Attribution Non Commercial 3.0 Germany",
> +      "licenseId": "CC-BY-NC-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.1+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1+.json",
> +      "referenceNumber": 398,
> +      "name": "GNU Library General Public License v2.1 or later",
> +      "licenseId": "LGPL-2.1+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
> +        "https://opensource.org/licenses/LGPL-2.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OPL-1.0.json",
> +      "referenceNumber": 399,
> +      "name": "Open Public License v1.0",
> +      "licenseId": "OPL-1.0",
> +      "seeAlso": [
> +        "http://old.koalateam.com/jackaroo/OPL_1_0.TXT",
> +        "https://fedoraproject.org/wiki/Licensing/Open_Public_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/HPND-sell-variant.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant.json",
> +      "referenceNumber": 400,
> +      "name": "Historical Permission Notice and Disclaimer - sell variant",
> +      "licenseId": "HPND-sell-variant",
> +      "seeAlso": [
> +        "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h\u003dv4.19"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/QPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/QPL-1.0.json",
> +      "referenceNumber": 401,
> +      "name": "Q Public License 1.0",
> +      "licenseId": "QPL-1.0",
> +      "seeAlso": [
> +        "http://doc.qt.nokia.com/3.3/license.html",
> +        "https://opensource.org/licenses/QPL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EUPL-1.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EUPL-1.2.json",
> +      "referenceNumber": 402,
> +      "name": "European Union Public License 1.2",
> +      "licenseId": "EUPL-1.2",
> +      "seeAlso": [
> +        "https://joinup.ec.europa.eu/page/eupl-text-11-12",
> +        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl_v1.2_en.pdf",
> +        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%20EN.txt",
> +        "https://joinup.ec.europa.eu/sites/default/files/inline-files/EUPL%20v1_2%20EN(1).txt",
> +        "http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri\u003dCELEX:32017D0863",
> +        "https://opensource.org/licenses/EUPL-1.2"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.json",
> +      "referenceNumber": 403,
> +      "name": "GNU Free Documentation License v1.2 or later - no invariants",
> +      "licenseId": "GFDL-1.2-no-invariants-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/eCos-2.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/eCos-2.0.json",
> +      "referenceNumber": 404,
> +      "name": "eCos license version 2.0",
> +      "licenseId": "eCos-2.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/ecos-license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NCGL-UK-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NCGL-UK-2.0.json",
> +      "referenceNumber": 405,
> +      "name": "Non-Commercial Government Licence",
> +      "licenseId": "NCGL-UK-2.0",
> +      "seeAlso": [
> +        "http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Beerware.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Beerware.json",
> +      "referenceNumber": 406,
> +      "name": "Beerware License",
> +      "licenseId": "Beerware",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Beerware",
> +        "https://people.freebsd.org/~phk/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.json",
> +      "referenceNumber": 407,
> +      "name": "BSD 3-Clause Open MPI variant",
> +      "licenseId": "BSD-3-Clause-Open-MPI",
> +      "seeAlso": [
> +        "https://www.open-mpi.org/community/license.php",
> +        "http://www.netlib.org/lapack/LICENSE.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.json",
> +      "referenceNumber": 408,
> +      "name": "GNU General Public License v2.0 w/Bison exception",
> +      "licenseId": "GPL-2.0-with-bison-exception",
> +      "seeAlso": [
> +        "http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id\u003d193d7c7054ba7197b0789e14965b739162319b5e#n141"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-B.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-B.json",
> +      "referenceNumber": 409,
> +      "name": "CeCILL-B Free Software License Agreement",
> +      "licenseId": "CECILL-B",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.json",
> +      "referenceNumber": 410,
> +      "name": "GNU General Public License v2.0 w/Autoconf exception",
> +      "licenseId": "GPL-2.0-with-autoconf-exception",
> +      "seeAlso": [
> +        "http://ac-archive.sourceforge.net/doc/copyright.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EPL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EPL-2.0.json",
> +      "referenceNumber": 411,
> +      "name": "Eclipse Public License 2.0",
> +      "licenseId": "EPL-2.0",
> +      "seeAlso": [
> +        "https://www.eclipse.org/legal/epl-2.0",
> +        "https://www.opensource.org/licenses/EPL-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-feh.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-feh.json",
> +      "referenceNumber": 412,
> +      "name": "feh License",
> +      "licenseId": "MIT-feh",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/MIT#feh"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RPL-1.1.json",
> +      "referenceNumber": 413,
> +      "name": "Reciprocal Public License 1.1",
> +      "licenseId": "RPL-1.1",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/RPL-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CDLA-Permissive-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-1.0.json",
> +      "referenceNumber": 414,
> +      "name": "Community Data License Agreement Permissive 1.0",
> +      "licenseId": "CDLA-Permissive-1.0",
> +      "seeAlso": [
> +        "https://cdla.io/permissive-1-0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Python-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Python-2.0.json",
> +      "referenceNumber": 415,
> +      "name": "Python License 2.0",
> +      "licenseId": "Python-2.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Python-2.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MPL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MPL-1.0.json",
> +      "referenceNumber": 416,
> +      "name": "Mozilla Public License 1.0",
> +      "licenseId": "MPL-1.0",
> +      "seeAlso": [
> +        "http://www.mozilla.org/MPL/MPL-1.0.html",
> +        "https://opensource.org/licenses/MPL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GFDL-1.1-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-or-later.json",
> +      "referenceNumber": 417,
> +      "name": "GNU Free Documentation License v1.1 or later",
> +      "licenseId": "GFDL-1.1-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/diffmark.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/diffmark.json",
> +      "referenceNumber": 418,
> +      "name": "diffmark license",
> +      "licenseId": "diffmark",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/diffmark"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/GPL-1.0+.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/GPL-1.0+.json",
> +      "referenceNumber": 419,
> +      "name": "GNU General Public License v1.0 or later",
> +      "licenseId": "GPL-1.0+",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OpenSSL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OpenSSL.json",
> +      "referenceNumber": 420,
> +      "name": "OpenSSL License",
> +      "licenseId": "OpenSSL",
> +      "seeAlso": [
> +        "http://www.openssl.org/source/license.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSL-1.0.json",
> +      "referenceNumber": 421,
> +      "name": "Open Software License 1.0",
> +      "licenseId": "OSL-1.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/OSL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Parity-6.0.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Parity-6.0.0.json",
> +      "referenceNumber": 422,
> +      "name": "The Parity Public License 6.0.0",
> +      "licenseId": "Parity-6.0.0",
> +      "seeAlso": [
> +        "https://paritylicense.com/versions/6.0.0.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-1.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0.json",
> +      "referenceNumber": 423,
> +      "name": "Affero General Public License v1.0",
> +      "licenseId": "AGPL-1.0",
> +      "seeAlso": [
> +        "http://www.affero.org/oagpl.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/YPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/YPL-1.1.json",
> +      "referenceNumber": 424,
> +      "name": "Yahoo! Public License v1.1",
> +      "licenseId": "YPL-1.1",
> +      "seeAlso": [
> +        "http://www.zimbra.com/license/yahoo_public_license_1.1.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SSH-short.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SSH-short.json",
> +      "referenceNumber": 425,
> +      "name": "SSH short notice",
> +      "licenseId": "SSH-short",
> +      "seeAlso": [
> +        "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/pathnames.h",
> +        "http://web.mit.edu/kolya/.f/root/athena.mit.edu/sipb.mit.edu/project/openssh/OldFiles/src/openssh-2.9.9p2/ssh-add.1",
> +        "https://joinup.ec.europa.eu/svn/lesoll/trunk/italc/lib/src/dsa_key.cpp"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/IBM-pibs.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/IBM-pibs.json",
> +      "referenceNumber": 426,
> +      "name": "IBM PowerPC Initialization and Boot Software",
> +      "licenseId": "IBM-pibs",
> +      "seeAlso": [
> +        "http://git.denx.de/?p\u003du-boot.git;a\u003dblob;f\u003darch/powerpc/cpu/ppc4xx/miiphy.c;h\u003d297155fdafa064b955e53e9832de93bfb0cfb85b;hb\u003d9fab4bf4cc077c21e43941866f3f2c196f28670d"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Xnet.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Xnet.json",
> +      "referenceNumber": 427,
> +      "name": "X.Net License",
> +      "licenseId": "Xnet",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/Xnet"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/TU-Berlin-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/TU-Berlin-1.0.json",
> +      "referenceNumber": 428,
> +      "name": "Technische Universitaet Berlin License 1.0",
> +      "licenseId": "TU-Berlin-1.0",
> +      "seeAlso": [
> +        "https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-3.0.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0.json",
> +      "referenceNumber": 429,
> +      "name": "GNU Affero General Public License v3.0",
> +      "licenseId": "AGPL-3.0",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/agpl.txt",
> +        "https://opensource.org/licenses/AGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CAL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CAL-1.0.json",
> +      "referenceNumber": 430,
> +      "name": "Cryptographic Autonomy License 1.0",
> +      "licenseId": "CAL-1.0",
> +      "seeAlso": [
> +        "http://cryptographicautonomylicense.com/license-text.html",
> +        "https://opensource.org/licenses/CAL-1.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AFL-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AFL-3.0.json",
> +      "referenceNumber": 431,
> +      "name": "Academic Free License v3.0",
> +      "licenseId": "AFL-3.0",
> +      "seeAlso": [
> +        "http://www.rosenlaw.com/AFL3.0.htm",
> +        "https://opensource.org/licenses/afl-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CECILL-C.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CECILL-C.json",
> +      "referenceNumber": 432,
> +      "name": "CeCILL-C Free Software License Agreement",
> +      "licenseId": "CECILL-C",
> +      "seeAlso": [
> +        "http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGL-UK-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGL-UK-3.0.json",
> +      "referenceNumber": 433,
> +      "name": "Open Government Licence v3.0",
> +      "licenseId": "OGL-UK-3.0",
> +      "seeAlso": [
> +        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-Clear.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Clear.json",
> +      "referenceNumber": 434,
> +      "name": "BSD 3-Clause Clear License",
> +      "licenseId": "BSD-3-Clause-Clear",
> +      "seeAlso": [
> +        "http://labs.metacarta.com/license-explanation.html#license"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-Modification.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Modification.json",
> +      "referenceNumber": 435,
> +      "name": "BSD 3-Clause Modification",
> +      "licenseId": "BSD-3-Clause-Modification",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.json",
> +      "referenceNumber": 436,
> +      "name": "Creative Commons Attribution Share Alike 2.0 England and Wales",
> +      "licenseId": "CC-BY-SA-2.0-UK",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Saxpath.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Saxpath.json",
> +      "referenceNumber": 437,
> +      "name": "Saxpath License",
> +      "licenseId": "Saxpath",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Saxpath_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NLPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NLPL.json",
> +      "referenceNumber": 438,
> +      "name": "No Limit Public License",
> +      "licenseId": "NLPL",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/NLPL"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/SimPL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/SimPL-2.0.json",
> +      "referenceNumber": 439,
> +      "name": "Simple Public License 2.0",
> +      "licenseId": "SimPL-2.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/SimPL-2.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/psfrag.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/psfrag.json",
> +      "referenceNumber": 440,
> +      "name": "psfrag License",
> +      "licenseId": "psfrag",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/psfrag"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Spencer-86.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Spencer-86.json",
> +      "referenceNumber": 441,
> +      "name": "Spencer License 86",
> +      "licenseId": "Spencer-86",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OCCT-PL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OCCT-PL.json",
> +      "referenceNumber": 442,
> +      "name": "Open CASCADE Technology Public License",
> +      "licenseId": "OCCT-PL",
> +      "seeAlso": [
> +        "http://www.opencascade.com/content/occt-public-license"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CERN-OHL-S-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-S-2.0.json",
> +      "referenceNumber": 443,
> +      "name": "CERN Open Hardware Licence Version 2 - Strongly Reciprocal",
> +      "licenseId": "CERN-OHL-S-2.0",
> +      "seeAlso": [
> +        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ErlPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ErlPL-1.1.json",
> +      "referenceNumber": 444,
> +      "name": "Erlang Public License v1.1",
> +      "licenseId": "ErlPL-1.1",
> +      "seeAlso": [
> +        "http://www.erlang.org/EPLICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/MIT-CMU.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/MIT-CMU.json",
> +      "referenceNumber": 445,
> +      "name": "CMU License",
> +      "licenseId": "MIT-CMU",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing:MIT?rd\u003dLicensing/MIT#CMU_Style",
> +        "https://github.com/python-pillow/Pillow/blob/fffb426092c8db24a5f4b6df243a8a3c01fb63cd/LICENSE"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NIST-PD.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NIST-PD.json",
> +      "referenceNumber": 446,
> +      "name": "NIST Public Domain Notice",
> +      "licenseId": "NIST-PD",
> +      "seeAlso": [
> +        "https://github.com/tcheneau/simpleRPL/blob/e645e69e38dd4e3ccfeceb2db8cba05b7c2e0cd3/LICENSE.txt",
> +        "https://github.com/tcheneau/Routing/blob/f09f46fcfe636107f22f2c98348188a65a135d98/README.md"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OSL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OSL-2.0.json",
> +      "referenceNumber": 447,
> +      "name": "Open Software License 2.0",
> +      "licenseId": "OSL-2.0",
> +      "seeAlso": [
> +        "http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/APSL-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/APSL-2.0.json",
> +      "referenceNumber": 448,
> +      "name": "Apple Public Source License 2.0",
> +      "licenseId": "APSL-2.0",
> +      "seeAlso": [
> +        "http://www.opensource.apple.com/license/apsl/"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Leptonica.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Leptonica.json",
> +      "referenceNumber": 449,
> +      "name": "Leptonica License",
> +      "licenseId": "Leptonica",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Leptonica"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.json",
> +      "referenceNumber": 450,
> +      "name": "PolyForm Small Business License 1.0.0",
> +      "licenseId": "PolyForm-Small-Business-1.0.0",
> +      "seeAlso": [
> +        "https://polyformproject.org/licenses/small-business/1.0.0"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LiLiQ-P-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/LiLiQ-P-1.1.json",
> +      "referenceNumber": 451,
> +      "name": "Licence Libre du Québec – Permissive version 1.1",
> +      "licenseId": "LiLiQ-P-1.1",
> +      "seeAlso": [
> +        "https://forge.gouv.qc.ca/licence/fr/liliq-v1-1/",
> +        "http://opensource.org/licenses/LiLiQ-P-1.1"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NetCDF.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NetCDF.json",
> +      "referenceNumber": 452,
> +      "name": "NetCDF license",
> +      "licenseId": "NetCDF",
> +      "seeAlso": [
> +        "http://www.unidata.ucar.edu/software/netcdf/copyright.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OML.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OML.json",
> +      "referenceNumber": 453,
> +      "name": "Open Market License",
> +      "licenseId": "OML",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/Open_Market_License"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/AGPL-3.0-or-later.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-or-later.json",
> +      "referenceNumber": 454,
> +      "name": "GNU Affero General Public License v3.0 or later",
> +      "licenseId": "AGPL-3.0-or-later",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/agpl.txt",
> +        "https://opensource.org/licenses/AGPL-3.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OLDAP-2.2.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.json",
> +      "referenceNumber": 455,
> +      "name": "Open LDAP Public License v2.2",
> +      "licenseId": "OLDAP-2.2",
> +      "seeAlso": [
> +        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d470b0c18ec67621c85881b2733057fecf4a1acc3"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause.json",
> +      "referenceNumber": 456,
> +      "name": "BSD 3-Clause \"New\" or \"Revised\" License",
> +      "licenseId": "BSD-3-Clause",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/BSD-3-Clause"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/WTFPL.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/WTFPL.json",
> +      "referenceNumber": 457,
> +      "name": "Do What The F*ck You Want To Public License",
> +      "licenseId": "WTFPL",
> +      "seeAlso": [
> +        "http://www.wtfpl.net/about/",
> +        "http://sam.zoy.org/wtfpl/COPYING"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/OGL-UK-2.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/OGL-UK-2.0.json",
> +      "referenceNumber": 458,
> +      "name": "Open Government Licence v2.0",
> +      "licenseId": "OGL-UK-2.0",
> +      "seeAlso": [
> +        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-3-Clause-Attribution.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Attribution.json",
> +      "referenceNumber": 459,
> +      "name": "BSD with attribution",
> +      "licenseId": "BSD-3-Clause-Attribution",
> +      "seeAlso": [
> +        "https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/RPSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/RPSL-1.0.json",
> +      "referenceNumber": 460,
> +      "name": "RealNetworks Public Source License v1.0",
> +      "licenseId": "RPSL-1.0",
> +      "seeAlso": [
> +        "https://helixcommunity.org/content/rpsl",
> +        "https://opensource.org/licenses/RPSL-1.0"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.json",
> +      "referenceNumber": 461,
> +      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany",
> +      "licenseId": "CC-BY-NC-ND-3.0-DE",
> +      "seeAlso": [
> +        "https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/EUPL-1.1.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/EUPL-1.1.json",
> +      "referenceNumber": 462,
> +      "name": "European Union Public License 1.1",
> +      "licenseId": "EUPL-1.1",
> +      "seeAlso": [
> +        "https://joinup.ec.europa.eu/software/page/eupl/licence-eupl",
> +        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl1.1.-licence-en_0.pdf",
> +        "https://opensource.org/licenses/EUPL-1.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Sendmail-8.23.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Sendmail-8.23.json",
> +      "referenceNumber": 463,
> +      "name": "Sendmail License 8.23",
> +      "licenseId": "Sendmail-8.23",
> +      "seeAlso": [
> +        "https://www.proofpoint.com/sites/default/files/sendmail-license.pdf",
> +        "https://web.archive.org/web/20181003101040/https://www.proofpoint.com/sites/default/files/sendmail-license.pdf"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/ODC-By-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/ODC-By-1.0.json",
> +      "referenceNumber": 464,
> +      "name": "Open Data Commons Attribution License v1.0",
> +      "licenseId": "ODC-By-1.0",
> +      "seeAlso": [
> +        "https://opendatacommons.org/licenses/by/1.0/"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/D-FSL-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/D-FSL-1.0.json",
> +      "referenceNumber": 465,
> +      "name": "Deutsche Freie Software Lizenz",
> +      "licenseId": "D-FSL-1.0",
> +      "seeAlso": [
> +        "http://www.dipp.nrw.de/d-fsl/lizenzen/",
> +        "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/de/D-FSL-1_0_de.txt",
> +        "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/en/D-FSL-1_0_en.txt",
> +        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl",
> +        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/deutsche-freie-software-lizenz",
> +        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/german-free-software-license",
> +        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_de.txt/at_download/file",
> +        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_en.txt/at_download/file"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-4-Clause.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause.json",
> +      "referenceNumber": 466,
> +      "name": "BSD 4-Clause \"Original\" or \"Old\" License",
> +      "licenseId": "BSD-4-Clause",
> +      "seeAlso": [
> +        "http://directory.fsf.org/wiki/License:BSD_4Clause"
> +      ],
> +      "isOsiApproved": false,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/LGPL-2.1.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1.json",
> +      "referenceNumber": 467,
> +      "name": "GNU Lesser General Public License v2.1 only",
> +      "licenseId": "LGPL-2.1",
> +      "seeAlso": [
> +        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
> +        "https://opensource.org/licenses/LGPL-2.1"
> +      ],
> +      "isOsiApproved": true,
> +      "isFsfLibre": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/BSD-2-Clause-Views.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Views.json",
> +      "referenceNumber": 468,
> +      "name": "BSD 2-Clause with views sentence",
> +      "licenseId": "BSD-2-Clause-Views",
> +      "seeAlso": [
> +        "http://www.freebsd.org/copyright/freebsd-license.html",
> +        "https://people.freebsd.org/~ivoras/wine/patch-wine-nvidia.sh",
> +        "https://github.com/protegeproject/protege/blob/master/license.txt"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Artistic-1.0-Perl.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-Perl.json",
> +      "referenceNumber": 469,
> +      "name": "Artistic License 1.0 (Perl)",
> +      "licenseId": "Artistic-1.0-Perl",
> +      "seeAlso": [
> +        "http://dev.perl.org/licenses/artistic.html"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/NPOSL-3.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/NPOSL-3.0.json",
> +      "referenceNumber": 470,
> +      "name": "Non-Profit Open Software License 3.0",
> +      "licenseId": "NPOSL-3.0",
> +      "seeAlso": [
> +        "https://opensource.org/licenses/NOSL3.0"
> +      ],
> +      "isOsiApproved": true
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/gSOAP-1.3b.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/gSOAP-1.3b.json",
> +      "referenceNumber": 471,
> +      "name": "gSOAP Public License v1.3b",
> +      "licenseId": "gSOAP-1.3b",
> +      "seeAlso": [
> +        "http://www.cs.fsu.edu/~engelen/license.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/Interbase-1.0.html",
> +      "isDeprecatedLicenseId": false,
> +      "detailsUrl": "https://spdx.org/licenses/Interbase-1.0.json",
> +      "referenceNumber": 472,
> +      "name": "Interbase Public License v1.0",
> +      "licenseId": "Interbase-1.0",
> +      "seeAlso": [
> +        "https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html"
> +      ],
> +      "isOsiApproved": false
> +    },
> +    {
> +      "reference": "https://spdx.org/licenses/StandardML-NJ.html",
> +      "isDeprecatedLicenseId": true,
> +      "detailsUrl": "https://spdx.org/licenses/StandardML-NJ.json",
> +      "referenceNumber": 473,
> +      "name": "Standard ML of New Jersey License",
> +      "licenseId": "StandardML-NJ",
> +      "seeAlso": [
> +        "http://www.smlnj.org//license.html"
> +      ],
> +      "isOsiApproved": false
> +    }
> +  ],
> +  "releaseDate": "2021-08-08"
> +}
> \ No newline at end of file
> diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
> new file mode 100644
> index 0000000000..22ed5070ea
> --- /dev/null
> +++ b/meta/lib/oe/sbom.py
> @@ -0,0 +1,84 @@
> +#
> +# Copyright OpenEmbedded Contributors
> +#
> +# SPDX-License-Identifier: GPL-2.0-only
> +#
> +
> +import collections
> +
> +DepRecipe = collections.namedtuple("DepRecipe", ("doc", "doc_sha1", "recipe"))
> +DepSource = collections.namedtuple("DepSource", ("doc", "doc_sha1", "recipe", "file"))
> +
> +
> +def get_recipe_spdxid(d):
> +    return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN"))
> +
> +
> +def get_download_spdxid(d, idx):
> +    return "SPDXRef-Download-%s-%d" % (d.getVar("PN"), idx)
> +
> +
> +def get_package_spdxid(pkg):
> +    return "SPDXRef-Package-%s" % pkg
> +
> +
> +def get_source_file_spdxid(d, idx):
> +    return "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), idx)
> +
> +
> +def get_packaged_file_spdxid(pkg, idx):
> +    return "SPDXRef-PackagedFile-%s-%d" % (pkg, idx)
> +
> +
> +def get_image_spdxid(img):
> +    return "SPDXRef-Image-%s" % img
> +
> +
> +def get_sdk_spdxid(sdk):
> +    return "SPDXRef-SDK-%s" % sdk
> +
> +
> +def write_doc(d, spdx_doc, subdir, spdx_deploy=None, indent=None):
> +    from pathlib import Path
> +
> +    if spdx_deploy is None:
> +        spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
> +
> +    dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
> +    dest.parent.mkdir(exist_ok=True, parents=True)
> +    with dest.open("wb") as f:
> +        doc_sha1 = spdx_doc.to_json(f, sort_keys=True, indent=indent)
> +
> +    l = spdx_deploy / "by-namespace" / spdx_doc.documentNamespace.replace("/", "_")
> +    l.parent.mkdir(exist_ok=True, parents=True)
> +    l.symlink_to(os.path.relpath(dest, l.parent))
> +
> +    return doc_sha1
> +
> +
> +def read_doc(fn):
> +    import hashlib
> +    import oe.spdx
> +    import io
> +    import contextlib
> +
> +    @contextlib.contextmanager
> +    def get_file():
> +        if isinstance(fn, io.IOBase):
> +            yield fn
> +        else:
> +            with fn.open("rb") as f:
> +                yield f
> +
> +    with get_file() as f:
> +        sha1 = hashlib.sha1()
> +        while True:
> +            chunk = f.read(4096)
> +            if not chunk:
> +                break
> +            sha1.update(chunk)
> +
> +        f.seek(0)
> +        doc = oe.spdx.SPDXDocument.from_json(f)
> +
> +    return (doc, sha1.hexdigest())
> diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
> new file mode 100644
> index 0000000000..7aaf2af5ed
> --- /dev/null
> +++ b/meta/lib/oe/spdx.py
> @@ -0,0 +1,357 @@
> +#
> +# Copyright OpenEmbedded Contributors
> +#
> +# SPDX-License-Identifier: GPL-2.0-only
> +#
> +
> +#
> +# This library is intended to capture the JSON SPDX specification in a type
> +# safe manner. It is not intended to encode any particular OE specific
> +# behaviors, see the sbom.py for that.
> +#
> +# The documented SPDX spec document doesn't cover the JSON syntax for
> +# particular configuration, which can make it hard to determine what the JSON
> +# syntax should be. I've found it is actually much simpler to read the official
> +# SPDX JSON schema which can be found here: https://github.com/spdx/spdx-spec
> +# in schemas/spdx-schema.json
> +#
> +
> +import hashlib
> +import itertools
> +import json
> +
> +SPDX_VERSION = "2.2"
> +
> +
> +#
> +# The following are the support classes that are used to implement SPDX object
> +#
> +
> +class _Property(object):
> +    """
> +    A generic SPDX object property. The different types will derive from this
> +    class
> +    """
> +
> +    def __init__(self, *, default=None):
> +        self.default = default
> +
> +    def setdefault(self, dest, name):
> +        if self.default is not None:
> +            dest.setdefault(name, self.default)
> +
> +
> +class _String(_Property):
> +    """
> +    A scalar string property for an SPDX object
> +    """
> +
> +    def __init__(self, **kwargs):
> +        super().__init__(**kwargs)
> +
> +    def set_property(self, attrs, name):
> +        def get_helper(obj):
> +            return obj._spdx[name]
> +
> +        def set_helper(obj, value):
> +            obj._spdx[name] = value
> +
> +        def del_helper(obj):
> +            del obj._spdx[name]
> +
> +        attrs[name] = property(get_helper, set_helper, del_helper)
> +
> +    def init(self, source):
> +        return source
> +
> +
> +class _Object(_Property):
> +    """
> +    A scalar SPDX object property of a SPDX object
> +    """
> +
> +    def __init__(self, cls, **kwargs):
> +        super().__init__(**kwargs)
> +        self.cls = cls
> +
> +    def set_property(self, attrs, name):
> +        def get_helper(obj):
> +            if not name in obj._spdx:
> +                obj._spdx[name] = self.cls()
> +            return obj._spdx[name]
> +
> +        def set_helper(obj, value):
> +            obj._spdx[name] = value
> +
> +        def del_helper(obj):
> +            del obj._spdx[name]
> +
> +        attrs[name] = property(get_helper, set_helper)
> +
> +    def init(self, source):
> +        return self.cls(**source)
> +
> +
> +class _ListProperty(_Property):
> +    """
> +    A list of SPDX properties
> +    """
> +
> +    def __init__(self, prop, **kwargs):
> +        super().__init__(**kwargs)
> +        self.prop = prop
> +
> +    def set_property(self, attrs, name):
> +        def get_helper(obj):
> +            if not name in obj._spdx:
> +                obj._spdx[name] = []
> +            return obj._spdx[name]
> +
> +        def set_helper(obj, value):
> +            obj._spdx[name] = list(value)
> +
> +        def del_helper(obj):
> +            del obj._spdx[name]
> +
> +        attrs[name] = property(get_helper, set_helper, del_helper)
> +
> +    def init(self, source):
> +        return [self.prop.init(o) for o in source]
> +
> +
> +class _StringList(_ListProperty):
> +    """
> +    A list of strings as a property for an SPDX object
> +    """
> +
> +    def __init__(self, **kwargs):
> +        super().__init__(_String(), **kwargs)
> +
> +
> +class _ObjectList(_ListProperty):
> +    """
> +    A list of SPDX objects as a property for an SPDX object
> +    """
> +
> +    def __init__(self, cls, **kwargs):
> +        super().__init__(_Object(cls), **kwargs)
> +
> +
> +class MetaSPDXObject(type):
> +    """
> +    A metaclass that allows properties (anything derived from a _Property
> +    class) to be defined for a SPDX object
> +    """
> +    def __new__(mcls, name, bases, attrs):
> +        attrs["_properties"] = {}
> +
> +        for key in attrs.keys():
> +            if isinstance(attrs[key], _Property):
> +                prop = attrs[key]
> +                attrs["_properties"][key] = prop
> +                prop.set_property(attrs, key)
> +
> +        return super().__new__(mcls, name, bases, attrs)
> +
> +
> +class SPDXObject(metaclass=MetaSPDXObject):
> +    """
> +    The base SPDX object; all SPDX spec classes must derive from this class
> +    """
> +    def __init__(self, **d):
> +        self._spdx = {}
> +
> +        for name, prop in self._properties.items():
> +            prop.setdefault(self._spdx, name)
> +            if name in d:
> +                self._spdx[name] = prop.init(d[name])
> +
> +    def serializer(self):
> +        return self._spdx
> +
> +    def __setattr__(self, name, value):
> +        if name in self._properties or name == "_spdx":
> +            super().__setattr__(name, value)
> +            return
> +        raise KeyError("%r is not a valid SPDX property" % name)
> +
> +#
> +# These are the SPDX objects implemented from the spec. The *only* properties
> +# that can be added to these objects are ones directly specified in the SPDX
> +# spec, however you may add helper functions to make operations easier.
> +#
> +# Defaults should *only* be specified if the SPDX spec says there is a certain
> +# required value for a field (e.g. dataLicense), or if the field is mandatory
> +# and has some sane "this field is unknown" (e.g. "NOASSERTION")
> +#
> +
> +class SPDXAnnotation(SPDXObject):
> +    annotationDate = _String()
> +    annotationType = _String()
> +    annotator = _String()
> +    comment = _String()
> +
> +class SPDXChecksum(SPDXObject):
> +    algorithm = _String()
> +    checksumValue = _String()
> +
> +
> +class SPDXRelationship(SPDXObject):
> +    spdxElementId = _String()
> +    relatedSpdxElement = _String()
> +    relationshipType = _String()
> +    comment = _String()
> +    annotations = _ObjectList(SPDXAnnotation)
> +
> +
> +class SPDXExternalReference(SPDXObject):
> +    referenceCategory = _String()
> +    referenceType = _String()
> +    referenceLocator = _String()
> +
> +
> +class SPDXPackageVerificationCode(SPDXObject):
> +    packageVerificationCodeValue = _String()
> +    packageVerificationCodeExcludedFiles = _StringList()
> +
> +
> +class SPDXPackage(SPDXObject):
> +    ALLOWED_CHECKSUMS = [
> +        "SHA1",
> +        "SHA224",
> +        "SHA256",
> +        "SHA384",
> +        "SHA512",
> +        "MD2",
> +        "MD4",
> +        "MD5",
> +        "MD6",
> +    ]
> +
> +    name = _String()
> +    SPDXID = _String()
> +    versionInfo = _String()
> +    downloadLocation = _String(default="NOASSERTION")
> +    supplier = _String(default="NOASSERTION")
> +    homepage = _String()
> +    licenseConcluded = _String(default="NOASSERTION")
> +    licenseDeclared = _String(default="NOASSERTION")
> +    summary = _String()
> +    description = _String()
> +    sourceInfo = _String()
> +    copyrightText = _String(default="NOASSERTION")
> +    licenseInfoFromFiles = _StringList(default=["NOASSERTION"])
> +    externalRefs = _ObjectList(SPDXExternalReference)
> +    packageVerificationCode = _Object(SPDXPackageVerificationCode)
> +    hasFiles = _StringList()
> +    packageFileName = _String()
> +    annotations = _ObjectList(SPDXAnnotation)
> +    checksums = _ObjectList(SPDXChecksum)
> +
> +
> +class SPDXFile(SPDXObject):
> +    SPDXID = _String()
> +    fileName = _String()
> +    licenseConcluded = _String(default="NOASSERTION")
> +    copyrightText = _String(default="NOASSERTION")
> +    licenseInfoInFiles = _StringList(default=["NOASSERTION"])
> +    checksums = _ObjectList(SPDXChecksum)
> +    fileTypes = _StringList()
> +
> +
> +class SPDXCreationInfo(SPDXObject):
> +    created = _String()
> +    licenseListVersion = _String()
> +    comment = _String()
> +    creators = _StringList()
> +
> +
> +class SPDXExternalDocumentRef(SPDXObject):
> +    externalDocumentId = _String()
> +    spdxDocument = _String()
> +    checksum = _Object(SPDXChecksum)
> +
> +
> +class SPDXExtractedLicensingInfo(SPDXObject):
> +    name = _String()
> +    comment = _String()
> +    licenseId = _String()
> +    extractedText = _String()
> +
> +
> +class SPDXDocument(SPDXObject):
> +    spdxVersion = _String(default="SPDX-" + SPDX_VERSION)
> +    dataLicense = _String(default="CC0-1.0")
> +    SPDXID = _String(default="SPDXRef-DOCUMENT")
> +    name = _String()
> +    documentNamespace = _String()
> +    creationInfo = _Object(SPDXCreationInfo)
> +    packages = _ObjectList(SPDXPackage)
> +    files = _ObjectList(SPDXFile)
> +    relationships = _ObjectList(SPDXRelationship)
> +    externalDocumentRefs = _ObjectList(SPDXExternalDocumentRef)
> +    hasExtractedLicensingInfos = _ObjectList(SPDXExtractedLicensingInfo)
> +
> +    def __init__(self, **d):
> +        super().__init__(**d)
> +
> +    def to_json(self, f, *, sort_keys=False, indent=None, separators=None):
> +        class Encoder(json.JSONEncoder):
> +            def default(self, o):
> +                if isinstance(o, SPDXObject):
> +                    return o.serializer()
> +
> +                return super().default(o)
> +
> +        sha1 = hashlib.sha1()
> +        for chunk in Encoder(
> +            sort_keys=sort_keys,
> +            indent=indent,
> +            separators=separators,
> +        ).iterencode(self):
> +            chunk = chunk.encode("utf-8")
> +            f.write(chunk)
> +            sha1.update(chunk)
> +
> +        return sha1.hexdigest()
> +
> +    @classmethod
> +    def from_json(cls, f):
> +        return cls(**json.load(f))
> +
> +    def add_relationship(self, _from, relationship, _to, *, comment=None, annotation=None):
> +        if isinstance(_from, SPDXObject):
> +            from_spdxid = _from.SPDXID
> +        else:
> +            from_spdxid = _from
> +
> +        if isinstance(_to, SPDXObject):
> +            to_spdxid = _to.SPDXID
> +        else:
> +            to_spdxid = _to
> +
> +        r = SPDXRelationship(
> +            spdxElementId=from_spdxid,
> +            relatedSpdxElement=to_spdxid,
> +            relationshipType=relationship,
> +        )
> +
> +        if comment is not None:
> +            r.comment = comment
> +
> +        if annotation is not None:
> +            r.annotations.append(annotation)
> +
> +        self.relationships.append(r)
> +
> +    def find_by_spdxid(self, spdxid):
> +        for o in itertools.chain(self.packages, self.files):
> +            if o.SPDXID == spdxid:
> +                return o
> +        return None
> +
> +    def find_external_document_ref(self, namespace):
> +        for r in self.externalDocumentRefs:
> +            if r.spdxDocument == namespace:
> +                return r
> +        return None
> --
> 2.33.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#178957): https://lists.openembedded.org/g/openembedded-core/message/178957
> Mute This Topic: https://lists.openembedded.org/mt/97787873/4947266
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ernstp@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Richard Purdie March 23, 2023, 8:52 p.m. UTC | #2
On Thu, 2023-03-23 at 14:42 +0100, Ernst Sjöstrand wrote:
> Den ons 22 mars 2023 kl 21:46 skrev Joshua Watt <JPEWhacker@gmail.com>:
> > 
> > Backports the create-spdx classes from the latest versions on master.
> > This backport is a simple copy with no modifications, as its too
> > complex to cherry-pick all the corresponding changes. This will give an
> > appropriate base commit for subsequent changes and if necessary
> > additional backport cherry-picks from master in the future.
> > 
> > Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> > ---
> >  meta/classes/create-spdx-2.2.bbclass | 1069 +++++
> >  meta/classes/create-spdx.bbclass     |    8 +
> >  meta/files/spdx-licenses.json        | 5937 ++++++++++++++++++++++++++
> >  meta/lib/oe/sbom.py                  |   84 +
> >  meta/lib/oe/spdx.py                  |  357 ++
> >  5 files changed, 7455 insertions(+)
> >  create mode 100644 meta/classes/create-spdx-2.2.bbclass
> >  create mode 100644 meta/classes/create-spdx.bbclass
> >  create mode 100644 meta/files/spdx-licenses.json
> >  create mode 100644 meta/lib/oe/sbom.py
> >  create mode 100644 meta/lib/oe/spdx.py
> > 
> > diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
> > new file mode 100644
> > index 0000000000..13d13fe1fc
> > --- /dev/null
> > +++ b/meta/classes/create-spdx-2.2.bbclass
> > @@ -0,0 +1,1069 @@
> > +#
> > +# Copyright OpenEmbedded Contributors
> > +#
> > +# SPDX-License-Identifier: GPL-2.0-only
> > +#
> > +
> > +DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${MACHINE}"
> > +
> > +# The product name that the CVE database uses.  Defaults to BPN, but may need to
> > +# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
> > +CVE_PRODUCT ??= "${BPN}"
> > +CVE_VERSION ??= "${PV}"
> > +
> > +SPDXDIR ??= "${WORKDIR}/spdx"
> > +SPDXDEPLOY = "${SPDXDIR}/deploy"
> > +SPDXWORK = "${SPDXDIR}/work"
> > +SPDXIMAGEWORK = "${SPDXDIR}/image-work"
> > +SPDXSDKWORK = "${SPDXDIR}/sdk-work"
> > +
> > +SPDX_TOOL_NAME ??= "oe-spdx-creator"
> > +SPDX_TOOL_VERSION ??= "1.0"
> > +
> > +SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
> > +
> > +SPDX_INCLUDE_SOURCES ??= "0"
> > +SPDX_ARCHIVE_SOURCES ??= "0"
> > +SPDX_ARCHIVE_PACKAGED ??= "0"
> > +
> > +SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
> > +SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
> > +SPDX_PRETTY ??= "0"
> > +
> > +SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
> > +
> > +SPDX_CUSTOM_ANNOTATION_VARS ??= ""
> > +
> > +SPDX_ORG ??= "OpenEmbedded ()"
> > +SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
> > +SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
> > +    this recipe. For SPDX documents create using this class during the build, this \
> > +    is the contact information for the person or organization who is doing the \
> > +    build."
> > +
> > +def extract_licenses(filename):
> > +    import re
> > +
> > +    lic_regex = re.compile(rb'^\W*SPDX-License-Identifier:\s*([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
> > +
> > +    try:
> > +        with open(filename, 'rb') as f:
> > +            size = min(15000, os.stat(filename).st_size)
> > +            txt = f.read(size)
> > +            licenses = re.findall(lic_regex, txt)
> > +            if licenses:
> > +                ascii_licenses = [lic.decode('ascii') for lic in licenses]
> > +                return ascii_licenses
> > +    except Exception as e:
> > +        bb.warn(f"Exception reading {filename}: {e}")
> > +    return None
> > +
> > +def get_doc_namespace(d, doc):
> > +    import uuid
> > +    namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
> > +    return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
> > +
> > +def create_annotation(d, comment):
> > +    from datetime import datetime, timezone
> > +
> > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > +    annotation = oe.spdx.SPDXAnnotation()
> > +    annotation.annotationDate = creation_time
> > +    annotation.annotationType = "OTHER"
> > +    annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
> > +    annotation.comment = comment
> > +    return annotation
> > +
> > +def recipe_spdx_is_native(d, recipe):
> > +    return any(a.annotationType == "OTHER" and
> > +      a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and
> > +      a.comment == "isNative" for a in recipe.annotations)
> > +
> > +def is_work_shared_spdx(d):
> > +    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
> > +
> > +def get_json_indent(d):
> > +    if d.getVar("SPDX_PRETTY") == "1":
> > +        return 2
> > +    return None
> > +
> > +python() {
> > +    import json
> > +    if d.getVar("SPDX_LICENSE_DATA"):
> > +        return
> > +
> > +    with open(d.getVar("SPDX_LICENSES"), "r") as f:
> > +        data = json.load(f)
> > +        # Transform the license array to a dictionary
> > +        data["licenses"] = {l["licenseId"]: l for l in data["licenses"]}
> > +        d.setVar("SPDX_LICENSE_DATA", data)
> > +}
> > +
> > +def convert_license_to_spdx(lic, document, d, existing={}):
> > +    from pathlib import Path
> > +    import oe.spdx
> > +
> > +    license_data = d.getVar("SPDX_LICENSE_DATA")
> > +    extracted = {}
> > +
> > +    def add_extracted_license(ident, name):
> > +        nonlocal document
> > +
> > +        if name in extracted:
> > +            return
> > +
> > +        extracted_info = oe.spdx.SPDXExtractedLicensingInfo()
> > +        extracted_info.name = name
> > +        extracted_info.licenseId = ident
> > +        extracted_info.extractedText = None
> > +
> > +        if name == "PD":
> > +            # Special-case this.
> > +            extracted_info.extractedText = "Software released to the public domain"
> > +        else:
> > +            # Seach for the license in COMMON_LICENSE_DIR and LICENSE_PATH
> > +            for directory in [d.getVar('COMMON_LICENSE_DIR')] + (d.getVar('LICENSE_PATH') or '').split():
> > +                try:
> > +                    with (Path(directory) / name).open(errors="replace") as f:
> > +                        extracted_info.extractedText = f.read()
> > +                        break
> > +                except FileNotFoundError:
> > +                    pass
> > +            if extracted_info.extractedText is None:
> > +                # If it's not SPDX or PD, then NO_GENERIC_LICENSE must be set
> > +                filename = d.getVarFlag('NO_GENERIC_LICENSE', name)
> > +                if filename:
> > +                    filename = d.expand("${S}/" + filename)
> > +                    with open(filename, errors="replace") as f:
> > +                        extracted_info.extractedText = f.read()
> > +                else:
> > +                    bb.error("Cannot find any text for license %s" % name)
> > +
> > +        extracted[name] = extracted_info
> > +        document.hasExtractedLicensingInfos.append(extracted_info)
> > +
> > +    def convert(l):
> > +        if l == "(" or l == ")":
> > +            return l
> > +
> > +        if l == "&":
> > +            return "AND"
> > +
> > +        if l == "|":
> > +            return "OR"
> > +
> > +        if l == "CLOSED":
> > +            return "NONE"
> > +
> > +        spdx_license = d.getVarFlag("SPDXLICENSEMAP", l) or l
> > +        if spdx_license in license_data["licenses"]:
> > +            return spdx_license
> > +
> > +        try:
> > +            spdx_license = existing[l]
> > +        except KeyError:
> > +            spdx_license = "LicenseRef-" + l
> > +            add_extracted_license(spdx_license, l)
> > +
> > +        return spdx_license
> > +
> > +    lic_split = lic.replace("(", " ( ").replace(")", " ) ").split()
> > +
> > +    return ' '.join(convert(l) for l in lic_split)
> > +
> > +def process_sources(d):
> > +    pn = d.getVar('PN')
> > +    assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
> > +    if pn in assume_provided:
> > +        for p in d.getVar("PROVIDES").split():
> > +            if p != pn:
> > +                pn = p
> > +                break
> > +
> > +    # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
> > +    # so avoid archiving source here.
> > +    if pn.startswith('glibc-locale'):
> > +        return False
> > +    if d.getVar('PN') == "libtool-cross":
> > +        return False
> > +    if d.getVar('PN') == "libgcc-initial":
> > +        return False
> > +    if d.getVar('PN') == "shadow-sysroot":
> > +        return False
> > +
> > +    # We just archive gcc-source for all the gcc related recipes
> > +    if d.getVar('BPN') in ['gcc', 'libgcc']:
> > +        bb.debug(1, 'spdx: There is bug in scan of %s is, do nothing' % pn)
> > +        return False
> > +
> > +    return True
> > +
> > +
> > +def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archive=None, ignore_dirs=[], ignore_top_level_dirs=[]):
> > +    from pathlib import Path
> > +    import oe.spdx
> > +    import hashlib
> > +
> > +    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
> > +    if source_date_epoch:
> > +        source_date_epoch = int(source_date_epoch)
> > +
> > +    sha1s = []
> > +    spdx_files = []
> > +
> > +    file_counter = 1
> > +    for subdir, dirs, files in os.walk(topdir):
> > +        dirs[:] = [d for d in dirs if d not in ignore_dirs]
> > +        if subdir == str(topdir):
> > +            dirs[:] = [d for d in dirs if d not in ignore_top_level_dirs]
> > +
> > +        for file in files:
> > +            filepath = Path(subdir) / file
> > +            filename = str(filepath.relative_to(topdir))
> > +
> > +            if not filepath.is_symlink() and filepath.is_file():
> > +                spdx_file = oe.spdx.SPDXFile()
> > +                spdx_file.SPDXID = get_spdxid(file_counter)
> > +                for t in get_types(filepath):
> > +                    spdx_file.fileTypes.append(t)
> > +                spdx_file.fileName = filename
> > +
> > +                if archive is not None:
> > +                    with filepath.open("rb") as f:
> > +                        info = archive.gettarinfo(fileobj=f)
> > +                        info.name = filename
> > +                        info.uid = 0
> > +                        info.gid = 0
> > +                        info.uname = "root"
> > +                        info.gname = "root"
> > +
> > +                        if source_date_epoch is not None and info.mtime > source_date_epoch:
> > +                            info.mtime = source_date_epoch
> > +
> > +                        archive.addfile(info, f)
> > +
> > +                sha1 = bb.utils.sha1_file(filepath)
> > +                sha1s.append(sha1)
> > +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> > +                        algorithm="SHA1",
> > +                        checksumValue=sha1,
> > +                    ))
> > +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> > +                        algorithm="SHA256",
> > +                        checksumValue=bb.utils.sha256_file(filepath),
> > +                    ))
> > +
> > +                if "SOURCE" in spdx_file.fileTypes:
> > +                    extracted_lics = extract_licenses(filepath)
> > +                    if extracted_lics:
> > +                        spdx_file.licenseInfoInFiles = extracted_lics
> > +
> > +                doc.files.append(spdx_file)
> > +                doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
> > +                spdx_pkg.hasFiles.append(spdx_file.SPDXID)
> > +
> > +                spdx_files.append(spdx_file)
> > +
> > +                file_counter += 1
> > +
> > +    sha1s.sort()
> > +    verifier = hashlib.sha1()
> > +    for v in sha1s:
> > +        verifier.update(v.encode("utf-8"))
> > +    spdx_pkg.packageVerificationCode.packageVerificationCodeValue = verifier.hexdigest()
> > +
> > +    return spdx_files
> > +
> > +
> > +def add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources):
> > +    from pathlib import Path
> > +    import hashlib
> > +    import oe.packagedata
> > +    import oe.spdx
> > +
> > +    debug_search_paths = [
> > +        Path(d.getVar('PKGD')),
> > +        Path(d.getVar('STAGING_DIR_TARGET')),
> > +        Path(d.getVar('STAGING_DIR_NATIVE')),
> > +        Path(d.getVar('STAGING_KERNEL_DIR')),
> > +    ]
> > +
> > +    pkg_data = oe.packagedata.read_subpkgdata_extended(package, d)
> > +
> > +    if pkg_data is None:
> > +        return
> > +
> > +    for file_path, file_data in pkg_data["files_info"].items():
> > +        if not "debugsrc" in file_data:
> > +            continue
> > +
> > +        for pkg_file in package_files:
> > +            if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
> > +                break
> > +        else:
> > +            bb.fatal("No package file found for %s" % str(file_path))
> > +            continue
> > +
> > +        for debugsrc in file_data["debugsrc"]:
> > +            ref_id = "NOASSERTION"
> > +            for search in debug_search_paths:
> > +                if debugsrc.startswith("/usr/src/kernel"):
> > +                    debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '')
> > +                else:
> > +                    debugsrc_path = search / debugsrc.lstrip("/")
> > +                if not debugsrc_path.exists():
> > +                    continue
> > +
> > +                file_sha256 = bb.utils.sha256_file(debugsrc_path)
> > +
> > +                if file_sha256 in sources:
> > +                    source_file = sources[file_sha256]
> > +
> > +                    doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
> > +                    if doc_ref is None:
> > +                        doc_ref = oe.spdx.SPDXExternalDocumentRef()
> > +                        doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
> > +                        doc_ref.spdxDocument = source_file.doc.documentNamespace
> > +                        doc_ref.checksum.algorithm = "SHA1"
> > +                        doc_ref.checksum.checksumValue = source_file.doc_sha1
> > +                        package_doc.externalDocumentRefs.append(doc_ref)
> > +
> > +                    ref_id = "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID)
> > +                else:
> > +                    bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
> > +                break
> > +            else:
> > +                bb.debug(1, "Debug source %s not found" % debugsrc)
> > +
> > +            package_doc.add_relationship(pkg_file, "GENERATED_FROM", ref_id, comment=debugsrc)
> > +
> > +def collect_dep_recipes(d, doc, spdx_recipe):
> > +    from pathlib import Path
> > +    import oe.sbom
> > +    import oe.spdx
> > +
> > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > +
> > +    dep_recipes = []
> > +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> > +    deps = sorted(set(
> > +        dep[0] for dep in taskdepdata.values() if
> > +            dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
> > +    ))
> > +    for dep_pn in deps:
> > +        dep_recipe_path = deploy_dir_spdx / "recipes" / ("recipe-%s.spdx.json" % dep_pn)
> > +
> > +        spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
> > +
> > +        for pkg in spdx_dep_doc.packages:
> > +            if pkg.name == dep_pn:
> > +                spdx_dep_recipe = pkg
> > +                break
> > +        else:
> > +            continue
> > +
> > +        dep_recipes.append(oe.sbom.DepRecipe(spdx_dep_doc, spdx_dep_sha1, spdx_dep_recipe))
> > +
> > +        dep_recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> > +        dep_recipe_ref.externalDocumentId = "DocumentRef-dependency-" + spdx_dep_doc.name
> > +        dep_recipe_ref.spdxDocument = spdx_dep_doc.documentNamespace
> > +        dep_recipe_ref.checksum.algorithm = "SHA1"
> > +        dep_recipe_ref.checksum.checksumValue = spdx_dep_sha1
> > +
> > +        doc.externalDocumentRefs.append(dep_recipe_ref)
> > +
> > +        doc.add_relationship(
> > +            "%s:%s" % (dep_recipe_ref.externalDocumentId, spdx_dep_recipe.SPDXID),
> > +            "BUILD_DEPENDENCY_OF",
> > +            spdx_recipe
> > +        )
> > +
> > +    return dep_recipes
> > +
> > +collect_dep_recipes[vardepsexclude] += "BB_TASKDEPDATA"
> > +collect_dep_recipes[vardeps] += "DEPENDS"
> > +
> > +def collect_dep_sources(d, dep_recipes):
> > +    import oe.sbom
> > +
> > +    sources = {}
> > +    for dep in dep_recipes:
> > +        # Don't collect sources from native recipes as they
> > +        # match non-native sources also.
> > +        if recipe_spdx_is_native(d, dep.recipe):
> > +            continue
> > +        recipe_files = set(dep.recipe.hasFiles)
> > +
> > +        for spdx_file in dep.doc.files:
> > +            if spdx_file.SPDXID not in recipe_files:
> > +                continue
> > +
> > +            if "SOURCE" in spdx_file.fileTypes:
> > +                for checksum in spdx_file.checksums:
> > +                    if checksum.algorithm == "SHA256":
> > +                        sources[checksum.checksumValue] = oe.sbom.DepSource(dep.doc, dep.doc_sha1, dep.recipe, spdx_file)
> > +                        break
> > +
> > +    return sources
> > +
> > +def add_download_packages(d, doc, recipe):
> > +    import os.path
> > +    from bb.fetch2 import decodeurl, CHECKSUM_LIST
> > +    import bb.process
> > +    import oe.spdx
> > +    import oe.sbom
> > +
> > +    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
> > +        f = bb.fetch2.FetchData(src_uri, d)
> > +
> > +        for name in f.names:
> > +            package = oe.spdx.SPDXPackage()
> > +            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
> > +            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
> > +
> > +            if f.type == "file":
> > +                continue
> > +
> > +            uri = f.type
> > +            proto = getattr(f, "proto", None)
> > +            if proto is not None:
> > +                uri = uri + "+" + proto
> > +            uri = uri + "://" + f.host + f.path
> > +
> > +            if f.method.supports_srcrev():
> > +                uri = uri + "@" + f.revisions[name]
> > +
> > +            if f.method.supports_checksum(f):
> > +                for checksum_id in CHECKSUM_LIST:
> > +                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
> > +                        continue
> > +
> > +                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
> > +                    if expected_checksum is None:
> > +                        continue
> > +
> > +                    c = oe.spdx.SPDXChecksum()
> > +                    c.algorithm = checksum_id.upper()
> > +                    c.checksumValue = expected_checksum
> > +                    package.checksums.append(c)
> > +
> > +            package.downloadLocation = uri
> > +            doc.packages.append(package)
> > +            doc.add_relationship(doc, "DESCRIBES", package)
> > +            # In the future, we might be able to do more fancy dependencies,
> > +            # but this should be sufficient for now
> > +            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
> > +
> > +python do_create_spdx() {
> > +    from datetime import datetime, timezone
> > +    import oe.sbom
> > +    import oe.spdx
> > +    import uuid
> > +    from pathlib import Path
> > +    from contextlib import contextmanager
> > +    import oe.cve_check
> > +
> > +    @contextmanager
> > +    def optional_tarfile(name, guard, mode="w"):
> > +        import tarfile
> > +        import bb.compress.zstd
> > +
> > +        num_threads = int(d.getVar("BB_NUMBER_THREADS"))
> > +
> > +        if guard:
> > +            name.parent.mkdir(parents=True, exist_ok=True)
> > +            with bb.compress.zstd.open(name, mode=mode + "b", num_threads=num_threads) as f:
> > +                with tarfile.open(fileobj=f, mode=mode + "|") as tf:
> > +                    yield tf
> > +        else:
> > +            yield None
> > +
> > +
> > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > +    spdx_workdir = Path(d.getVar("SPDXWORK"))
> > +    include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
> > +    archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
> > +    archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
> > +
> > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > +
> > +    doc = oe.spdx.SPDXDocument()
> > +
> > +    doc.name = "recipe-" + d.getVar("PN")
> > +    doc.documentNamespace = get_doc_namespace(d, doc)
> > +    doc.creationInfo.created = creation_time
> > +    doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
> > +    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > +    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > +    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > +    doc.creationInfo.creators.append("Person: N/A ()")
> > +
> > +    recipe = oe.spdx.SPDXPackage()
> > +    recipe.name = d.getVar("PN")
> > +    recipe.versionInfo = d.getVar("PV")
> > +    recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
> > +    recipe.supplier = d.getVar("SPDX_SUPPLIER")
> > +    if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
> > +        recipe.annotations.append(create_annotation(d, "isNative"))
> > +
> > +    homepage = d.getVar("HOMEPAGE")
> > +    if homepage:
> > +        recipe.homepage = homepage
> > +
> > +    license = d.getVar("LICENSE")
> > +    if license:
> > +        recipe.licenseDeclared = convert_license_to_spdx(license, doc, d)
> > +
> > +    summary = d.getVar("SUMMARY")
> > +    if summary:
> > +        recipe.summary = summary
> > +
> > +    description = d.getVar("DESCRIPTION")
> > +    if description:
> > +        recipe.description = description
> > +
> > +    if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
> > +        for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
> > +            recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var)))
> > +
> > +    # Some CVEs may be patched during the build process without incrementing the version number,
> > +    # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
> > +    # save the CVEs fixed by patches to source information field in the SPDX.
> > +    patched_cves = oe.cve_check.get_patched_cves(d)
> > +    patched_cves = list(patched_cves)
> > +    patched_cves = ' '.join(patched_cves)
> > +    if patched_cves:
> > +        recipe.sourceInfo = "CVEs fixed: " + patched_cves
> > +
> > +    cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION"))
> > +    if cpe_ids:
> > +        for cpe_id in cpe_ids:
> > +            cpe = oe.spdx.SPDXExternalReference()
> > +            cpe.referenceCategory = "SECURITY"
> > +            cpe.referenceType = "http://spdx.org/rdf/references/cpe23Type"
> > +            cpe.referenceLocator = cpe_id
> > +            recipe.externalRefs.append(cpe)
> > +
> > +    doc.packages.append(recipe)
> > +    doc.add_relationship(doc, "DESCRIBES", recipe)
> > +
> > +    add_download_packages(d, doc, recipe)
> > +
> > +    if process_sources(d) and include_sources:
> > +        recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
> > +        with optional_tarfile(recipe_archive, archive_sources) as archive:
> > +            spdx_get_src(d)
> > +
> > +            add_package_files(
> > +                d,
> > +                doc,
> > +                recipe,
> > +                spdx_workdir,
> > +                lambda file_counter: "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), file_counter),
> > +                lambda filepath: ["SOURCE"],
> > +                ignore_dirs=[".git"],
> > +                ignore_top_level_dirs=["temp"],
> > +                archive=archive,
> > +            )
> > +
> > +            if archive is not None:
> > +                recipe.packageFileName = str(recipe_archive.name)
> > +
> > +    dep_recipes = collect_dep_recipes(d, doc, recipe)
> > +
> > +    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
> > +    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
> > +
> > +    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> > +    recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
> > +    recipe_ref.spdxDocument = doc.documentNamespace
> > +    recipe_ref.checksum.algorithm = "SHA1"
> > +    recipe_ref.checksum.checksumValue = doc_sha1
> > +
> > +    sources = collect_dep_sources(d, dep_recipes)
> > +    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
> > +
> > +    if not recipe_spdx_is_native(d, recipe):
> > +        bb.build.exec_func("read_subpackage_metadata", d)
> > +
> > +        pkgdest = Path(d.getVar("PKGDEST"))
> > +        for package in d.getVar("PACKAGES").split():
> > +            if not oe.packagedata.packaged(package, d):
> > +                continue
> > +
> > +            package_doc = oe.spdx.SPDXDocument()
> > +            pkg_name = d.getVar("PKG:%s" % package) or package
> > +            package_doc.name = pkg_name
> > +            package_doc.documentNamespace = get_doc_namespace(d, package_doc)
> > +            package_doc.creationInfo.created = creation_time
> > +            package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
> > +            package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > +            package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > +            package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > +            package_doc.creationInfo.creators.append("Person: N/A ()")
> > +            package_doc.externalDocumentRefs.append(recipe_ref)
> > +
> > +            package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
> > +
> > +            spdx_package = oe.spdx.SPDXPackage()
> > +
> > +            spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
> > +            spdx_package.name = pkg_name
> > +            spdx_package.versionInfo = d.getVar("PV")
> > +            spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
> > +            spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
> > +
> > +            package_doc.packages.append(spdx_package)
> > +
> > +            package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
> > +            package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
> > +
> > +            package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
> > +            with optional_tarfile(package_archive, archive_packaged) as archive:
> > +                package_files = add_package_files(
> > +                    d,
> > +                    package_doc,
> > +                    spdx_package,
> > +                    pkgdest / package,
> > +                    lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
> > +                    lambda filepath: ["BINARY"],
> > +                    ignore_top_level_dirs=['CONTROL', 'DEBIAN'],
> > +                    archive=archive,
> > +                )
> > +
> > +                if archive is not None:
> > +                    spdx_package.packageFileName = str(package_archive.name)
> > +
> > +            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
> > +
> > +            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
> > +}
> > +# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
> > +addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
> > +
> > +SSTATETASKS += "do_create_spdx"
> > +do_create_spdx[sstate-inputdirs] = "${SPDXDEPLOY}"
> > +do_create_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> > +
> > +python do_create_spdx_setscene () {
> > +    sstate_setscene(d)
> > +}
> > +addtask do_create_spdx_setscene
> > +
> > +do_create_spdx[dirs] = "${SPDXWORK}"
> > +do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
> > +do_create_spdx[depends] += "${PATCHDEPENDENCY}"
> > +do_create_spdx[deptask] = "do_create_spdx"
> > +
> > +def collect_package_providers(d):
> > +    from pathlib import Path
> > +    import oe.sbom
> > +    import oe.spdx
> > +    import json
> > +
> > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > +
> > +    providers = {}
> > +
> > +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> > +    deps = sorted(set(
> > +        dep[0] for dep in taskdepdata.values() if dep[0] != d.getVar("PN")
> > +    ))
> > +    deps.append(d.getVar("PN"))
> > +
> > +    for dep_pn in deps:
> > +        recipe_data = oe.packagedata.read_pkgdata(dep_pn, d)
> > +
> > +        for pkg in recipe_data.get("PACKAGES", "").split():
> > +
> > +            pkg_data = oe.packagedata.read_subpkgdata_dict(pkg, d)
> > +            rprovides = set(n for n, _ in bb.utils.explode_dep_versions2(pkg_data.get("RPROVIDES", "")).items())
> > +            rprovides.add(pkg)
> > +
> > +            for r in rprovides:
> > +                providers[r] = pkg
> > +
> > +    return providers
> > +
> > +collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
> > +
> > +python do_create_runtime_spdx() {
> > +    from datetime import datetime, timezone
> > +    import oe.sbom
> > +    import oe.spdx
> > +    import oe.packagedata
> > +    from pathlib import Path
> > +
> > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > +    spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
> > +    is_native = bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d)
> > +
> > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > +
> > +    providers = collect_package_providers(d)
> > +
> > +    if not is_native:
> > +        bb.build.exec_func("read_subpackage_metadata", d)
> > +
> > +        dep_package_cache = {}
> > +
> > +        pkgdest = Path(d.getVar("PKGDEST"))
> > +        for package in d.getVar("PACKAGES").split():
> > +            localdata = bb.data.createCopy(d)
> > +            pkg_name = d.getVar("PKG:%s" % package) or package
> > +            localdata.setVar("PKG", pkg_name)
> > +            localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
> > +
> > +            if not oe.packagedata.packaged(package, localdata):
> > +                continue
> > +
> > +            pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
> > +
> > +            package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
> > +
> > +            for p in package_doc.packages:
> > +                if p.name == pkg_name:
> > +                    spdx_package = p
> > +                    break
> > +            else:
> > +                bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
> > +
> > +            runtime_doc = oe.spdx.SPDXDocument()
> > +            runtime_doc.name = "runtime-" + pkg_name
> > +            runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
> > +            runtime_doc.creationInfo.created = creation_time
> > +            runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
> > +            runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > +            runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > +            runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > +            runtime_doc.creationInfo.creators.append("Person: N/A ()")
> > +
> > +            package_ref = oe.spdx.SPDXExternalDocumentRef()
> > +            package_ref.externalDocumentId = "DocumentRef-package-" + package
> > +            package_ref.spdxDocument = package_doc.documentNamespace
> > +            package_ref.checksum.algorithm = "SHA1"
> > +            package_ref.checksum.checksumValue = package_doc_sha1
> > +
> > +            runtime_doc.externalDocumentRefs.append(package_ref)
> > +
> > +            runtime_doc.add_relationship(
> > +                runtime_doc.SPDXID,
> > +                "AMENDS",
> > +                "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
> > +            )
> > +
> > +            deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
> > +            seen_deps = set()
> > +            for dep, _ in deps.items():
> > +                if dep in seen_deps:
> > +                    continue
> > +
> > +                if dep not in providers:
> > +                    continue
> > +
> > +                dep = providers[dep]
> > +
> > +                if not oe.packagedata.packaged(dep, localdata):
> > +                    continue
> > +
> > +                dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
> > +                dep_pkg = dep_pkg_data["PKG"]
> > +
> > +                if dep in dep_package_cache:
> > +                    (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
> > +                else:
> > +                    dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
> > +
> > +                    spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
> > +
> > +                    for pkg in spdx_dep_doc.packages:
> > +                        if pkg.name == dep_pkg:
> > +                            dep_spdx_package = pkg
> > +                            break
> > +                    else:
> > +                        bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
> > +
> > +                    dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
> > +                    dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
> > +                    dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
> > +                    dep_package_ref.checksum.algorithm = "SHA1"
> > +                    dep_package_ref.checksum.checksumValue = spdx_dep_sha1
> > +
> > +                    dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
> > +
> > +                runtime_doc.externalDocumentRefs.append(dep_package_ref)
> > +
> > +                runtime_doc.add_relationship(
> > +                    "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
> > +                    "RUNTIME_DEPENDENCY_OF",
> > +                    "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
> > +                )
> > +                seen_deps.add(dep)
> > +
> > +            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
> > +}
> > +
> > +addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
> > +SSTATETASKS += "do_create_runtime_spdx"
> > +do_create_runtime_spdx[sstate-inputdirs] = "${SPDXRUNTIMEDEPLOY}"
> > +do_create_runtime_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> > +
> > +python do_create_runtime_spdx_setscene () {
> > +    sstate_setscene(d)
> > +}
> > +addtask do_create_runtime_spdx_setscene
> > +
> > +do_create_runtime_spdx[dirs] = "${SPDXRUNTIMEDEPLOY}"
> > +do_create_runtime_spdx[cleandirs] = "${SPDXRUNTIMEDEPLOY}"
> > +do_create_runtime_spdx[rdeptask] = "do_create_spdx"
> > +
> > +def spdx_get_src(d):
> > +    """
> > +    save patched source of the recipe in SPDX_WORKDIR.
> > +    """
> > +    import shutil
> > +    spdx_workdir = d.getVar('SPDXWORK')
> > +    spdx_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
> > +    pn = d.getVar('PN')
> > +
> > +    workdir = d.getVar("WORKDIR")
> > +
> > +    try:
> > +        # The kernel class functions require it to be on work-shared, so we dont change WORKDIR
> > +        if not is_work_shared_spdx(d):
> > +            # Change the WORKDIR to make do_unpack do_patch run in another dir.
> > +            d.setVar('WORKDIR', spdx_workdir)
> > +            # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
> > +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> > +
> > +            # The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
> > +            # possibly requiring of the following tasks (such as some recipes's
> > +            # do_patch required 'B' existed).
> > +            bb.utils.mkdirhier(d.getVar('B'))
> > +
> > +            bb.build.exec_func('do_unpack', d)
> > +        # Copy source of kernel to spdx_workdir
> > +        if is_work_shared_spdx(d):
> > +            share_src = d.getVar('WORKDIR')
> > +            d.setVar('WORKDIR', spdx_workdir)
> > +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> > +            src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
> > +            bb.utils.mkdirhier(src_dir)
> > +            if bb.data.inherits_class('kernel',d):
> > +                share_src = d.getVar('STAGING_KERNEL_DIR')
> > +            cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
> > +            cmd_copy_shared_res = os.popen(cmd_copy_share).read()
> > +            bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
> > +
> > +            git_path = src_dir + "/.git"
> > +            if os.path.exists(git_path):
> > +                shutils.rmtree(git_path)
> > +
> > +        # Make sure gcc and kernel sources are patched only once
> > +        if not (d.getVar('SRC_URI') == "" or is_work_shared_spdx(d)):
> > +            bb.build.exec_func('do_patch', d)
> > +
> > +        # Some userland has no source.
> > +        if not os.path.exists( spdx_workdir ):
> > +            bb.utils.mkdirhier(spdx_workdir)
> > +    finally:
> > +        d.setVar("WORKDIR", workdir)
> > +
> > +do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> > +do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
> > +
> > +ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
> > +
> > +do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> > +do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
> > +POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = " sdk_host_combine_spdx; "
> > +POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = " sdk_target_combine_spdx; "
> > +
> > +python image_combine_spdx() {
> > +    import os
> > +    import oe.sbom
> > +    from pathlib import Path
> > +    from oe.rootfs import image_list_installed_packages
> > +
> > +    image_name = d.getVar("IMAGE_NAME")
> > +    image_link_name = d.getVar("IMAGE_LINK_NAME")
> > +    imgdeploydir = Path(d.getVar("IMGDEPLOYDIR"))
> > +    img_spdxid = oe.sbom.get_image_spdxid(image_name)
> > +    packages = image_list_installed_packages(d)
> > +
> > +    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages, Path(d.getVar("SPDXIMAGEWORK")))
> > +
> > +    def make_image_link(target_path, suffix):
> > +        if image_link_name:
> > +            link = imgdeploydir / (image_link_name + suffix)
> > +            if link != target_path:
> > +                link.symlink_to(os.path.relpath(target_path, link.parent))
> > +
> > +    spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
> > +    make_image_link(spdx_tar_path, ".spdx.tar.zst")
> 
> The image link should be called tar.gz also. Probably best to make a
> gzip-from-the-start version for Dunfell,
> or perhaps squash everything?

This is a bit of an unusual situation where we're taking a different
path to master. I think this does make sense as it shows the delta with
master more clearly and that could be useful in the future so I suspect
that it does make sense as it is here, albeit a little unusual.

Cheers,

Richard
Ernst Persson March 24, 2023, 10:01 a.m. UTC | #3
Right that makes sense, LGTM then!

Den tors 23 mars 2023 kl 21:53 skrev Richard Purdie
<richard.purdie@linuxfoundation.org>:
>
> On Thu, 2023-03-23 at 14:42 +0100, Ernst Sjöstrand wrote:
> > Den ons 22 mars 2023 kl 21:46 skrev Joshua Watt <JPEWhacker@gmail.com>:
> > >
> > > Backports the create-spdx classes from the latest versions on master.
> > > This backport is a simple copy with no modifications, as its too
> > > complex to cherry-pick all the corresponding changes. This will give an
> > > appropriate base commit for subsequent changes and if necessary
> > > additional backport cherry-picks from master in the future.
> > >
> > > Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
> > > ---
> > >  meta/classes/create-spdx-2.2.bbclass | 1069 +++++
> > >  meta/classes/create-spdx.bbclass     |    8 +
> > >  meta/files/spdx-licenses.json        | 5937 ++++++++++++++++++++++++++
> > >  meta/lib/oe/sbom.py                  |   84 +
> > >  meta/lib/oe/spdx.py                  |  357 ++
> > >  5 files changed, 7455 insertions(+)
> > >  create mode 100644 meta/classes/create-spdx-2.2.bbclass
> > >  create mode 100644 meta/classes/create-spdx.bbclass
> > >  create mode 100644 meta/files/spdx-licenses.json
> > >  create mode 100644 meta/lib/oe/sbom.py
> > >  create mode 100644 meta/lib/oe/spdx.py
> > >
> > > diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
> > > new file mode 100644
> > > index 0000000000..13d13fe1fc
> > > --- /dev/null
> > > +++ b/meta/classes/create-spdx-2.2.bbclass
> > > @@ -0,0 +1,1069 @@
> > > +#
> > > +# Copyright OpenEmbedded Contributors
> > > +#
> > > +# SPDX-License-Identifier: GPL-2.0-only
> > > +#
> > > +
> > > +DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${MACHINE}"
> > > +
> > > +# The product name that the CVE database uses.  Defaults to BPN, but may need to
> > > +# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
> > > +CVE_PRODUCT ??= "${BPN}"
> > > +CVE_VERSION ??= "${PV}"
> > > +
> > > +SPDXDIR ??= "${WORKDIR}/spdx"
> > > +SPDXDEPLOY = "${SPDXDIR}/deploy"
> > > +SPDXWORK = "${SPDXDIR}/work"
> > > +SPDXIMAGEWORK = "${SPDXDIR}/image-work"
> > > +SPDXSDKWORK = "${SPDXDIR}/sdk-work"
> > > +
> > > +SPDX_TOOL_NAME ??= "oe-spdx-creator"
> > > +SPDX_TOOL_VERSION ??= "1.0"
> > > +
> > > +SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
> > > +
> > > +SPDX_INCLUDE_SOURCES ??= "0"
> > > +SPDX_ARCHIVE_SOURCES ??= "0"
> > > +SPDX_ARCHIVE_PACKAGED ??= "0"
> > > +
> > > +SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
> > > +SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
> > > +SPDX_PRETTY ??= "0"
> > > +
> > > +SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
> > > +
> > > +SPDX_CUSTOM_ANNOTATION_VARS ??= ""
> > > +
> > > +SPDX_ORG ??= "OpenEmbedded ()"
> > > +SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
> > > +SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
> > > +    this recipe. For SPDX documents create using this class during the build, this \
> > > +    is the contact information for the person or organization who is doing the \
> > > +    build."
> > > +
> > > +def extract_licenses(filename):
> > > +    import re
> > > +
> > > +    lic_regex = re.compile(rb'^\W*SPDX-License-Identifier:\s*([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
> > > +
> > > +    try:
> > > +        with open(filename, 'rb') as f:
> > > +            size = min(15000, os.stat(filename).st_size)
> > > +            txt = f.read(size)
> > > +            licenses = re.findall(lic_regex, txt)
> > > +            if licenses:
> > > +                ascii_licenses = [lic.decode('ascii') for lic in licenses]
> > > +                return ascii_licenses
> > > +    except Exception as e:
> > > +        bb.warn(f"Exception reading {filename}: {e}")
> > > +    return None
> > > +
> > > +def get_doc_namespace(d, doc):
> > > +    import uuid
> > > +    namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
> > > +    return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
> > > +
> > > +def create_annotation(d, comment):
> > > +    from datetime import datetime, timezone
> > > +
> > > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > > +    annotation = oe.spdx.SPDXAnnotation()
> > > +    annotation.annotationDate = creation_time
> > > +    annotation.annotationType = "OTHER"
> > > +    annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
> > > +    annotation.comment = comment
> > > +    return annotation
> > > +
> > > +def recipe_spdx_is_native(d, recipe):
> > > +    return any(a.annotationType == "OTHER" and
> > > +      a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and
> > > +      a.comment == "isNative" for a in recipe.annotations)
> > > +
> > > +def is_work_shared_spdx(d):
> > > +    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
> > > +
> > > +def get_json_indent(d):
> > > +    if d.getVar("SPDX_PRETTY") == "1":
> > > +        return 2
> > > +    return None
> > > +
> > > +python() {
> > > +    import json
> > > +    if d.getVar("SPDX_LICENSE_DATA"):
> > > +        return
> > > +
> > > +    with open(d.getVar("SPDX_LICENSES"), "r") as f:
> > > +        data = json.load(f)
> > > +        # Transform the license array to a dictionary
> > > +        data["licenses"] = {l["licenseId"]: l for l in data["licenses"]}
> > > +        d.setVar("SPDX_LICENSE_DATA", data)
> > > +}
> > > +
> > > +def convert_license_to_spdx(lic, document, d, existing={}):
> > > +    from pathlib import Path
> > > +    import oe.spdx
> > > +
> > > +    license_data = d.getVar("SPDX_LICENSE_DATA")
> > > +    extracted = {}
> > > +
> > > +    def add_extracted_license(ident, name):
> > > +        nonlocal document
> > > +
> > > +        if name in extracted:
> > > +            return
> > > +
> > > +        extracted_info = oe.spdx.SPDXExtractedLicensingInfo()
> > > +        extracted_info.name = name
> > > +        extracted_info.licenseId = ident
> > > +        extracted_info.extractedText = None
> > > +
> > > +        if name == "PD":
> > > +            # Special-case this.
> > > +            extracted_info.extractedText = "Software released to the public domain"
> > > +        else:
> > > +            # Seach for the license in COMMON_LICENSE_DIR and LICENSE_PATH
> > > +            for directory in [d.getVar('COMMON_LICENSE_DIR')] + (d.getVar('LICENSE_PATH') or '').split():
> > > +                try:
> > > +                    with (Path(directory) / name).open(errors="replace") as f:
> > > +                        extracted_info.extractedText = f.read()
> > > +                        break
> > > +                except FileNotFoundError:
> > > +                    pass
> > > +            if extracted_info.extractedText is None:
> > > +                # If it's not SPDX or PD, then NO_GENERIC_LICENSE must be set
> > > +                filename = d.getVarFlag('NO_GENERIC_LICENSE', name)
> > > +                if filename:
> > > +                    filename = d.expand("${S}/" + filename)
> > > +                    with open(filename, errors="replace") as f:
> > > +                        extracted_info.extractedText = f.read()
> > > +                else:
> > > +                    bb.error("Cannot find any text for license %s" % name)
> > > +
> > > +        extracted[name] = extracted_info
> > > +        document.hasExtractedLicensingInfos.append(extracted_info)
> > > +
> > > +    def convert(l):
> > > +        if l == "(" or l == ")":
> > > +            return l
> > > +
> > > +        if l == "&":
> > > +            return "AND"
> > > +
> > > +        if l == "|":
> > > +            return "OR"
> > > +
> > > +        if l == "CLOSED":
> > > +            return "NONE"
> > > +
> > > +        spdx_license = d.getVarFlag("SPDXLICENSEMAP", l) or l
> > > +        if spdx_license in license_data["licenses"]:
> > > +            return spdx_license
> > > +
> > > +        try:
> > > +            spdx_license = existing[l]
> > > +        except KeyError:
> > > +            spdx_license = "LicenseRef-" + l
> > > +            add_extracted_license(spdx_license, l)
> > > +
> > > +        return spdx_license
> > > +
> > > +    lic_split = lic.replace("(", " ( ").replace(")", " ) ").split()
> > > +
> > > +    return ' '.join(convert(l) for l in lic_split)
> > > +
> > > +def process_sources(d):
> > > +    pn = d.getVar('PN')
> > > +    assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
> > > +    if pn in assume_provided:
> > > +        for p in d.getVar("PROVIDES").split():
> > > +            if p != pn:
> > > +                pn = p
> > > +                break
> > > +
> > > +    # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
> > > +    # so avoid archiving source here.
> > > +    if pn.startswith('glibc-locale'):
> > > +        return False
> > > +    if d.getVar('PN') == "libtool-cross":
> > > +        return False
> > > +    if d.getVar('PN') == "libgcc-initial":
> > > +        return False
> > > +    if d.getVar('PN') == "shadow-sysroot":
> > > +        return False
> > > +
> > > +    # We just archive gcc-source for all the gcc related recipes
> > > +    if d.getVar('BPN') in ['gcc', 'libgcc']:
> > > +        bb.debug(1, 'spdx: There is bug in scan of %s is, do nothing' % pn)
> > > +        return False
> > > +
> > > +    return True
> > > +
> > > +
> > > +def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archive=None, ignore_dirs=[], ignore_top_level_dirs=[]):
> > > +    from pathlib import Path
> > > +    import oe.spdx
> > > +    import hashlib
> > > +
> > > +    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
> > > +    if source_date_epoch:
> > > +        source_date_epoch = int(source_date_epoch)
> > > +
> > > +    sha1s = []
> > > +    spdx_files = []
> > > +
> > > +    file_counter = 1
> > > +    for subdir, dirs, files in os.walk(topdir):
> > > +        dirs[:] = [d for d in dirs if d not in ignore_dirs]
> > > +        if subdir == str(topdir):
> > > +            dirs[:] = [d for d in dirs if d not in ignore_top_level_dirs]
> > > +
> > > +        for file in files:
> > > +            filepath = Path(subdir) / file
> > > +            filename = str(filepath.relative_to(topdir))
> > > +
> > > +            if not filepath.is_symlink() and filepath.is_file():
> > > +                spdx_file = oe.spdx.SPDXFile()
> > > +                spdx_file.SPDXID = get_spdxid(file_counter)
> > > +                for t in get_types(filepath):
> > > +                    spdx_file.fileTypes.append(t)
> > > +                spdx_file.fileName = filename
> > > +
> > > +                if archive is not None:
> > > +                    with filepath.open("rb") as f:
> > > +                        info = archive.gettarinfo(fileobj=f)
> > > +                        info.name = filename
> > > +                        info.uid = 0
> > > +                        info.gid = 0
> > > +                        info.uname = "root"
> > > +                        info.gname = "root"
> > > +
> > > +                        if source_date_epoch is not None and info.mtime > source_date_epoch:
> > > +                            info.mtime = source_date_epoch
> > > +
> > > +                        archive.addfile(info, f)
> > > +
> > > +                sha1 = bb.utils.sha1_file(filepath)
> > > +                sha1s.append(sha1)
> > > +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> > > +                        algorithm="SHA1",
> > > +                        checksumValue=sha1,
> > > +                    ))
> > > +                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
> > > +                        algorithm="SHA256",
> > > +                        checksumValue=bb.utils.sha256_file(filepath),
> > > +                    ))
> > > +
> > > +                if "SOURCE" in spdx_file.fileTypes:
> > > +                    extracted_lics = extract_licenses(filepath)
> > > +                    if extracted_lics:
> > > +                        spdx_file.licenseInfoInFiles = extracted_lics
> > > +
> > > +                doc.files.append(spdx_file)
> > > +                doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
> > > +                spdx_pkg.hasFiles.append(spdx_file.SPDXID)
> > > +
> > > +                spdx_files.append(spdx_file)
> > > +
> > > +                file_counter += 1
> > > +
> > > +    sha1s.sort()
> > > +    verifier = hashlib.sha1()
> > > +    for v in sha1s:
> > > +        verifier.update(v.encode("utf-8"))
> > > +    spdx_pkg.packageVerificationCode.packageVerificationCodeValue = verifier.hexdigest()
> > > +
> > > +    return spdx_files
> > > +
> > > +
> > > +def add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources):
> > > +    from pathlib import Path
> > > +    import hashlib
> > > +    import oe.packagedata
> > > +    import oe.spdx
> > > +
> > > +    debug_search_paths = [
> > > +        Path(d.getVar('PKGD')),
> > > +        Path(d.getVar('STAGING_DIR_TARGET')),
> > > +        Path(d.getVar('STAGING_DIR_NATIVE')),
> > > +        Path(d.getVar('STAGING_KERNEL_DIR')),
> > > +    ]
> > > +
> > > +    pkg_data = oe.packagedata.read_subpkgdata_extended(package, d)
> > > +
> > > +    if pkg_data is None:
> > > +        return
> > > +
> > > +    for file_path, file_data in pkg_data["files_info"].items():
> > > +        if not "debugsrc" in file_data:
> > > +            continue
> > > +
> > > +        for pkg_file in package_files:
> > > +            if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
> > > +                break
> > > +        else:
> > > +            bb.fatal("No package file found for %s" % str(file_path))
> > > +            continue
> > > +
> > > +        for debugsrc in file_data["debugsrc"]:
> > > +            ref_id = "NOASSERTION"
> > > +            for search in debug_search_paths:
> > > +                if debugsrc.startswith("/usr/src/kernel"):
> > > +                    debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '')
> > > +                else:
> > > +                    debugsrc_path = search / debugsrc.lstrip("/")
> > > +                if not debugsrc_path.exists():
> > > +                    continue
> > > +
> > > +                file_sha256 = bb.utils.sha256_file(debugsrc_path)
> > > +
> > > +                if file_sha256 in sources:
> > > +                    source_file = sources[file_sha256]
> > > +
> > > +                    doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
> > > +                    if doc_ref is None:
> > > +                        doc_ref = oe.spdx.SPDXExternalDocumentRef()
> > > +                        doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
> > > +                        doc_ref.spdxDocument = source_file.doc.documentNamespace
> > > +                        doc_ref.checksum.algorithm = "SHA1"
> > > +                        doc_ref.checksum.checksumValue = source_file.doc_sha1
> > > +                        package_doc.externalDocumentRefs.append(doc_ref)
> > > +
> > > +                    ref_id = "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID)
> > > +                else:
> > > +                    bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
> > > +                break
> > > +            else:
> > > +                bb.debug(1, "Debug source %s not found" % debugsrc)
> > > +
> > > +            package_doc.add_relationship(pkg_file, "GENERATED_FROM", ref_id, comment=debugsrc)
> > > +
> > > +def collect_dep_recipes(d, doc, spdx_recipe):
> > > +    from pathlib import Path
> > > +    import oe.sbom
> > > +    import oe.spdx
> > > +
> > > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > > +
> > > +    dep_recipes = []
> > > +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> > > +    deps = sorted(set(
> > > +        dep[0] for dep in taskdepdata.values() if
> > > +            dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
> > > +    ))
> > > +    for dep_pn in deps:
> > > +        dep_recipe_path = deploy_dir_spdx / "recipes" / ("recipe-%s.spdx.json" % dep_pn)
> > > +
> > > +        spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
> > > +
> > > +        for pkg in spdx_dep_doc.packages:
> > > +            if pkg.name == dep_pn:
> > > +                spdx_dep_recipe = pkg
> > > +                break
> > > +        else:
> > > +            continue
> > > +
> > > +        dep_recipes.append(oe.sbom.DepRecipe(spdx_dep_doc, spdx_dep_sha1, spdx_dep_recipe))
> > > +
> > > +        dep_recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> > > +        dep_recipe_ref.externalDocumentId = "DocumentRef-dependency-" + spdx_dep_doc.name
> > > +        dep_recipe_ref.spdxDocument = spdx_dep_doc.documentNamespace
> > > +        dep_recipe_ref.checksum.algorithm = "SHA1"
> > > +        dep_recipe_ref.checksum.checksumValue = spdx_dep_sha1
> > > +
> > > +        doc.externalDocumentRefs.append(dep_recipe_ref)
> > > +
> > > +        doc.add_relationship(
> > > +            "%s:%s" % (dep_recipe_ref.externalDocumentId, spdx_dep_recipe.SPDXID),
> > > +            "BUILD_DEPENDENCY_OF",
> > > +            spdx_recipe
> > > +        )
> > > +
> > > +    return dep_recipes
> > > +
> > > +collect_dep_recipes[vardepsexclude] += "BB_TASKDEPDATA"
> > > +collect_dep_recipes[vardeps] += "DEPENDS"
> > > +
> > > +def collect_dep_sources(d, dep_recipes):
> > > +    import oe.sbom
> > > +
> > > +    sources = {}
> > > +    for dep in dep_recipes:
> > > +        # Don't collect sources from native recipes as they
> > > +        # match non-native sources also.
> > > +        if recipe_spdx_is_native(d, dep.recipe):
> > > +            continue
> > > +        recipe_files = set(dep.recipe.hasFiles)
> > > +
> > > +        for spdx_file in dep.doc.files:
> > > +            if spdx_file.SPDXID not in recipe_files:
> > > +                continue
> > > +
> > > +            if "SOURCE" in spdx_file.fileTypes:
> > > +                for checksum in spdx_file.checksums:
> > > +                    if checksum.algorithm == "SHA256":
> > > +                        sources[checksum.checksumValue] = oe.sbom.DepSource(dep.doc, dep.doc_sha1, dep.recipe, spdx_file)
> > > +                        break
> > > +
> > > +    return sources
> > > +
> > > +def add_download_packages(d, doc, recipe):
> > > +    import os.path
> > > +    from bb.fetch2 import decodeurl, CHECKSUM_LIST
> > > +    import bb.process
> > > +    import oe.spdx
> > > +    import oe.sbom
> > > +
> > > +    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
> > > +        f = bb.fetch2.FetchData(src_uri, d)
> > > +
> > > +        for name in f.names:
> > > +            package = oe.spdx.SPDXPackage()
> > > +            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
> > > +            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
> > > +
> > > +            if f.type == "file":
> > > +                continue
> > > +
> > > +            uri = f.type
> > > +            proto = getattr(f, "proto", None)
> > > +            if proto is not None:
> > > +                uri = uri + "+" + proto
> > > +            uri = uri + "://" + f.host + f.path
> > > +
> > > +            if f.method.supports_srcrev():
> > > +                uri = uri + "@" + f.revisions[name]
> > > +
> > > +            if f.method.supports_checksum(f):
> > > +                for checksum_id in CHECKSUM_LIST:
> > > +                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
> > > +                        continue
> > > +
> > > +                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
> > > +                    if expected_checksum is None:
> > > +                        continue
> > > +
> > > +                    c = oe.spdx.SPDXChecksum()
> > > +                    c.algorithm = checksum_id.upper()
> > > +                    c.checksumValue = expected_checksum
> > > +                    package.checksums.append(c)
> > > +
> > > +            package.downloadLocation = uri
> > > +            doc.packages.append(package)
> > > +            doc.add_relationship(doc, "DESCRIBES", package)
> > > +            # In the future, we might be able to do more fancy dependencies,
> > > +            # but this should be sufficient for now
> > > +            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
> > > +
> > > +python do_create_spdx() {
> > > +    from datetime import datetime, timezone
> > > +    import oe.sbom
> > > +    import oe.spdx
> > > +    import uuid
> > > +    from pathlib import Path
> > > +    from contextlib import contextmanager
> > > +    import oe.cve_check
> > > +
> > > +    @contextmanager
> > > +    def optional_tarfile(name, guard, mode="w"):
> > > +        import tarfile
> > > +        import bb.compress.zstd
> > > +
> > > +        num_threads = int(d.getVar("BB_NUMBER_THREADS"))
> > > +
> > > +        if guard:
> > > +            name.parent.mkdir(parents=True, exist_ok=True)
> > > +            with bb.compress.zstd.open(name, mode=mode + "b", num_threads=num_threads) as f:
> > > +                with tarfile.open(fileobj=f, mode=mode + "|") as tf:
> > > +                    yield tf
> > > +        else:
> > > +            yield None
> > > +
> > > +
> > > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > > +    spdx_workdir = Path(d.getVar("SPDXWORK"))
> > > +    include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
> > > +    archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
> > > +    archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
> > > +
> > > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > > +
> > > +    doc = oe.spdx.SPDXDocument()
> > > +
> > > +    doc.name = "recipe-" + d.getVar("PN")
> > > +    doc.documentNamespace = get_doc_namespace(d, doc)
> > > +    doc.creationInfo.created = creation_time
> > > +    doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
> > > +    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > > +    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > > +    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > > +    doc.creationInfo.creators.append("Person: N/A ()")
> > > +
> > > +    recipe = oe.spdx.SPDXPackage()
> > > +    recipe.name = d.getVar("PN")
> > > +    recipe.versionInfo = d.getVar("PV")
> > > +    recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
> > > +    recipe.supplier = d.getVar("SPDX_SUPPLIER")
> > > +    if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
> > > +        recipe.annotations.append(create_annotation(d, "isNative"))
> > > +
> > > +    homepage = d.getVar("HOMEPAGE")
> > > +    if homepage:
> > > +        recipe.homepage = homepage
> > > +
> > > +    license = d.getVar("LICENSE")
> > > +    if license:
> > > +        recipe.licenseDeclared = convert_license_to_spdx(license, doc, d)
> > > +
> > > +    summary = d.getVar("SUMMARY")
> > > +    if summary:
> > > +        recipe.summary = summary
> > > +
> > > +    description = d.getVar("DESCRIPTION")
> > > +    if description:
> > > +        recipe.description = description
> > > +
> > > +    if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
> > > +        for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
> > > +            recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var)))
> > > +
> > > +    # Some CVEs may be patched during the build process without incrementing the version number,
> > > +    # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
> > > +    # save the CVEs fixed by patches to source information field in the SPDX.
> > > +    patched_cves = oe.cve_check.get_patched_cves(d)
> > > +    patched_cves = list(patched_cves)
> > > +    patched_cves = ' '.join(patched_cves)
> > > +    if patched_cves:
> > > +        recipe.sourceInfo = "CVEs fixed: " + patched_cves
> > > +
> > > +    cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION"))
> > > +    if cpe_ids:
> > > +        for cpe_id in cpe_ids:
> > > +            cpe = oe.spdx.SPDXExternalReference()
> > > +            cpe.referenceCategory = "SECURITY"
> > > +            cpe.referenceType = "http://spdx.org/rdf/references/cpe23Type"
> > > +            cpe.referenceLocator = cpe_id
> > > +            recipe.externalRefs.append(cpe)
> > > +
> > > +    doc.packages.append(recipe)
> > > +    doc.add_relationship(doc, "DESCRIBES", recipe)
> > > +
> > > +    add_download_packages(d, doc, recipe)
> > > +
> > > +    if process_sources(d) and include_sources:
> > > +        recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
> > > +        with optional_tarfile(recipe_archive, archive_sources) as archive:
> > > +            spdx_get_src(d)
> > > +
> > > +            add_package_files(
> > > +                d,
> > > +                doc,
> > > +                recipe,
> > > +                spdx_workdir,
> > > +                lambda file_counter: "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), file_counter),
> > > +                lambda filepath: ["SOURCE"],
> > > +                ignore_dirs=[".git"],
> > > +                ignore_top_level_dirs=["temp"],
> > > +                archive=archive,
> > > +            )
> > > +
> > > +            if archive is not None:
> > > +                recipe.packageFileName = str(recipe_archive.name)
> > > +
> > > +    dep_recipes = collect_dep_recipes(d, doc, recipe)
> > > +
> > > +    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
> > > +    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
> > > +
> > > +    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
> > > +    recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
> > > +    recipe_ref.spdxDocument = doc.documentNamespace
> > > +    recipe_ref.checksum.algorithm = "SHA1"
> > > +    recipe_ref.checksum.checksumValue = doc_sha1
> > > +
> > > +    sources = collect_dep_sources(d, dep_recipes)
> > > +    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
> > > +
> > > +    if not recipe_spdx_is_native(d, recipe):
> > > +        bb.build.exec_func("read_subpackage_metadata", d)
> > > +
> > > +        pkgdest = Path(d.getVar("PKGDEST"))
> > > +        for package in d.getVar("PACKAGES").split():
> > > +            if not oe.packagedata.packaged(package, d):
> > > +                continue
> > > +
> > > +            package_doc = oe.spdx.SPDXDocument()
> > > +            pkg_name = d.getVar("PKG:%s" % package) or package
> > > +            package_doc.name = pkg_name
> > > +            package_doc.documentNamespace = get_doc_namespace(d, package_doc)
> > > +            package_doc.creationInfo.created = creation_time
> > > +            package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
> > > +            package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > > +            package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > > +            package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > > +            package_doc.creationInfo.creators.append("Person: N/A ()")
> > > +            package_doc.externalDocumentRefs.append(recipe_ref)
> > > +
> > > +            package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
> > > +
> > > +            spdx_package = oe.spdx.SPDXPackage()
> > > +
> > > +            spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
> > > +            spdx_package.name = pkg_name
> > > +            spdx_package.versionInfo = d.getVar("PV")
> > > +            spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
> > > +            spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
> > > +
> > > +            package_doc.packages.append(spdx_package)
> > > +
> > > +            package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
> > > +            package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
> > > +
> > > +            package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
> > > +            with optional_tarfile(package_archive, archive_packaged) as archive:
> > > +                package_files = add_package_files(
> > > +                    d,
> > > +                    package_doc,
> > > +                    spdx_package,
> > > +                    pkgdest / package,
> > > +                    lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
> > > +                    lambda filepath: ["BINARY"],
> > > +                    ignore_top_level_dirs=['CONTROL', 'DEBIAN'],
> > > +                    archive=archive,
> > > +                )
> > > +
> > > +                if archive is not None:
> > > +                    spdx_package.packageFileName = str(package_archive.name)
> > > +
> > > +            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
> > > +
> > > +            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
> > > +}
> > > +# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
> > > +addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
> > > +
> > > +SSTATETASKS += "do_create_spdx"
> > > +do_create_spdx[sstate-inputdirs] = "${SPDXDEPLOY}"
> > > +do_create_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> > > +
> > > +python do_create_spdx_setscene () {
> > > +    sstate_setscene(d)
> > > +}
> > > +addtask do_create_spdx_setscene
> > > +
> > > +do_create_spdx[dirs] = "${SPDXWORK}"
> > > +do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
> > > +do_create_spdx[depends] += "${PATCHDEPENDENCY}"
> > > +do_create_spdx[deptask] = "do_create_spdx"
> > > +
> > > +def collect_package_providers(d):
> > > +    from pathlib import Path
> > > +    import oe.sbom
> > > +    import oe.spdx
> > > +    import json
> > > +
> > > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > > +
> > > +    providers = {}
> > > +
> > > +    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
> > > +    deps = sorted(set(
> > > +        dep[0] for dep in taskdepdata.values() if dep[0] != d.getVar("PN")
> > > +    ))
> > > +    deps.append(d.getVar("PN"))
> > > +
> > > +    for dep_pn in deps:
> > > +        recipe_data = oe.packagedata.read_pkgdata(dep_pn, d)
> > > +
> > > +        for pkg in recipe_data.get("PACKAGES", "").split():
> > > +
> > > +            pkg_data = oe.packagedata.read_subpkgdata_dict(pkg, d)
> > > +            rprovides = set(n for n, _ in bb.utils.explode_dep_versions2(pkg_data.get("RPROVIDES", "")).items())
> > > +            rprovides.add(pkg)
> > > +
> > > +            for r in rprovides:
> > > +                providers[r] = pkg
> > > +
> > > +    return providers
> > > +
> > > +collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
> > > +
> > > +python do_create_runtime_spdx() {
> > > +    from datetime import datetime, timezone
> > > +    import oe.sbom
> > > +    import oe.spdx
> > > +    import oe.packagedata
> > > +    from pathlib import Path
> > > +
> > > +    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
> > > +    spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
> > > +    is_native = bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d)
> > > +
> > > +    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
> > > +
> > > +    providers = collect_package_providers(d)
> > > +
> > > +    if not is_native:
> > > +        bb.build.exec_func("read_subpackage_metadata", d)
> > > +
> > > +        dep_package_cache = {}
> > > +
> > > +        pkgdest = Path(d.getVar("PKGDEST"))
> > > +        for package in d.getVar("PACKAGES").split():
> > > +            localdata = bb.data.createCopy(d)
> > > +            pkg_name = d.getVar("PKG:%s" % package) or package
> > > +            localdata.setVar("PKG", pkg_name)
> > > +            localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
> > > +
> > > +            if not oe.packagedata.packaged(package, localdata):
> > > +                continue
> > > +
> > > +            pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
> > > +
> > > +            package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
> > > +
> > > +            for p in package_doc.packages:
> > > +                if p.name == pkg_name:
> > > +                    spdx_package = p
> > > +                    break
> > > +            else:
> > > +                bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
> > > +
> > > +            runtime_doc = oe.spdx.SPDXDocument()
> > > +            runtime_doc.name = "runtime-" + pkg_name
> > > +            runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
> > > +            runtime_doc.creationInfo.created = creation_time
> > > +            runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
> > > +            runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
> > > +            runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
> > > +            runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
> > > +            runtime_doc.creationInfo.creators.append("Person: N/A ()")
> > > +
> > > +            package_ref = oe.spdx.SPDXExternalDocumentRef()
> > > +            package_ref.externalDocumentId = "DocumentRef-package-" + package
> > > +            package_ref.spdxDocument = package_doc.documentNamespace
> > > +            package_ref.checksum.algorithm = "SHA1"
> > > +            package_ref.checksum.checksumValue = package_doc_sha1
> > > +
> > > +            runtime_doc.externalDocumentRefs.append(package_ref)
> > > +
> > > +            runtime_doc.add_relationship(
> > > +                runtime_doc.SPDXID,
> > > +                "AMENDS",
> > > +                "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
> > > +            )
> > > +
> > > +            deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
> > > +            seen_deps = set()
> > > +            for dep, _ in deps.items():
> > > +                if dep in seen_deps:
> > > +                    continue
> > > +
> > > +                if dep not in providers:
> > > +                    continue
> > > +
> > > +                dep = providers[dep]
> > > +
> > > +                if not oe.packagedata.packaged(dep, localdata):
> > > +                    continue
> > > +
> > > +                dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
> > > +                dep_pkg = dep_pkg_data["PKG"]
> > > +
> > > +                if dep in dep_package_cache:
> > > +                    (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
> > > +                else:
> > > +                    dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
> > > +
> > > +                    spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
> > > +
> > > +                    for pkg in spdx_dep_doc.packages:
> > > +                        if pkg.name == dep_pkg:
> > > +                            dep_spdx_package = pkg
> > > +                            break
> > > +                    else:
> > > +                        bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
> > > +
> > > +                    dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
> > > +                    dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
> > > +                    dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
> > > +                    dep_package_ref.checksum.algorithm = "SHA1"
> > > +                    dep_package_ref.checksum.checksumValue = spdx_dep_sha1
> > > +
> > > +                    dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
> > > +
> > > +                runtime_doc.externalDocumentRefs.append(dep_package_ref)
> > > +
> > > +                runtime_doc.add_relationship(
> > > +                    "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
> > > +                    "RUNTIME_DEPENDENCY_OF",
> > > +                    "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
> > > +                )
> > > +                seen_deps.add(dep)
> > > +
> > > +            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
> > > +}
> > > +
> > > +addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
> > > +SSTATETASKS += "do_create_runtime_spdx"
> > > +do_create_runtime_spdx[sstate-inputdirs] = "${SPDXRUNTIMEDEPLOY}"
> > > +do_create_runtime_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
> > > +
> > > +python do_create_runtime_spdx_setscene () {
> > > +    sstate_setscene(d)
> > > +}
> > > +addtask do_create_runtime_spdx_setscene
> > > +
> > > +do_create_runtime_spdx[dirs] = "${SPDXRUNTIMEDEPLOY}"
> > > +do_create_runtime_spdx[cleandirs] = "${SPDXRUNTIMEDEPLOY}"
> > > +do_create_runtime_spdx[rdeptask] = "do_create_spdx"
> > > +
> > > +def spdx_get_src(d):
> > > +    """
> > > +    save patched source of the recipe in SPDX_WORKDIR.
> > > +    """
> > > +    import shutil
> > > +    spdx_workdir = d.getVar('SPDXWORK')
> > > +    spdx_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
> > > +    pn = d.getVar('PN')
> > > +
> > > +    workdir = d.getVar("WORKDIR")
> > > +
> > > +    try:
> > > +        # The kernel class functions require it to be on work-shared, so we dont change WORKDIR
> > > +        if not is_work_shared_spdx(d):
> > > +            # Change the WORKDIR to make do_unpack do_patch run in another dir.
> > > +            d.setVar('WORKDIR', spdx_workdir)
> > > +            # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
> > > +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> > > +
> > > +            # The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
> > > +            # possibly requiring of the following tasks (such as some recipes's
> > > +            # do_patch required 'B' existed).
> > > +            bb.utils.mkdirhier(d.getVar('B'))
> > > +
> > > +            bb.build.exec_func('do_unpack', d)
> > > +        # Copy source of kernel to spdx_workdir
> > > +        if is_work_shared_spdx(d):
> > > +            share_src = d.getVar('WORKDIR')
> > > +            d.setVar('WORKDIR', spdx_workdir)
> > > +            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
> > > +            src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
> > > +            bb.utils.mkdirhier(src_dir)
> > > +            if bb.data.inherits_class('kernel',d):
> > > +                share_src = d.getVar('STAGING_KERNEL_DIR')
> > > +            cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
> > > +            cmd_copy_shared_res = os.popen(cmd_copy_share).read()
> > > +            bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
> > > +
> > > +            git_path = src_dir + "/.git"
> > > +            if os.path.exists(git_path):
> > > +                shutils.rmtree(git_path)
> > > +
> > > +        # Make sure gcc and kernel sources are patched only once
> > > +        if not (d.getVar('SRC_URI') == "" or is_work_shared_spdx(d)):
> > > +            bb.build.exec_func('do_patch', d)
> > > +
> > > +        # Some userland has no source.
> > > +        if not os.path.exists( spdx_workdir ):
> > > +            bb.utils.mkdirhier(spdx_workdir)
> > > +    finally:
> > > +        d.setVar("WORKDIR", workdir)
> > > +
> > > +do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> > > +do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
> > > +
> > > +ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
> > > +
> > > +do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
> > > +do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
> > > +POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = " sdk_host_combine_spdx; "
> > > +POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = " sdk_target_combine_spdx; "
> > > +
> > > +python image_combine_spdx() {
> > > +    import os
> > > +    import oe.sbom
> > > +    from pathlib import Path
> > > +    from oe.rootfs import image_list_installed_packages
> > > +
> > > +    image_name = d.getVar("IMAGE_NAME")
> > > +    image_link_name = d.getVar("IMAGE_LINK_NAME")
> > > +    imgdeploydir = Path(d.getVar("IMGDEPLOYDIR"))
> > > +    img_spdxid = oe.sbom.get_image_spdxid(image_name)
> > > +    packages = image_list_installed_packages(d)
> > > +
> > > +    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages, Path(d.getVar("SPDXIMAGEWORK")))
> > > +
> > > +    def make_image_link(target_path, suffix):
> > > +        if image_link_name:
> > > +            link = imgdeploydir / (image_link_name + suffix)
> > > +            if link != target_path:
> > > +                link.symlink_to(os.path.relpath(target_path, link.parent))
> > > +
> > > +    spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
> > > +    make_image_link(spdx_tar_path, ".spdx.tar.zst")
> >
> > The image link should be called tar.gz also. Probably best to make a
> > gzip-from-the-start version for Dunfell,
> > or perhaps squash everything?
>
> This is a bit of an unusual situation where we're taking a different
> path to master. I think this does make sense as it shows the delta with
> master more clearly and that could be useful in the future so I suspect
> that it does make sense as it is here, albeit a little unusual.
>
> Cheers,
>
> Richard
>
>
diff mbox series

Patch

diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
new file mode 100644
index 0000000000..13d13fe1fc
--- /dev/null
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -0,0 +1,1069 @@ 
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${MACHINE}"
+
+# The product name that the CVE database uses.  Defaults to BPN, but may need to
+# be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff).
+CVE_PRODUCT ??= "${BPN}"
+CVE_VERSION ??= "${PV}"
+
+SPDXDIR ??= "${WORKDIR}/spdx"
+SPDXDEPLOY = "${SPDXDIR}/deploy"
+SPDXWORK = "${SPDXDIR}/work"
+SPDXIMAGEWORK = "${SPDXDIR}/image-work"
+SPDXSDKWORK = "${SPDXDIR}/sdk-work"
+
+SPDX_TOOL_NAME ??= "oe-spdx-creator"
+SPDX_TOOL_VERSION ??= "1.0"
+
+SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy"
+
+SPDX_INCLUDE_SOURCES ??= "0"
+SPDX_ARCHIVE_SOURCES ??= "0"
+SPDX_ARCHIVE_PACKAGED ??= "0"
+
+SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org"
+SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
+SPDX_PRETTY ??= "0"
+
+SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
+
+SPDX_CUSTOM_ANNOTATION_VARS ??= ""
+
+SPDX_ORG ??= "OpenEmbedded ()"
+SPDX_SUPPLIER ??= "Organization: ${SPDX_ORG}"
+SPDX_SUPPLIER[doc] = "The SPDX PackageSupplier field for SPDX packages created from \
+    this recipe. For SPDX documents create using this class during the build, this \
+    is the contact information for the person or organization who is doing the \
+    build."
+
+def extract_licenses(filename):
+    import re
+
+    lic_regex = re.compile(rb'^\W*SPDX-License-Identifier:\s*([ \w\d.()+-]+?)(?:\s+\W*)?$', re.MULTILINE)
+
+    try:
+        with open(filename, 'rb') as f:
+            size = min(15000, os.stat(filename).st_size)
+            txt = f.read(size)
+            licenses = re.findall(lic_regex, txt)
+            if licenses:
+                ascii_licenses = [lic.decode('ascii') for lic in licenses]
+                return ascii_licenses
+    except Exception as e:
+        bb.warn(f"Exception reading {filename}: {e}")
+    return None
+
+def get_doc_namespace(d, doc):
+    import uuid
+    namespace_uuid = uuid.uuid5(uuid.NAMESPACE_DNS, d.getVar("SPDX_UUID_NAMESPACE"))
+    return "%s/%s-%s" % (d.getVar("SPDX_NAMESPACE_PREFIX"), doc.name, str(uuid.uuid5(namespace_uuid, doc.name)))
+
+def create_annotation(d, comment):
+    from datetime import datetime, timezone
+
+    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+    annotation = oe.spdx.SPDXAnnotation()
+    annotation.annotationDate = creation_time
+    annotation.annotationType = "OTHER"
+    annotation.annotator = "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION"))
+    annotation.comment = comment
+    return annotation
+
+def recipe_spdx_is_native(d, recipe):
+    return any(a.annotationType == "OTHER" and
+      a.annotator == "Tool: %s - %s" % (d.getVar("SPDX_TOOL_NAME"), d.getVar("SPDX_TOOL_VERSION")) and
+      a.comment == "isNative" for a in recipe.annotations)
+
+def is_work_shared_spdx(d):
+    return bb.data.inherits_class('kernel', d) or ('work-shared' in d.getVar('WORKDIR'))
+
+def get_json_indent(d):
+    if d.getVar("SPDX_PRETTY") == "1":
+        return 2
+    return None
+
+python() {
+    import json
+    if d.getVar("SPDX_LICENSE_DATA"):
+        return
+
+    with open(d.getVar("SPDX_LICENSES"), "r") as f:
+        data = json.load(f)
+        # Transform the license array to a dictionary
+        data["licenses"] = {l["licenseId"]: l for l in data["licenses"]}
+        d.setVar("SPDX_LICENSE_DATA", data)
+}
+
+def convert_license_to_spdx(lic, document, d, existing={}):
+    from pathlib import Path
+    import oe.spdx
+
+    license_data = d.getVar("SPDX_LICENSE_DATA")
+    extracted = {}
+
+    def add_extracted_license(ident, name):
+        nonlocal document
+
+        if name in extracted:
+            return
+
+        extracted_info = oe.spdx.SPDXExtractedLicensingInfo()
+        extracted_info.name = name
+        extracted_info.licenseId = ident
+        extracted_info.extractedText = None
+
+        if name == "PD":
+            # Special-case this.
+            extracted_info.extractedText = "Software released to the public domain"
+        else:
+            # Seach for the license in COMMON_LICENSE_DIR and LICENSE_PATH
+            for directory in [d.getVar('COMMON_LICENSE_DIR')] + (d.getVar('LICENSE_PATH') or '').split():
+                try:
+                    with (Path(directory) / name).open(errors="replace") as f:
+                        extracted_info.extractedText = f.read()
+                        break
+                except FileNotFoundError:
+                    pass
+            if extracted_info.extractedText is None:
+                # If it's not SPDX or PD, then NO_GENERIC_LICENSE must be set
+                filename = d.getVarFlag('NO_GENERIC_LICENSE', name)
+                if filename:
+                    filename = d.expand("${S}/" + filename)
+                    with open(filename, errors="replace") as f:
+                        extracted_info.extractedText = f.read()
+                else:
+                    bb.error("Cannot find any text for license %s" % name)
+
+        extracted[name] = extracted_info
+        document.hasExtractedLicensingInfos.append(extracted_info)
+
+    def convert(l):
+        if l == "(" or l == ")":
+            return l
+
+        if l == "&":
+            return "AND"
+
+        if l == "|":
+            return "OR"
+
+        if l == "CLOSED":
+            return "NONE"
+
+        spdx_license = d.getVarFlag("SPDXLICENSEMAP", l) or l
+        if spdx_license in license_data["licenses"]:
+            return spdx_license
+
+        try:
+            spdx_license = existing[l]
+        except KeyError:
+            spdx_license = "LicenseRef-" + l
+            add_extracted_license(spdx_license, l)
+
+        return spdx_license
+
+    lic_split = lic.replace("(", " ( ").replace(")", " ) ").split()
+
+    return ' '.join(convert(l) for l in lic_split)
+
+def process_sources(d):
+    pn = d.getVar('PN')
+    assume_provided = (d.getVar("ASSUME_PROVIDED") or "").split()
+    if pn in assume_provided:
+        for p in d.getVar("PROVIDES").split():
+            if p != pn:
+                pn = p
+                break
+
+    # glibc-locale: do_fetch, do_unpack and do_patch tasks have been deleted,
+    # so avoid archiving source here.
+    if pn.startswith('glibc-locale'):
+        return False
+    if d.getVar('PN') == "libtool-cross":
+        return False
+    if d.getVar('PN') == "libgcc-initial":
+        return False
+    if d.getVar('PN') == "shadow-sysroot":
+        return False
+
+    # We just archive gcc-source for all the gcc related recipes
+    if d.getVar('BPN') in ['gcc', 'libgcc']:
+        bb.debug(1, 'spdx: There is bug in scan of %s is, do nothing' % pn)
+        return False
+
+    return True
+
+
+def add_package_files(d, doc, spdx_pkg, topdir, get_spdxid, get_types, *, archive=None, ignore_dirs=[], ignore_top_level_dirs=[]):
+    from pathlib import Path
+    import oe.spdx
+    import hashlib
+
+    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
+    if source_date_epoch:
+        source_date_epoch = int(source_date_epoch)
+
+    sha1s = []
+    spdx_files = []
+
+    file_counter = 1
+    for subdir, dirs, files in os.walk(topdir):
+        dirs[:] = [d for d in dirs if d not in ignore_dirs]
+        if subdir == str(topdir):
+            dirs[:] = [d for d in dirs if d not in ignore_top_level_dirs]
+
+        for file in files:
+            filepath = Path(subdir) / file
+            filename = str(filepath.relative_to(topdir))
+
+            if not filepath.is_symlink() and filepath.is_file():
+                spdx_file = oe.spdx.SPDXFile()
+                spdx_file.SPDXID = get_spdxid(file_counter)
+                for t in get_types(filepath):
+                    spdx_file.fileTypes.append(t)
+                spdx_file.fileName = filename
+
+                if archive is not None:
+                    with filepath.open("rb") as f:
+                        info = archive.gettarinfo(fileobj=f)
+                        info.name = filename
+                        info.uid = 0
+                        info.gid = 0
+                        info.uname = "root"
+                        info.gname = "root"
+
+                        if source_date_epoch is not None and info.mtime > source_date_epoch:
+                            info.mtime = source_date_epoch
+
+                        archive.addfile(info, f)
+
+                sha1 = bb.utils.sha1_file(filepath)
+                sha1s.append(sha1)
+                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
+                        algorithm="SHA1",
+                        checksumValue=sha1,
+                    ))
+                spdx_file.checksums.append(oe.spdx.SPDXChecksum(
+                        algorithm="SHA256",
+                        checksumValue=bb.utils.sha256_file(filepath),
+                    ))
+
+                if "SOURCE" in spdx_file.fileTypes:
+                    extracted_lics = extract_licenses(filepath)
+                    if extracted_lics:
+                        spdx_file.licenseInfoInFiles = extracted_lics
+
+                doc.files.append(spdx_file)
+                doc.add_relationship(spdx_pkg, "CONTAINS", spdx_file)
+                spdx_pkg.hasFiles.append(spdx_file.SPDXID)
+
+                spdx_files.append(spdx_file)
+
+                file_counter += 1
+
+    sha1s.sort()
+    verifier = hashlib.sha1()
+    for v in sha1s:
+        verifier.update(v.encode("utf-8"))
+    spdx_pkg.packageVerificationCode.packageVerificationCodeValue = verifier.hexdigest()
+
+    return spdx_files
+
+
+def add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources):
+    from pathlib import Path
+    import hashlib
+    import oe.packagedata
+    import oe.spdx
+
+    debug_search_paths = [
+        Path(d.getVar('PKGD')),
+        Path(d.getVar('STAGING_DIR_TARGET')),
+        Path(d.getVar('STAGING_DIR_NATIVE')),
+        Path(d.getVar('STAGING_KERNEL_DIR')),
+    ]
+
+    pkg_data = oe.packagedata.read_subpkgdata_extended(package, d)
+
+    if pkg_data is None:
+        return
+
+    for file_path, file_data in pkg_data["files_info"].items():
+        if not "debugsrc" in file_data:
+            continue
+
+        for pkg_file in package_files:
+            if file_path.lstrip("/") == pkg_file.fileName.lstrip("/"):
+                break
+        else:
+            bb.fatal("No package file found for %s" % str(file_path))
+            continue
+
+        for debugsrc in file_data["debugsrc"]:
+            ref_id = "NOASSERTION"
+            for search in debug_search_paths:
+                if debugsrc.startswith("/usr/src/kernel"):
+                    debugsrc_path = search / debugsrc.replace('/usr/src/kernel/', '')
+                else:
+                    debugsrc_path = search / debugsrc.lstrip("/")
+                if not debugsrc_path.exists():
+                    continue
+
+                file_sha256 = bb.utils.sha256_file(debugsrc_path)
+
+                if file_sha256 in sources:
+                    source_file = sources[file_sha256]
+
+                    doc_ref = package_doc.find_external_document_ref(source_file.doc.documentNamespace)
+                    if doc_ref is None:
+                        doc_ref = oe.spdx.SPDXExternalDocumentRef()
+                        doc_ref.externalDocumentId = "DocumentRef-dependency-" + source_file.doc.name
+                        doc_ref.spdxDocument = source_file.doc.documentNamespace
+                        doc_ref.checksum.algorithm = "SHA1"
+                        doc_ref.checksum.checksumValue = source_file.doc_sha1
+                        package_doc.externalDocumentRefs.append(doc_ref)
+
+                    ref_id = "%s:%s" % (doc_ref.externalDocumentId, source_file.file.SPDXID)
+                else:
+                    bb.debug(1, "Debug source %s with SHA256 %s not found in any dependency" % (str(debugsrc_path), file_sha256))
+                break
+            else:
+                bb.debug(1, "Debug source %s not found" % debugsrc)
+
+            package_doc.add_relationship(pkg_file, "GENERATED_FROM", ref_id, comment=debugsrc)
+
+def collect_dep_recipes(d, doc, spdx_recipe):
+    from pathlib import Path
+    import oe.sbom
+    import oe.spdx
+
+    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+
+    dep_recipes = []
+    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+    deps = sorted(set(
+        dep[0] for dep in taskdepdata.values() if
+            dep[1] == "do_create_spdx" and dep[0] != d.getVar("PN")
+    ))
+    for dep_pn in deps:
+        dep_recipe_path = deploy_dir_spdx / "recipes" / ("recipe-%s.spdx.json" % dep_pn)
+
+        spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_recipe_path)
+
+        for pkg in spdx_dep_doc.packages:
+            if pkg.name == dep_pn:
+                spdx_dep_recipe = pkg
+                break
+        else:
+            continue
+
+        dep_recipes.append(oe.sbom.DepRecipe(spdx_dep_doc, spdx_dep_sha1, spdx_dep_recipe))
+
+        dep_recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+        dep_recipe_ref.externalDocumentId = "DocumentRef-dependency-" + spdx_dep_doc.name
+        dep_recipe_ref.spdxDocument = spdx_dep_doc.documentNamespace
+        dep_recipe_ref.checksum.algorithm = "SHA1"
+        dep_recipe_ref.checksum.checksumValue = spdx_dep_sha1
+
+        doc.externalDocumentRefs.append(dep_recipe_ref)
+
+        doc.add_relationship(
+            "%s:%s" % (dep_recipe_ref.externalDocumentId, spdx_dep_recipe.SPDXID),
+            "BUILD_DEPENDENCY_OF",
+            spdx_recipe
+        )
+
+    return dep_recipes
+
+collect_dep_recipes[vardepsexclude] += "BB_TASKDEPDATA"
+collect_dep_recipes[vardeps] += "DEPENDS"
+
+def collect_dep_sources(d, dep_recipes):
+    import oe.sbom
+
+    sources = {}
+    for dep in dep_recipes:
+        # Don't collect sources from native recipes as they
+        # match non-native sources also.
+        if recipe_spdx_is_native(d, dep.recipe):
+            continue
+        recipe_files = set(dep.recipe.hasFiles)
+
+        for spdx_file in dep.doc.files:
+            if spdx_file.SPDXID not in recipe_files:
+                continue
+
+            if "SOURCE" in spdx_file.fileTypes:
+                for checksum in spdx_file.checksums:
+                    if checksum.algorithm == "SHA256":
+                        sources[checksum.checksumValue] = oe.sbom.DepSource(dep.doc, dep.doc_sha1, dep.recipe, spdx_file)
+                        break
+
+    return sources
+
+def add_download_packages(d, doc, recipe):
+    import os.path
+    from bb.fetch2 import decodeurl, CHECKSUM_LIST
+    import bb.process
+    import oe.spdx
+    import oe.sbom
+
+    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
+        f = bb.fetch2.FetchData(src_uri, d)
+
+        for name in f.names:
+            package = oe.spdx.SPDXPackage()
+            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
+            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
+
+            if f.type == "file":
+                continue
+
+            uri = f.type
+            proto = getattr(f, "proto", None)
+            if proto is not None:
+                uri = uri + "+" + proto
+            uri = uri + "://" + f.host + f.path
+
+            if f.method.supports_srcrev():
+                uri = uri + "@" + f.revisions[name]
+
+            if f.method.supports_checksum(f):
+                for checksum_id in CHECKSUM_LIST:
+                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+                        continue
+
+                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
+                    if expected_checksum is None:
+                        continue
+
+                    c = oe.spdx.SPDXChecksum()
+                    c.algorithm = checksum_id.upper()
+                    c.checksumValue = expected_checksum
+                    package.checksums.append(c)
+
+            package.downloadLocation = uri
+            doc.packages.append(package)
+            doc.add_relationship(doc, "DESCRIBES", package)
+            # In the future, we might be able to do more fancy dependencies,
+            # but this should be sufficient for now
+            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
+
+python do_create_spdx() {
+    from datetime import datetime, timezone
+    import oe.sbom
+    import oe.spdx
+    import uuid
+    from pathlib import Path
+    from contextlib import contextmanager
+    import oe.cve_check
+
+    @contextmanager
+    def optional_tarfile(name, guard, mode="w"):
+        import tarfile
+        import bb.compress.zstd
+
+        num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+
+        if guard:
+            name.parent.mkdir(parents=True, exist_ok=True)
+            with bb.compress.zstd.open(name, mode=mode + "b", num_threads=num_threads) as f:
+                with tarfile.open(fileobj=f, mode=mode + "|") as tf:
+                    yield tf
+        else:
+            yield None
+
+
+    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+    spdx_workdir = Path(d.getVar("SPDXWORK"))
+    include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1"
+    archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1"
+    archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1"
+
+    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+    doc = oe.spdx.SPDXDocument()
+
+    doc.name = "recipe-" + d.getVar("PN")
+    doc.documentNamespace = get_doc_namespace(d, doc)
+    doc.creationInfo.created = creation_time
+    doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
+    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
+    doc.creationInfo.creators.append("Person: N/A ()")
+
+    recipe = oe.spdx.SPDXPackage()
+    recipe.name = d.getVar("PN")
+    recipe.versionInfo = d.getVar("PV")
+    recipe.SPDXID = oe.sbom.get_recipe_spdxid(d)
+    recipe.supplier = d.getVar("SPDX_SUPPLIER")
+    if bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d):
+        recipe.annotations.append(create_annotation(d, "isNative"))
+
+    homepage = d.getVar("HOMEPAGE")
+    if homepage:
+        recipe.homepage = homepage
+
+    license = d.getVar("LICENSE")
+    if license:
+        recipe.licenseDeclared = convert_license_to_spdx(license, doc, d)
+
+    summary = d.getVar("SUMMARY")
+    if summary:
+        recipe.summary = summary
+
+    description = d.getVar("DESCRIPTION")
+    if description:
+        recipe.description = description
+
+    if d.getVar("SPDX_CUSTOM_ANNOTATION_VARS"):
+        for var in d.getVar('SPDX_CUSTOM_ANNOTATION_VARS').split():
+            recipe.annotations.append(create_annotation(d, var + "=" + d.getVar(var)))
+
+    # Some CVEs may be patched during the build process without incrementing the version number,
+    # so querying for CVEs based on the CPE id can lead to false positives. To account for this,
+    # save the CVEs fixed by patches to source information field in the SPDX.
+    patched_cves = oe.cve_check.get_patched_cves(d)
+    patched_cves = list(patched_cves)
+    patched_cves = ' '.join(patched_cves)
+    if patched_cves:
+        recipe.sourceInfo = "CVEs fixed: " + patched_cves
+
+    cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION"))
+    if cpe_ids:
+        for cpe_id in cpe_ids:
+            cpe = oe.spdx.SPDXExternalReference()
+            cpe.referenceCategory = "SECURITY"
+            cpe.referenceType = "http://spdx.org/rdf/references/cpe23Type"
+            cpe.referenceLocator = cpe_id
+            recipe.externalRefs.append(cpe)
+
+    doc.packages.append(recipe)
+    doc.add_relationship(doc, "DESCRIBES", recipe)
+
+    add_download_packages(d, doc, recipe)
+
+    if process_sources(d) and include_sources:
+        recipe_archive = deploy_dir_spdx / "recipes" / (doc.name + ".tar.zst")
+        with optional_tarfile(recipe_archive, archive_sources) as archive:
+            spdx_get_src(d)
+
+            add_package_files(
+                d,
+                doc,
+                recipe,
+                spdx_workdir,
+                lambda file_counter: "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), file_counter),
+                lambda filepath: ["SOURCE"],
+                ignore_dirs=[".git"],
+                ignore_top_level_dirs=["temp"],
+                archive=archive,
+            )
+
+            if archive is not None:
+                recipe.packageFileName = str(recipe_archive.name)
+
+    dep_recipes = collect_dep_recipes(d, doc, recipe)
+
+    doc_sha1 = oe.sbom.write_doc(d, doc, "recipes", indent=get_json_indent(d))
+    dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
+
+    recipe_ref = oe.spdx.SPDXExternalDocumentRef()
+    recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
+    recipe_ref.spdxDocument = doc.documentNamespace
+    recipe_ref.checksum.algorithm = "SHA1"
+    recipe_ref.checksum.checksumValue = doc_sha1
+
+    sources = collect_dep_sources(d, dep_recipes)
+    found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
+
+    if not recipe_spdx_is_native(d, recipe):
+        bb.build.exec_func("read_subpackage_metadata", d)
+
+        pkgdest = Path(d.getVar("PKGDEST"))
+        for package in d.getVar("PACKAGES").split():
+            if not oe.packagedata.packaged(package, d):
+                continue
+
+            package_doc = oe.spdx.SPDXDocument()
+            pkg_name = d.getVar("PKG:%s" % package) or package
+            package_doc.name = pkg_name
+            package_doc.documentNamespace = get_doc_namespace(d, package_doc)
+            package_doc.creationInfo.created = creation_time
+            package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
+            package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+            package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+            package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
+            package_doc.creationInfo.creators.append("Person: N/A ()")
+            package_doc.externalDocumentRefs.append(recipe_ref)
+
+            package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
+
+            spdx_package = oe.spdx.SPDXPackage()
+
+            spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
+            spdx_package.name = pkg_name
+            spdx_package.versionInfo = d.getVar("PV")
+            spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
+            spdx_package.supplier = d.getVar("SPDX_SUPPLIER")
+
+            package_doc.packages.append(spdx_package)
+
+            package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID))
+            package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package)
+
+            package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst")
+            with optional_tarfile(package_archive, archive_packaged) as archive:
+                package_files = add_package_files(
+                    d,
+                    package_doc,
+                    spdx_package,
+                    pkgdest / package,
+                    lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter),
+                    lambda filepath: ["BINARY"],
+                    ignore_top_level_dirs=['CONTROL', 'DEBIAN'],
+                    archive=archive,
+                )
+
+                if archive is not None:
+                    spdx_package.packageFileName = str(package_archive.name)
+
+            add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources)
+
+            oe.sbom.write_doc(d, package_doc, "packages", indent=get_json_indent(d))
+}
+# NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source
+addtask do_create_spdx after do_package do_packagedata do_unpack before do_populate_sdk do_build do_rm_work
+
+SSTATETASKS += "do_create_spdx"
+do_create_spdx[sstate-inputdirs] = "${SPDXDEPLOY}"
+do_create_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
+
+python do_create_spdx_setscene () {
+    sstate_setscene(d)
+}
+addtask do_create_spdx_setscene
+
+do_create_spdx[dirs] = "${SPDXWORK}"
+do_create_spdx[cleandirs] = "${SPDXDEPLOY} ${SPDXWORK}"
+do_create_spdx[depends] += "${PATCHDEPENDENCY}"
+do_create_spdx[deptask] = "do_create_spdx"
+
+def collect_package_providers(d):
+    from pathlib import Path
+    import oe.sbom
+    import oe.spdx
+    import json
+
+    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+
+    providers = {}
+
+    taskdepdata = d.getVar("BB_TASKDEPDATA", False)
+    deps = sorted(set(
+        dep[0] for dep in taskdepdata.values() if dep[0] != d.getVar("PN")
+    ))
+    deps.append(d.getVar("PN"))
+
+    for dep_pn in deps:
+        recipe_data = oe.packagedata.read_pkgdata(dep_pn, d)
+
+        for pkg in recipe_data.get("PACKAGES", "").split():
+
+            pkg_data = oe.packagedata.read_subpkgdata_dict(pkg, d)
+            rprovides = set(n for n, _ in bb.utils.explode_dep_versions2(pkg_data.get("RPROVIDES", "")).items())
+            rprovides.add(pkg)
+
+            for r in rprovides:
+                providers[r] = pkg
+
+    return providers
+
+collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA"
+
+python do_create_runtime_spdx() {
+    from datetime import datetime, timezone
+    import oe.sbom
+    import oe.spdx
+    import oe.packagedata
+    from pathlib import Path
+
+    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+    spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY"))
+    is_native = bb.data.inherits_class("native", d) or bb.data.inherits_class("cross", d)
+
+    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+
+    providers = collect_package_providers(d)
+
+    if not is_native:
+        bb.build.exec_func("read_subpackage_metadata", d)
+
+        dep_package_cache = {}
+
+        pkgdest = Path(d.getVar("PKGDEST"))
+        for package in d.getVar("PACKAGES").split():
+            localdata = bb.data.createCopy(d)
+            pkg_name = d.getVar("PKG:%s" % package) or package
+            localdata.setVar("PKG", pkg_name)
+            localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package)
+
+            if not oe.packagedata.packaged(package, localdata):
+                continue
+
+            pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json")
+
+            package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+
+            for p in package_doc.packages:
+                if p.name == pkg_name:
+                    spdx_package = p
+                    break
+            else:
+                bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path))
+
+            runtime_doc = oe.spdx.SPDXDocument()
+            runtime_doc.name = "runtime-" + pkg_name
+            runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc)
+            runtime_doc.creationInfo.created = creation_time
+            runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
+            runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+            runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+            runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
+            runtime_doc.creationInfo.creators.append("Person: N/A ()")
+
+            package_ref = oe.spdx.SPDXExternalDocumentRef()
+            package_ref.externalDocumentId = "DocumentRef-package-" + package
+            package_ref.spdxDocument = package_doc.documentNamespace
+            package_ref.checksum.algorithm = "SHA1"
+            package_ref.checksum.checksumValue = package_doc_sha1
+
+            runtime_doc.externalDocumentRefs.append(package_ref)
+
+            runtime_doc.add_relationship(
+                runtime_doc.SPDXID,
+                "AMENDS",
+                "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID)
+            )
+
+            deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "")
+            seen_deps = set()
+            for dep, _ in deps.items():
+                if dep in seen_deps:
+                    continue
+
+                if dep not in providers:
+                    continue
+
+                dep = providers[dep]
+
+                if not oe.packagedata.packaged(dep, localdata):
+                    continue
+
+                dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d)
+                dep_pkg = dep_pkg_data["PKG"]
+
+                if dep in dep_package_cache:
+                    (dep_spdx_package, dep_package_ref) = dep_package_cache[dep]
+                else:
+                    dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg)
+
+                    spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path)
+
+                    for pkg in spdx_dep_doc.packages:
+                        if pkg.name == dep_pkg:
+                            dep_spdx_package = pkg
+                            break
+                    else:
+                        bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path))
+
+                    dep_package_ref = oe.spdx.SPDXExternalDocumentRef()
+                    dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name
+                    dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace
+                    dep_package_ref.checksum.algorithm = "SHA1"
+                    dep_package_ref.checksum.checksumValue = spdx_dep_sha1
+
+                    dep_package_cache[dep] = (dep_spdx_package, dep_package_ref)
+
+                runtime_doc.externalDocumentRefs.append(dep_package_ref)
+
+                runtime_doc.add_relationship(
+                    "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID),
+                    "RUNTIME_DEPENDENCY_OF",
+                    "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID)
+                )
+                seen_deps.add(dep)
+
+            oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy, indent=get_json_indent(d))
+}
+
+addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work
+SSTATETASKS += "do_create_runtime_spdx"
+do_create_runtime_spdx[sstate-inputdirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[sstate-outputdirs] = "${DEPLOY_DIR_SPDX}"
+
+python do_create_runtime_spdx_setscene () {
+    sstate_setscene(d)
+}
+addtask do_create_runtime_spdx_setscene
+
+do_create_runtime_spdx[dirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[cleandirs] = "${SPDXRUNTIMEDEPLOY}"
+do_create_runtime_spdx[rdeptask] = "do_create_spdx"
+
+def spdx_get_src(d):
+    """
+    save patched source of the recipe in SPDX_WORKDIR.
+    """
+    import shutil
+    spdx_workdir = d.getVar('SPDXWORK')
+    spdx_sysroot_native = d.getVar('STAGING_DIR_NATIVE')
+    pn = d.getVar('PN')
+
+    workdir = d.getVar("WORKDIR")
+
+    try:
+        # The kernel class functions require it to be on work-shared, so we dont change WORKDIR
+        if not is_work_shared_spdx(d):
+            # Change the WORKDIR to make do_unpack do_patch run in another dir.
+            d.setVar('WORKDIR', spdx_workdir)
+            # Restore the original path to recipe's native sysroot (it's relative to WORKDIR).
+            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
+
+            # The changed 'WORKDIR' also caused 'B' changed, create dir 'B' for the
+            # possibly requiring of the following tasks (such as some recipes's
+            # do_patch required 'B' existed).
+            bb.utils.mkdirhier(d.getVar('B'))
+
+            bb.build.exec_func('do_unpack', d)
+        # Copy source of kernel to spdx_workdir
+        if is_work_shared_spdx(d):
+            share_src = d.getVar('WORKDIR')
+            d.setVar('WORKDIR', spdx_workdir)
+            d.setVar('STAGING_DIR_NATIVE', spdx_sysroot_native)
+            src_dir = spdx_workdir + "/" + d.getVar('PN')+ "-" + d.getVar('PV') + "-" + d.getVar('PR')
+            bb.utils.mkdirhier(src_dir)
+            if bb.data.inherits_class('kernel',d):
+                share_src = d.getVar('STAGING_KERNEL_DIR')
+            cmd_copy_share = "cp -rf " + share_src + "/* " + src_dir + "/"
+            cmd_copy_shared_res = os.popen(cmd_copy_share).read()
+            bb.note("cmd_copy_shared_result = " + cmd_copy_shared_res)
+
+            git_path = src_dir + "/.git"
+            if os.path.exists(git_path):
+                shutils.rmtree(git_path)
+
+        # Make sure gcc and kernel sources are patched only once
+        if not (d.getVar('SRC_URI') == "" or is_work_shared_spdx(d)):
+            bb.build.exec_func('do_patch', d)
+
+        # Some userland has no source.
+        if not os.path.exists( spdx_workdir ):
+            bb.utils.mkdirhier(spdx_workdir)
+    finally:
+        d.setVar("WORKDIR", workdir)
+
+do_rootfs[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_rootfs[cleandirs] += "${SPDXIMAGEWORK}"
+
+ROOTFS_POSTUNINSTALL_COMMAND =+ "image_combine_spdx ; "
+
+do_populate_sdk[recrdeptask] += "do_create_spdx do_create_runtime_spdx"
+do_populate_sdk[cleandirs] += "${SPDXSDKWORK}"
+POPULATE_SDK_POST_HOST_COMMAND:append:task-populate-sdk = " sdk_host_combine_spdx; "
+POPULATE_SDK_POST_TARGET_COMMAND:append:task-populate-sdk = " sdk_target_combine_spdx; "
+
+python image_combine_spdx() {
+    import os
+    import oe.sbom
+    from pathlib import Path
+    from oe.rootfs import image_list_installed_packages
+
+    image_name = d.getVar("IMAGE_NAME")
+    image_link_name = d.getVar("IMAGE_LINK_NAME")
+    imgdeploydir = Path(d.getVar("IMGDEPLOYDIR"))
+    img_spdxid = oe.sbom.get_image_spdxid(image_name)
+    packages = image_list_installed_packages(d)
+
+    combine_spdx(d, image_name, imgdeploydir, img_spdxid, packages, Path(d.getVar("SPDXIMAGEWORK")))
+
+    def make_image_link(target_path, suffix):
+        if image_link_name:
+            link = imgdeploydir / (image_link_name + suffix)
+            if link != target_path:
+                link.symlink_to(os.path.relpath(target_path, link.parent))
+
+    spdx_tar_path = imgdeploydir / (image_name + ".spdx.tar.zst")
+    make_image_link(spdx_tar_path, ".spdx.tar.zst")
+}
+
+python sdk_host_combine_spdx() {
+    sdk_combine_spdx(d, "host")
+}
+
+python sdk_target_combine_spdx() {
+    sdk_combine_spdx(d, "target")
+}
+
+def sdk_combine_spdx(d, sdk_type):
+    import oe.sbom
+    from pathlib import Path
+    from oe.sdk import sdk_list_installed_packages
+
+    sdk_name = d.getVar("SDK_NAME") + "-" + sdk_type
+    sdk_deploydir = Path(d.getVar("SDKDEPLOYDIR"))
+    sdk_spdxid = oe.sbom.get_sdk_spdxid(sdk_name)
+    sdk_packages = sdk_list_installed_packages(d, sdk_type == "target")
+    combine_spdx(d, sdk_name, sdk_deploydir, sdk_spdxid, sdk_packages, Path(d.getVar('SPDXSDKWORK')))
+
+def combine_spdx(d, rootfs_name, rootfs_deploydir, rootfs_spdxid, packages, spdx_workdir):
+    import os
+    import oe.spdx
+    import oe.sbom
+    import io
+    import json
+    from datetime import timezone, datetime
+    from pathlib import Path
+    import tarfile
+    import bb.compress.zstd
+
+    creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ")
+    deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX"))
+    source_date_epoch = d.getVar("SOURCE_DATE_EPOCH")
+
+    doc = oe.spdx.SPDXDocument()
+    doc.name = rootfs_name
+    doc.documentNamespace = get_doc_namespace(d, doc)
+    doc.creationInfo.created = creation_time
+    doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
+    doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
+    doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
+    doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
+    doc.creationInfo.creators.append("Person: N/A ()")
+
+    image = oe.spdx.SPDXPackage()
+    image.name = d.getVar("PN")
+    image.versionInfo = d.getVar("PV")
+    image.SPDXID = rootfs_spdxid
+    image.supplier = d.getVar("SPDX_SUPPLIER")
+
+    doc.packages.append(image)
+
+    for name in sorted(packages.keys()):
+        pkg_spdx_path = deploy_dir_spdx / "packages" / (name + ".spdx.json")
+        pkg_doc, pkg_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path)
+
+        for p in pkg_doc.packages:
+            if p.name == name:
+                pkg_ref = oe.spdx.SPDXExternalDocumentRef()
+                pkg_ref.externalDocumentId = "DocumentRef-%s" % pkg_doc.name
+                pkg_ref.spdxDocument = pkg_doc.documentNamespace
+                pkg_ref.checksum.algorithm = "SHA1"
+                pkg_ref.checksum.checksumValue = pkg_doc_sha1
+
+                doc.externalDocumentRefs.append(pkg_ref)
+                doc.add_relationship(image, "CONTAINS", "%s:%s" % (pkg_ref.externalDocumentId, p.SPDXID))
+                break
+        else:
+            bb.fatal("Unable to find package with name '%s' in SPDX file %s" % (name, pkg_spdx_path))
+
+        runtime_spdx_path = deploy_dir_spdx / "runtime" / ("runtime-" + name + ".spdx.json")
+        runtime_doc, runtime_doc_sha1 = oe.sbom.read_doc(runtime_spdx_path)
+
+        runtime_ref = oe.spdx.SPDXExternalDocumentRef()
+        runtime_ref.externalDocumentId = "DocumentRef-%s" % runtime_doc.name
+        runtime_ref.spdxDocument = runtime_doc.documentNamespace
+        runtime_ref.checksum.algorithm = "SHA1"
+        runtime_ref.checksum.checksumValue = runtime_doc_sha1
+
+        # "OTHER" isn't ideal here, but I can't find a relationship that makes sense
+        doc.externalDocumentRefs.append(runtime_ref)
+        doc.add_relationship(
+            image,
+            "OTHER",
+            "%s:%s" % (runtime_ref.externalDocumentId, runtime_doc.SPDXID),
+            comment="Runtime dependencies for %s" % name
+        )
+
+    image_spdx_path = spdx_workdir / (rootfs_name + ".spdx.json")
+
+    with image_spdx_path.open("wb") as f:
+        doc.to_json(f, sort_keys=True, indent=get_json_indent(d))
+
+    num_threads = int(d.getVar("BB_NUMBER_THREADS"))
+
+    visited_docs = set()
+
+    index = {"documents": []}
+
+    spdx_tar_path = rootfs_deploydir / (rootfs_name + ".spdx.tar.zst")
+    with bb.compress.zstd.open(spdx_tar_path, "w", num_threads=num_threads) as f:
+        with tarfile.open(fileobj=f, mode="w|") as tar:
+            def collect_spdx_document(path):
+                nonlocal tar
+                nonlocal deploy_dir_spdx
+                nonlocal source_date_epoch
+                nonlocal index
+
+                if path in visited_docs:
+                    return
+
+                visited_docs.add(path)
+
+                with path.open("rb") as f:
+                    doc, sha1 = oe.sbom.read_doc(f)
+                    f.seek(0)
+
+                    if doc.documentNamespace in visited_docs:
+                        return
+
+                    bb.note("Adding SPDX document %s" % path)
+                    visited_docs.add(doc.documentNamespace)
+                    info = tar.gettarinfo(fileobj=f)
+
+                    info.name = doc.name + ".spdx.json"
+                    info.uid = 0
+                    info.gid = 0
+                    info.uname = "root"
+                    info.gname = "root"
+
+                    if source_date_epoch is not None and info.mtime > int(source_date_epoch):
+                        info.mtime = int(source_date_epoch)
+
+                    tar.addfile(info, f)
+
+                    index["documents"].append({
+                        "filename": info.name,
+                        "documentNamespace": doc.documentNamespace,
+                        "sha1": sha1,
+                    })
+
+                for ref in doc.externalDocumentRefs:
+                    ref_path = deploy_dir_spdx / "by-namespace" / ref.spdxDocument.replace("/", "_")
+                    collect_spdx_document(ref_path)
+
+            collect_spdx_document(image_spdx_path)
+
+            index["documents"].sort(key=lambda x: x["filename"])
+
+            index_str = io.BytesIO(json.dumps(
+                index,
+                sort_keys=True,
+                indent=get_json_indent(d),
+            ).encode("utf-8"))
+
+            info = tarfile.TarInfo()
+            info.name = "index.json"
+            info.size = len(index_str.getvalue())
+            info.uid = 0
+            info.gid = 0
+            info.uname = "root"
+            info.gname = "root"
+
+            tar.addfile(info, fileobj=index_str)
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
new file mode 100644
index 0000000000..19c6c0ff0b
--- /dev/null
+++ b/meta/classes/create-spdx.bbclass
@@ -0,0 +1,8 @@ 
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Include this class when you don't care what version of SPDX you get; it will
+# be updated to the latest stable version that is supported
+inherit create-spdx-2.2
diff --git a/meta/files/spdx-licenses.json b/meta/files/spdx-licenses.json
new file mode 100644
index 0000000000..ef926164ec
--- /dev/null
+++ b/meta/files/spdx-licenses.json
@@ -0,0 +1,5937 @@ 
+{
+  "licenseListVersion": "3.14",
+  "licenses": [
+    {
+      "reference": "https://spdx.org/licenses/GPL-1.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-1.0.json",
+      "referenceNumber": 0,
+      "name": "GNU General Public License v1.0 only",
+      "licenseId": "GPL-1.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/bzip2-1.0.6.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.6.json",
+      "referenceNumber": 1,
+      "name": "bzip2 and libbzip2 License v1.0.6",
+      "licenseId": "bzip2-1.0.6",
+      "seeAlso": [
+        "https://sourceware.org/git/?p\u003dbzip2.git;a\u003dblob;f\u003dLICENSE;hb\u003dbzip2-1.0.6",
+        "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Intel-ACPI.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Intel-ACPI.json",
+      "referenceNumber": 2,
+      "name": "Intel ACPI Software License Agreement",
+      "licenseId": "Intel-ACPI",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Intel_ACPI_Software_License_Agreement"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/XSkat.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/XSkat.json",
+      "referenceNumber": 3,
+      "name": "XSkat License",
+      "licenseId": "XSkat",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/XSkat_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0.json",
+      "referenceNumber": 4,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 Generic",
+      "licenseId": "CC-BY-NC-SA-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Plexus.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Plexus.json",
+      "referenceNumber": 5,
+      "name": "Plexus Classworlds License",
+      "licenseId": "Plexus",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Plexus_Classworlds_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Giftware.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Giftware.json",
+      "referenceNumber": 6,
+      "name": "Giftware License",
+      "licenseId": "Giftware",
+      "seeAlso": [
+        "http://liballeg.org/license.html#allegro-4-the-giftware-license"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BitTorrent-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.0.json",
+      "referenceNumber": 7,
+      "name": "BitTorrent Open Source License v1.0",
+      "licenseId": "BitTorrent-1.0",
+      "seeAlso": [
+        "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/BitTorrent?r1\u003d1.1\u0026r2\u003d1.1.1.1\u0026diff_format\u003ds"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/APSL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APSL-1.1.json",
+      "referenceNumber": 8,
+      "name": "Apple Public Source License 1.1",
+      "licenseId": "APSL-1.1",
+      "seeAlso": [
+        "http://www.opensource.apple.com/source/IOSerialFamily/IOSerialFamily-7/APPLE_LICENSE"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-GCC-exception.json",
+      "referenceNumber": 9,
+      "name": "GNU General Public License v2.0 w/GCC Runtime Library exception",
+      "licenseId": "GPL-2.0-with-GCC-exception",
+      "seeAlso": [
+        "https://gcc.gnu.org/git/?p\u003dgcc.git;a\u003dblob;f\u003dgcc/libgcc1.c;h\u003d762f5143fc6eed57b6797c82710f3538aa52b40b;hb\u003dcb143a3ce4fb417c68f5fa2691a1b1b1053dfba9#l10"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/UPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/UPL-1.0.json",
+      "referenceNumber": 10,
+      "name": "Universal Permissive License v1.0",
+      "licenseId": "UPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/UPL"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/wxWindows.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/wxWindows.json",
+      "referenceNumber": 11,
+      "name": "wxWindows Library License",
+      "licenseId": "wxWindows",
+      "seeAlso": [
+        "https://opensource.org/licenses/WXwindows"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Caldera.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Caldera.json",
+      "referenceNumber": 12,
+      "name": "Caldera License",
+      "licenseId": "Caldera",
+      "seeAlso": [
+        "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Zend-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Zend-2.0.json",
+      "referenceNumber": 13,
+      "name": "Zend License v2.0",
+      "licenseId": "Zend-2.0",
+      "seeAlso": [
+        "https://web.archive.org/web/20130517195954/http://www.zend.com/license/2_00.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CUA-OPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CUA-OPL-1.0.json",
+      "referenceNumber": 14,
+      "name": "CUA Office Public License v1.0",
+      "licenseId": "CUA-OPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/CUA-OPL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/JPNIC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/JPNIC.json",
+      "referenceNumber": 15,
+      "name": "Japan Network Information Center License",
+      "licenseId": "JPNIC",
+      "seeAlso": [
+        "https://gitlab.isc.org/isc-projects/bind9/blob/master/COPYRIGHT#L366"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SAX-PD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SAX-PD.json",
+      "referenceNumber": 16,
+      "name": "Sax Public Domain Notice",
+      "licenseId": "SAX-PD",
+      "seeAlso": [
+        "http://www.saxproject.org/copying.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.5.json",
+      "referenceNumber": 17,
+      "name": "Creative Commons Attribution No Derivatives 2.5 Generic",
+      "licenseId": "CC-BY-ND-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/eGenix.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/eGenix.json",
+      "referenceNumber": 18,
+      "name": "eGenix.com Public License 1.1.0",
+      "licenseId": "eGenix",
+      "seeAlso": [
+        "http://www.egenix.com/products/eGenix.com-Public-License-1.1.0.pdf",
+        "https://fedoraproject.org/wiki/Licensing/eGenix.com_Public_License_1.1.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPLLR.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPLLR.json",
+      "referenceNumber": 19,
+      "name": "Lesser General Public License For Linguistic Resources",
+      "licenseId": "LGPLLR",
+      "seeAlso": [
+        "http://www-igm.univ-mlv.fr/~unitex/lgpllr.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.2.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.2.json",
+      "referenceNumber": 20,
+      "name": "Open LDAP Public License 2.2.2",
+      "licenseId": "OLDAP-2.2.2",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003ddf2cc1e21eb7c160695f5b7cffd6296c151ba188"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0-DE.json",
+      "referenceNumber": 21,
+      "name": "Creative Commons Attribution No Derivatives 3.0 Germany",
+      "licenseId": "CC-BY-ND-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/IPA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/IPA.json",
+      "referenceNumber": 22,
+      "name": "IPA Font License",
+      "licenseId": "IPA",
+      "seeAlso": [
+        "https://opensource.org/licenses/IPA"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NCSA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NCSA.json",
+      "referenceNumber": 23,
+      "name": "University of Illinois/NCSA Open Source License",
+      "licenseId": "NCSA",
+      "seeAlso": [
+        "http://otm.illinois.edu/uiuc_openSource",
+        "https://opensource.org/licenses/NCSA"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/W3C.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/W3C.json",
+      "referenceNumber": 24,
+      "name": "W3C Software Notice and License (2002-12-31)",
+      "licenseId": "W3C",
+      "seeAlso": [
+        "http://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.html",
+        "https://opensource.org/licenses/W3C"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Adobe-2006.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Adobe-2006.json",
+      "referenceNumber": 25,
+      "name": "Adobe Systems Incorporated Source Code License Agreement",
+      "licenseId": "Adobe-2006",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/AdobeLicense"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Net-SNMP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Net-SNMP.json",
+      "referenceNumber": 26,
+      "name": "Net-SNMP License",
+      "licenseId": "Net-SNMP",
+      "seeAlso": [
+        "http://net-snmp.sourceforge.net/about/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-4.0.json",
+      "referenceNumber": 27,
+      "name": "Creative Commons Attribution Share Alike 4.0 International",
+      "licenseId": "CC-BY-SA-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/4.0/legalcode"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/YPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/YPL-1.0.json",
+      "referenceNumber": 28,
+      "name": "Yahoo! Public License v1.0",
+      "licenseId": "YPL-1.0",
+      "seeAlso": [
+        "http://www.zimbra.com/license/yahoo_public_license_1.0.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Nunit.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/Nunit.json",
+      "referenceNumber": 29,
+      "name": "Nunit License",
+      "licenseId": "Nunit",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Nunit"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MITNFA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MITNFA.json",
+      "referenceNumber": 30,
+      "name": "MIT +no-false-attribs license",
+      "licenseId": "MITNFA",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MITNFA"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/PHP-3.01.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PHP-3.01.json",
+      "referenceNumber": 31,
+      "name": "PHP License v3.01",
+      "licenseId": "PHP-3.01",
+      "seeAlso": [
+        "http://www.php.net/license/3_01.txt"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-Source-Code.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-Source-Code.json",
+      "referenceNumber": 32,
+      "name": "BSD Source Code Attribution",
+      "licenseId": "BSD-Source-Code",
+      "seeAlso": [
+        "https://github.com/robbiehanson/CocoaHTTPServer/blob/master/LICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.5.json",
+      "referenceNumber": 33,
+      "name": "Creative Commons Attribution Share Alike 2.5 Generic",
+      "licenseId": "CC-BY-SA-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Motosoto.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Motosoto.json",
+      "referenceNumber": 34,
+      "name": "Motosoto License",
+      "licenseId": "Motosoto",
+      "seeAlso": [
+        "https://opensource.org/licenses/Motosoto"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSL-1.1.json",
+      "referenceNumber": 35,
+      "name": "Open Software License 1.1",
+      "licenseId": "OSL-1.1",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/OSL1.1"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NGPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NGPL.json",
+      "referenceNumber": 36,
+      "name": "Nethack General Public License",
+      "licenseId": "NGPL",
+      "seeAlso": [
+        "https://opensource.org/licenses/NGPL"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-2.5-AU.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5-AU.json",
+      "referenceNumber": 37,
+      "name": "Creative Commons Attribution 2.5 Australia",
+      "licenseId": "CC-BY-2.5-AU",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/2.5/au/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Unicode-TOU.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Unicode-TOU.json",
+      "referenceNumber": 38,
+      "name": "Unicode Terms of Use",
+      "licenseId": "Unicode-TOU",
+      "seeAlso": [
+        "http://www.unicode.org/copyright.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License.json",
+      "referenceNumber": 39,
+      "name": "BSD 3-Clause No Nuclear License",
+      "licenseId": "BSD-3-Clause-No-Nuclear-License",
+      "seeAlso": [
+        "http://download.oracle.com/otn-pub/java/licenses/bsd.txt?AuthParam\u003d1467140197_43d516ce1776bd08a58235a7785be1cc"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OPUBL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OPUBL-1.0.json",
+      "referenceNumber": 40,
+      "name": "Open Publication License v1.0",
+      "licenseId": "OPUBL-1.0",
+      "seeAlso": [
+        "http://opencontent.org/openpub/",
+        "https://www.debian.org/opl",
+        "https://www.ctan.org/license/opl"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-UK.json",
+      "referenceNumber": 41,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 2.0 England and Wales",
+      "licenseId": "CC-BY-NC-SA-2.0-UK",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/2.0/uk/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NLOD-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NLOD-2.0.json",
+      "referenceNumber": 42,
+      "name": "Norwegian Licence for Open Government Data (NLOD) 2.0",
+      "licenseId": "NLOD-2.0",
+      "seeAlso": [
+        "http://data.norge.no/nlod/en/2.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/gnuplot.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/gnuplot.json",
+      "referenceNumber": 43,
+      "name": "gnuplot License",
+      "licenseId": "gnuplot",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Gnuplot"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/EPICS.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EPICS.json",
+      "referenceNumber": 44,
+      "name": "EPICS Open License",
+      "licenseId": "EPICS",
+      "seeAlso": [
+        "https://epics.anl.gov/license/open.php"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Info-ZIP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Info-ZIP.json",
+      "referenceNumber": 45,
+      "name": "Info-ZIP License",
+      "licenseId": "Info-ZIP",
+      "seeAlso": [
+        "http://www.info-zip.org/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.json",
+      "referenceNumber": 46,
+      "name": "Open LDAP Public License v2.0 (or possibly 2.0A and 2.0B)",
+      "licenseId": "OLDAP-2.0",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcbf50f4e1185a21abd4c0a54d3f4341fe28f36ea"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CERN-OHL-P-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-P-2.0.json",
+      "referenceNumber": 47,
+      "name": "CERN Open Hardware Licence Version 2 - Permissive",
+      "licenseId": "CERN-OHL-P-2.0",
+      "seeAlso": [
+        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-Warranty.json",
+      "referenceNumber": 48,
+      "name": "BSD 3-Clause No Nuclear Warranty",
+      "licenseId": "BSD-3-Clause-No-Nuclear-Warranty",
+      "seeAlso": [
+        "https://jogamp.org/git/?p\u003dgluegen.git;a\u003dblob_plain;f\u003dLICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AML.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AML.json",
+      "referenceNumber": 49,
+      "name": "Apple MIT License",
+      "licenseId": "AML",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Apple_MIT_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MulanPSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MulanPSL-1.0.json",
+      "referenceNumber": 50,
+      "name": "Mulan Permissive Software License, Version 1",
+      "licenseId": "MulanPSL-1.0",
+      "seeAlso": [
+        "https://license.coscl.org.cn/MulanPSL/",
+        "https://github.com/yuwenlong/longphp/blob/25dfb70cc2a466dc4bb55ba30901cbce08d164b5/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Multics.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Multics.json",
+      "referenceNumber": 51,
+      "name": "Multics License",
+      "licenseId": "Multics",
+      "seeAlso": [
+        "https://opensource.org/licenses/Multics"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/VSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/VSL-1.0.json",
+      "referenceNumber": 52,
+      "name": "Vovida Software License v1.0",
+      "licenseId": "VSL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/VSL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/RSA-MD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RSA-MD.json",
+      "referenceNumber": 53,
+      "name": "RSA Message-Digest License",
+      "licenseId": "RSA-MD",
+      "seeAlso": [
+        "http://www.faqs.org/rfcs/rfc1321.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-PDDC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-PDDC.json",
+      "referenceNumber": 54,
+      "name": "Creative Commons Public Domain Dedication and Certification",
+      "licenseId": "CC-PDDC",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/publicdomain/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.1-JP.json",
+      "referenceNumber": 55,
+      "name": "Creative Commons Attribution Share Alike 2.1 Japan",
+      "licenseId": "CC-BY-SA-2.1-JP",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/2.1/jp/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPPL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPPL-1.2.json",
+      "referenceNumber": 56,
+      "name": "LaTeX Project Public License v1.2",
+      "licenseId": "LPPL-1.2",
+      "seeAlso": [
+        "http://www.latex-project.org/lppl/lppl-1-2.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Spencer-94.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Spencer-94.json",
+      "referenceNumber": 57,
+      "name": "Spencer License 94",
+      "licenseId": "Spencer-94",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.2.json",
+      "referenceNumber": 58,
+      "name": "Open LDAP Public License v1.2",
+      "licenseId": "OLDAP-1.2",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d42b0383c50c299977b5893ee695cf4e486fb0dc7"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/O-UDA-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/O-UDA-1.0.json",
+      "referenceNumber": 59,
+      "name": "Open Use of Data Agreement v1.0",
+      "licenseId": "O-UDA-1.0",
+      "seeAlso": [
+        "https://github.com/microsoft/Open-Use-of-Data-Agreement/blob/v1.0/O-UDA-1.0.md",
+        "https://cdla.dev/open-use-of-data-agreement-v1-0/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.7.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.7.json",
+      "referenceNumber": 60,
+      "name": "Open LDAP Public License v2.7",
+      "licenseId": "OLDAP-2.7",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d47c2415c1df81556eeb39be6cad458ef87c534a2"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Glulxe.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Glulxe.json",
+      "referenceNumber": 61,
+      "name": "Glulxe License",
+      "licenseId": "Glulxe",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Glulxe"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/iMatix.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/iMatix.json",
+      "referenceNumber": 62,
+      "name": "iMatix Standard Function Library Agreement",
+      "licenseId": "iMatix",
+      "seeAlso": [
+        "http://legacy.imatix.com/html/sfl/sfl4.htm#license"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/TAPR-OHL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TAPR-OHL-1.0.json",
+      "referenceNumber": 63,
+      "name": "TAPR Open Hardware License v1.0",
+      "licenseId": "TAPR-OHL-1.0",
+      "seeAlso": [
+        "https://www.tapr.org/OHL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NBPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NBPL-1.0.json",
+      "referenceNumber": 64,
+      "name": "Net Boolean Public License v1",
+      "licenseId": "NBPL-1.0",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d37b4b3f6cc4bf34e1d3dec61e69914b9819d8894"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LiLiQ-R-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LiLiQ-R-1.1.json",
+      "referenceNumber": 65,
+      "name": "Licence Libre du Québec – Réciprocité version 1.1",
+      "licenseId": "LiLiQ-R-1.1",
+      "seeAlso": [
+        "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-liliq-r-v1-1/",
+        "http://opensource.org/licenses/LiLiQ-R-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Noweb.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Noweb.json",
+      "referenceNumber": 66,
+      "name": "Noweb License",
+      "licenseId": "Noweb",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Noweb"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC0-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC0-1.0.json",
+      "referenceNumber": 67,
+      "name": "Creative Commons Zero v1.0 Universal",
+      "licenseId": "CC0-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-Protection.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-Protection.json",
+      "referenceNumber": 68,
+      "name": "BSD Protection License",
+      "licenseId": "BSD-Protection",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/BSD_Protection_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.5.json",
+      "referenceNumber": 69,
+      "name": "Creative Commons Attribution Non Commercial 2.5 Generic",
+      "licenseId": "CC-BY-NC-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Zlib.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Zlib.json",
+      "referenceNumber": 70,
+      "name": "zlib License",
+      "licenseId": "Zlib",
+      "seeAlso": [
+        "http://www.zlib.net/zlib_license.html",
+        "https://opensource.org/licenses/Zlib"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-or-later.json",
+      "referenceNumber": 71,
+      "name": "GNU Free Documentation License v1.3 or later - invariants",
+      "licenseId": "GFDL-1.3-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-3.0-AT.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-AT.json",
+      "referenceNumber": 72,
+      "name": "Creative Commons Attribution 3.0 Austria",
+      "licenseId": "CC-BY-3.0-AT",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/3.0/at/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPPL-1.3c.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPPL-1.3c.json",
+      "referenceNumber": 73,
+      "name": "LaTeX Project Public License v1.3c",
+      "licenseId": "LPPL-1.3c",
+      "seeAlso": [
+        "http://www.latex-project.org/lppl/lppl-1-3c.txt",
+        "https://opensource.org/licenses/LPPL-1.3c"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/EPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EPL-1.0.json",
+      "referenceNumber": 74,
+      "name": "Eclipse Public License 1.0",
+      "licenseId": "EPL-1.0",
+      "seeAlso": [
+        "http://www.eclipse.org/legal/epl-v10.html",
+        "https://opensource.org/licenses/EPL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-or-later.json",
+      "referenceNumber": 75,
+      "name": "GNU Free Documentation License v1.1 or later - invariants",
+      "licenseId": "GFDL-1.1-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ANTLR-PD-fallback.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ANTLR-PD-fallback.json",
+      "referenceNumber": 76,
+      "name": "ANTLR Software Rights Notice with license fallback",
+      "licenseId": "ANTLR-PD-fallback",
+      "seeAlso": [
+        "http://www.antlr2.org/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.4.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.4.json",
+      "referenceNumber": 77,
+      "name": "Open LDAP Public License v2.4",
+      "licenseId": "OLDAP-2.4",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dcd1284c4a91a8a380d904eee68d1583f989ed386"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.3.json",
+      "referenceNumber": 78,
+      "name": "Open LDAP Public License v2.3",
+      "licenseId": "OLDAP-2.3",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dd32cf54a32d581ab475d23c810b0a7fbaf8d63c3"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ZPL-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ZPL-2.1.json",
+      "referenceNumber": 79,
+      "name": "Zope Public License 2.1",
+      "licenseId": "ZPL-2.1",
+      "seeAlso": [
+        "http://old.zope.org/Resources/ZPL/"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Apache-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Apache-2.0.json",
+      "referenceNumber": 80,
+      "name": "Apache License 2.0",
+      "licenseId": "Apache-2.0",
+      "seeAlso": [
+        "https://www.apache.org/licenses/LICENSE-2.0",
+        "https://opensource.org/licenses/Apache-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SGI-B-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SGI-B-2.0.json",
+      "referenceNumber": 81,
+      "name": "SGI Free Software License B v2.0",
+      "licenseId": "SGI-B-2.0",
+      "seeAlso": [
+        "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.2.0.pdf"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Hippocratic-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Hippocratic-2.1.json",
+      "referenceNumber": 82,
+      "name": "Hippocratic License 2.1",
+      "licenseId": "Hippocratic-2.1",
+      "seeAlso": [
+        "https://firstdonoharm.dev/version/2/1/license.html",
+        "https://github.com/EthicalSource/hippocratic-license/blob/58c0e646d64ff6fbee275bfe2b9492f914e3ab2a/LICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-DE.json",
+      "referenceNumber": 83,
+      "name": "Creative Commons Attribution Share Alike 3.0 Germany",
+      "licenseId": "CC-BY-SA-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-1.0.json",
+      "referenceNumber": 84,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 1.0 Generic",
+      "licenseId": "CC-BY-NC-SA-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.1-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-or-later.json",
+      "referenceNumber": 85,
+      "name": "GNU Lesser General Public License v2.1 or later",
+      "licenseId": "LGPL-2.1-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+        "https://opensource.org/licenses/LGPL-2.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-3.0-US.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-US.json",
+      "referenceNumber": 86,
+      "name": "Creative Commons Attribution 3.0 United States",
+      "licenseId": "CC-BY-3.0-US",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/3.0/us/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/TCP-wrappers.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TCP-wrappers.json",
+      "referenceNumber": 87,
+      "name": "TCP Wrappers License",
+      "licenseId": "TCP-wrappers",
+      "seeAlso": [
+        "http://rc.quest.com/topics/openssh/license.php#tcpwrappers"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-or-later.json",
+      "referenceNumber": 88,
+      "name": "GNU Free Documentation License v1.2 or later - invariants",
+      "licenseId": "GFDL-1.2-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Eurosym.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Eurosym.json",
+      "referenceNumber": 89,
+      "name": "Eurosym License",
+      "licenseId": "Eurosym",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Eurosym"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1.json",
+      "referenceNumber": 90,
+      "name": "GNU Free Documentation License v1.1",
+      "licenseId": "GFDL-1.1",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPPL-1.0.json",
+      "referenceNumber": 91,
+      "name": "LaTeX Project Public License v1.0",
+      "licenseId": "LPPL-1.0",
+      "seeAlso": [
+        "http://www.latex-project.org/lppl/lppl-1-0.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.0+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0+.json",
+      "referenceNumber": 92,
+      "name": "GNU Library General Public License v2 or later",
+      "licenseId": "LGPL-2.0+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SGI-B-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SGI-B-1.0.json",
+      "referenceNumber": 93,
+      "name": "SGI Free Software License B v1.0",
+      "licenseId": "SGI-B-1.0",
+      "seeAlso": [
+        "http://oss.sgi.com/projects/FreeB/SGIFreeSWLicB.1.0.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/APL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APL-1.0.json",
+      "referenceNumber": 94,
+      "name": "Adaptive Public License 1.0",
+      "licenseId": "APL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/APL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/libtiff.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/libtiff.json",
+      "referenceNumber": 95,
+      "name": "libtiff License",
+      "licenseId": "libtiff",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/libtiff"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AFL-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AFL-2.1.json",
+      "referenceNumber": 96,
+      "name": "Academic Free License v2.1",
+      "licenseId": "AFL-2.1",
+      "seeAlso": [
+        "http://opensource.linux-mirror.org/licenses/afl-2.1.txt"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-1.0.json",
+      "referenceNumber": 97,
+      "name": "Creative Commons Attribution Non Commercial 1.0 Generic",
+      "licenseId": "CC-BY-NC-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GD.json",
+      "referenceNumber": 98,
+      "name": "GD License",
+      "licenseId": "GD",
+      "seeAlso": [
+        "https://libgd.github.io/manuals/2.3.0/files/license-txt.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AFL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AFL-1.1.json",
+      "referenceNumber": 99,
+      "name": "Academic Free License v1.1",
+      "licenseId": "AFL-1.1",
+      "seeAlso": [
+        "http://opensource.linux-mirror.org/licenses/afl-1.1.txt",
+        "http://wayback.archive.org/web/20021004124254/http://www.opensource.org/licenses/academic.php"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-IGO.json",
+      "referenceNumber": 100,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 IGO",
+      "licenseId": "CC-BY-NC-ND-3.0-IGO",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/3.0/igo/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Unicode-DFS-2015.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2015.json",
+      "referenceNumber": 101,
+      "name": "Unicode License Agreement - Data Files and Software (2015)",
+      "licenseId": "Unicode-DFS-2015",
+      "seeAlso": [
+        "https://web.archive.org/web/20151224134844/http://unicode.org/copyright.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-only.json",
+      "referenceNumber": 102,
+      "name": "GNU Free Documentation License v1.2 only",
+      "licenseId": "GFDL-1.2-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MPL-1.1.json",
+      "referenceNumber": 103,
+      "name": "Mozilla Public License 1.1",
+      "licenseId": "MPL-1.1",
+      "seeAlso": [
+        "http://www.mozilla.org/MPL/MPL-1.1.html",
+        "https://opensource.org/licenses/MPL-1.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-only.json",
+      "referenceNumber": 104,
+      "name": "GNU General Public License v2.0 only",
+      "licenseId": "GPL-2.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+        "https://opensource.org/licenses/GPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-4.0.json",
+      "referenceNumber": 105,
+      "name": "Creative Commons Attribution Non Commercial 4.0 International",
+      "licenseId": "CC-BY-NC-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/4.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/FreeImage.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FreeImage.json",
+      "referenceNumber": 106,
+      "name": "FreeImage Public License v1.0",
+      "licenseId": "FreeImage",
+      "seeAlso": [
+        "http://freeimage.sourceforge.net/freeimage-license.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SHL-0.51.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SHL-0.51.json",
+      "referenceNumber": 107,
+      "name": "Solderpad Hardware License, Version 0.51",
+      "licenseId": "SHL-0.51",
+      "seeAlso": [
+        "https://solderpad.org/licenses/SHL-0.51/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CNRI-Jython.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CNRI-Jython.json",
+      "referenceNumber": 108,
+      "name": "CNRI Jython License",
+      "licenseId": "CNRI-Jython",
+      "seeAlso": [
+        "http://www.jython.org/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ZPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ZPL-1.1.json",
+      "referenceNumber": 109,
+      "name": "Zope Public License 1.1",
+      "licenseId": "ZPL-1.1",
+      "seeAlso": [
+        "http://old.zope.org/Resources/License/ZPL-1.1"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Afmparse.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Afmparse.json",
+      "referenceNumber": 110,
+      "name": "Afmparse License",
+      "licenseId": "Afmparse",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Afmparse"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.1.json",
+      "referenceNumber": 111,
+      "name": "Open LDAP Public License v2.1",
+      "licenseId": "OLDAP-2.1",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db0d176738e96a0d3b9f85cb51e140a86f21be715"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Rdisc.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Rdisc.json",
+      "referenceNumber": 112,
+      "name": "Rdisc License",
+      "licenseId": "Rdisc",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Rdisc_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Imlib2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Imlib2.json",
+      "referenceNumber": 113,
+      "name": "Imlib2 License",
+      "licenseId": "Imlib2",
+      "seeAlso": [
+        "http://trac.enlightenment.org/e/browser/trunk/imlib2/COPYING",
+        "https://git.enlightenment.org/legacy/imlib2.git/tree/COPYING"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-4-Clause-Shortened.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-Shortened.json",
+      "referenceNumber": 114,
+      "name": "BSD 4 Clause Shortened",
+      "licenseId": "BSD-4-Clause-Shortened",
+      "seeAlso": [
+        "https://metadata.ftp-master.debian.org/changelogs//main/a/arpwatch/arpwatch_2.1a15-7_copyright"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Sendmail.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Sendmail.json",
+      "referenceNumber": 115,
+      "name": "Sendmail License",
+      "licenseId": "Sendmail",
+      "seeAlso": [
+        "http://www.sendmail.com/pdfs/open_source/sendmail_license.pdf",
+        "https://web.archive.org/web/20160322142305/https://www.sendmail.com/pdfs/open_source/sendmail_license.pdf"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.5.json",
+      "referenceNumber": 116,
+      "name": "Creative Commons Attribution 2.5 Generic",
+      "licenseId": "CC-BY-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AAL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AAL.json",
+      "referenceNumber": 117,
+      "name": "Attribution Assurance License",
+      "licenseId": "AAL",
+      "seeAlso": [
+        "https://opensource.org/licenses/attribution"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MPL-2.0-no-copyleft-exception.json",
+      "referenceNumber": 118,
+      "name": "Mozilla Public License 2.0 (no copyleft exception)",
+      "licenseId": "MPL-2.0-no-copyleft-exception",
+      "seeAlso": [
+        "http://www.mozilla.org/MPL/2.0/",
+        "https://opensource.org/licenses/MPL-2.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.5.json",
+      "referenceNumber": 119,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 2.5 Generic",
+      "licenseId": "CC-BY-NC-ND-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-3.0-NL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-NL.json",
+      "referenceNumber": 120,
+      "name": "Creative Commons Attribution 3.0 Netherlands",
+      "licenseId": "CC-BY-3.0-NL",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/3.0/nl/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPL-1.02.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPL-1.02.json",
+      "referenceNumber": 121,
+      "name": "Lucent Public License v1.02",
+      "licenseId": "LPL-1.02",
+      "seeAlso": [
+        "http://plan9.bell-labs.com/plan9/license.html",
+        "https://opensource.org/licenses/LPL-1.02"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ECL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ECL-1.0.json",
+      "referenceNumber": 122,
+      "name": "Educational Community License v1.0",
+      "licenseId": "ECL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/ECL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.0-no-RFN.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.0-no-RFN.json",
+      "referenceNumber": 123,
+      "name": "SIL Open Font License 1.0 with no Reserved Font Name",
+      "licenseId": "OFL-1.0-no-RFN",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-DE.json",
+      "referenceNumber": 124,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Germany",
+      "licenseId": "CC-BY-NC-SA-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0.json",
+      "referenceNumber": 125,
+      "name": "Creative Commons Attribution Share Alike 3.0 Unported",
+      "licenseId": "CC-BY-SA-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NTP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NTP.json",
+      "referenceNumber": 126,
+      "name": "NTP License",
+      "licenseId": "NTP",
+      "seeAlso": [
+        "https://opensource.org/licenses/NTP"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MPL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MPL-2.0.json",
+      "referenceNumber": 127,
+      "name": "Mozilla Public License 2.0",
+      "licenseId": "MPL-2.0",
+      "seeAlso": [
+        "https://www.mozilla.org/MPL/2.0/",
+        "https://opensource.org/licenses/MPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/APSL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APSL-1.2.json",
+      "referenceNumber": 128,
+      "name": "Apple Public Source License 1.2",
+      "licenseId": "APSL-1.2",
+      "seeAlso": [
+        "http://www.samurajdata.se/opensource/mirror/licenses/apsl.php"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-only.json",
+      "referenceNumber": 129,
+      "name": "GNU Free Documentation License v1.2 only - no invariants",
+      "licenseId": "GFDL-1.2-no-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Artistic-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Artistic-2.0.json",
+      "referenceNumber": 130,
+      "name": "Artistic License 2.0",
+      "licenseId": "Artistic-2.0",
+      "seeAlso": [
+        "http://www.perlfoundation.org/artistic_license_2_0",
+        "https://www.perlfoundation.org/artistic-license-20.html",
+        "https://opensource.org/licenses/artistic-license-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0.json",
+      "referenceNumber": 131,
+      "name": "GNU General Public License v2.0 only",
+      "licenseId": "GPL-2.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+        "https://opensource.org/licenses/GPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/RSCPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RSCPL.json",
+      "referenceNumber": 132,
+      "name": "Ricoh Source Code Public License",
+      "licenseId": "RSCPL",
+      "seeAlso": [
+        "http://wayback.archive.org/web/20060715140826/http://www.risource.org/RPL/RPL-1.0A.shtml",
+        "https://opensource.org/licenses/RSCPL"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Sleepycat.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Sleepycat.json",
+      "referenceNumber": 133,
+      "name": "Sleepycat License",
+      "licenseId": "Sleepycat",
+      "seeAlso": [
+        "https://opensource.org/licenses/Sleepycat"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/xpp.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/xpp.json",
+      "referenceNumber": 134,
+      "name": "XPP License",
+      "licenseId": "xpp",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/xpp"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDLA-Sharing-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDLA-Sharing-1.0.json",
+      "referenceNumber": 135,
+      "name": "Community Data License Agreement Sharing 1.0",
+      "licenseId": "CDLA-Sharing-1.0",
+      "seeAlso": [
+        "https://cdla.io/sharing-1-0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ClArtistic.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ClArtistic.json",
+      "referenceNumber": 136,
+      "name": "Clarified Artistic License",
+      "licenseId": "ClArtistic",
+      "seeAlso": [
+        "http://gianluca.dellavedova.org/2011/01/03/clarified-artistic-license/",
+        "http://www.ncftp.com/ncftp/doc/LICENSE.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-1.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-only.json",
+      "referenceNumber": 137,
+      "name": "Affero General Public License v1.0 only",
+      "licenseId": "AGPL-1.0-only",
+      "seeAlso": [
+        "http://www.affero.org/oagpl.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0-DE.json",
+      "referenceNumber": 138,
+      "name": "Creative Commons Attribution 3.0 Germany",
+      "licenseId": "CC-BY-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AFL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AFL-2.0.json",
+      "referenceNumber": 139,
+      "name": "Academic Free License v2.0",
+      "licenseId": "AFL-2.0",
+      "seeAlso": [
+        "http://wayback.archive.org/web/20060924134533/http://www.opensource.org/licenses/afl-2.0.txt"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Intel.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Intel.json",
+      "referenceNumber": 140,
+      "name": "Intel Open Source License",
+      "licenseId": "Intel",
+      "seeAlso": [
+        "https://opensource.org/licenses/Intel"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-or-later.json",
+      "referenceNumber": 141,
+      "name": "GNU Free Documentation License v1.1 or later - no invariants",
+      "licenseId": "GFDL-1.1-no-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/APAFML.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APAFML.json",
+      "referenceNumber": 142,
+      "name": "Adobe Postscript AFM License",
+      "licenseId": "APAFML",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/AdobePostscriptAFM"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2.json",
+      "referenceNumber": 143,
+      "name": "GNU Free Documentation License v1.2",
+      "licenseId": "GFDL-1.2",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SISSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SISSL.json",
+      "referenceNumber": 144,
+      "name": "Sun Industry Standards Source License v1.1",
+      "licenseId": "SISSL",
+      "seeAlso": [
+        "http://www.openoffice.org/licenses/sissl_license.html",
+        "https://opensource.org/licenses/SISSL"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Naumen.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Naumen.json",
+      "referenceNumber": 145,
+      "name": "Naumen Public License",
+      "licenseId": "Naumen",
+      "seeAlso": [
+        "https://opensource.org/licenses/Naumen"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/HTMLTIDY.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/HTMLTIDY.json",
+      "referenceNumber": 146,
+      "name": "HTML Tidy License",
+      "licenseId": "HTMLTIDY",
+      "seeAlso": [
+        "https://github.com/htacg/tidy-html5/blob/next/README/LICENSE.md"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.8.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.8.json",
+      "referenceNumber": 147,
+      "name": "Open LDAP Public License v2.8",
+      "licenseId": "OLDAP-2.8",
+      "seeAlso": [
+        "http://www.openldap.org/software/release/license.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/blessing.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/blessing.json",
+      "referenceNumber": 148,
+      "name": "SQLite Blessing",
+      "licenseId": "blessing",
+      "seeAlso": [
+        "https://www.sqlite.org/src/artifact/e33a4df7e32d742a?ln\u003d4-9",
+        "https://sqlite.org/src/artifact/df5091916dbb40e6"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-2.0.json",
+      "referenceNumber": 149,
+      "name": "Creative Commons Attribution No Derivatives 2.0 Generic",
+      "licenseId": "CC-BY-ND-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGTSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGTSL.json",
+      "referenceNumber": 150,
+      "name": "Open Group Test Suite License",
+      "licenseId": "OGTSL",
+      "seeAlso": [
+        "http://www.opengroup.org/testing/downloads/The_Open_Group_TSL.txt",
+        "https://opensource.org/licenses/OGTSL"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-or-later.json",
+      "referenceNumber": 151,
+      "name": "GNU Library General Public License v2 or later",
+      "licenseId": "LGPL-2.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Parity-7.0.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Parity-7.0.0.json",
+      "referenceNumber": 152,
+      "name": "The Parity Public License 7.0.0",
+      "licenseId": "Parity-7.0.0",
+      "seeAlso": [
+        "https://paritylicense.com/versions/7.0.0.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-1.0.json",
+      "referenceNumber": 153,
+      "name": "Creative Commons Attribution No Derivatives 1.0 Generic",
+      "licenseId": "CC-BY-ND-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/dvipdfm.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/dvipdfm.json",
+      "referenceNumber": 154,
+      "name": "dvipdfm License",
+      "licenseId": "dvipdfm",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/dvipdfm"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CNRI-Python.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CNRI-Python.json",
+      "referenceNumber": 155,
+      "name": "CNRI Python License",
+      "licenseId": "CNRI-Python",
+      "seeAlso": [
+        "https://opensource.org/licenses/CNRI-Python"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-4-Clause-UC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause-UC.json",
+      "referenceNumber": 156,
+      "name": "BSD-4-Clause (University of California-Specific)",
+      "licenseId": "BSD-4-Clause-UC",
+      "seeAlso": [
+        "http://www.freebsd.org/copyright/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NLOD-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NLOD-1.0.json",
+      "referenceNumber": 157,
+      "name": "Norwegian Licence for Open Government Data (NLOD) 1.0",
+      "licenseId": "NLOD-1.0",
+      "seeAlso": [
+        "http://data.norge.no/nlod/en/1.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MS-RL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MS-RL.json",
+      "referenceNumber": 158,
+      "name": "Microsoft Reciprocal License",
+      "licenseId": "MS-RL",
+      "seeAlso": [
+        "http://www.microsoft.com/opensource/licenses.mspx",
+        "https://opensource.org/licenses/MS-RL"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-4.0.json",
+      "referenceNumber": 159,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 4.0 International",
+      "licenseId": "CC-BY-NC-SA-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/HaskellReport.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/HaskellReport.json",
+      "referenceNumber": 160,
+      "name": "Haskell Language Report License",
+      "licenseId": "HaskellReport",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Haskell_Language_Report_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-1.0.json",
+      "referenceNumber": 161,
+      "name": "Creative Commons Attribution 1.0 Generic",
+      "licenseId": "CC-BY-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/UCL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/UCL-1.0.json",
+      "referenceNumber": 162,
+      "name": "Upstream Compatibility License v1.0",
+      "licenseId": "UCL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/UCL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Mup.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Mup.json",
+      "referenceNumber": 163,
+      "name": "Mup License",
+      "licenseId": "Mup",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Mup"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SMPPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SMPPL.json",
+      "referenceNumber": 164,
+      "name": "Secure Messaging Protocol Public License",
+      "licenseId": "SMPPL",
+      "seeAlso": [
+        "https://github.com/dcblake/SMP/blob/master/Documentation/License.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/PHP-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PHP-3.0.json",
+      "referenceNumber": 165,
+      "name": "PHP License v3.0",
+      "licenseId": "PHP-3.0",
+      "seeAlso": [
+        "http://www.php.net/license/3_0.txt",
+        "https://opensource.org/licenses/PHP-3.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GL2PS.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GL2PS.json",
+      "referenceNumber": 166,
+      "name": "GL2PS License",
+      "licenseId": "GL2PS",
+      "seeAlso": [
+        "http://www.geuz.org/gl2ps/COPYING.GL2PS"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CrystalStacker.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CrystalStacker.json",
+      "referenceNumber": 167,
+      "name": "CrystalStacker License",
+      "licenseId": "CrystalStacker",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing:CrystalStacker?rd\u003dLicensing/CrystalStacker"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/W3C-20150513.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/W3C-20150513.json",
+      "referenceNumber": 168,
+      "name": "W3C Software Notice and Document License (2015-05-13)",
+      "licenseId": "W3C-20150513",
+      "seeAlso": [
+        "https://www.w3.org/Consortium/Legal/2015/copyright-software-and-document"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NIST-PD-fallback.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NIST-PD-fallback.json",
+      "referenceNumber": 169,
+      "name": "NIST Public Domain Notice with license fallback",
+      "licenseId": "NIST-PD-fallback",
+      "seeAlso": [
+        "https://github.com/usnistgov/jsip/blob/59700e6926cbe96c5cdae897d9a7d2656b42abe3/LICENSE",
+        "https://github.com/usnistgov/fipy/blob/86aaa5c2ba2c6f1be19593c5986071cf6568cc34/LICENSE.rst"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGL-UK-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGL-UK-1.0.json",
+      "referenceNumber": 170,
+      "name": "Open Government Licence v1.0",
+      "licenseId": "OGL-UK-1.0",
+      "seeAlso": [
+        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/1/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CPL-1.0.json",
+      "referenceNumber": 171,
+      "name": "Common Public License 1.0",
+      "licenseId": "CPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/CPL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.1-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1-only.json",
+      "referenceNumber": 172,
+      "name": "GNU Lesser General Public License v2.1 only",
+      "licenseId": "LGPL-2.1-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+        "https://opensource.org/licenses/LGPL-2.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ZPL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ZPL-2.0.json",
+      "referenceNumber": 173,
+      "name": "Zope Public License 2.0",
+      "licenseId": "ZPL-2.0",
+      "seeAlso": [
+        "http://old.zope.org/Resources/License/ZPL-2.0",
+        "https://opensource.org/licenses/ZPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Frameworx-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Frameworx-1.0.json",
+      "referenceNumber": 174,
+      "name": "Frameworx Open License 1.0",
+      "licenseId": "Frameworx-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/Frameworx-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-3.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-only.json",
+      "referenceNumber": 175,
+      "name": "GNU Affero General Public License v3.0 only",
+      "licenseId": "AGPL-3.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/agpl.txt",
+        "https://opensource.org/licenses/AGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/DRL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/DRL-1.0.json",
+      "referenceNumber": 176,
+      "name": "Detection Rule License 1.0",
+      "licenseId": "DRL-1.0",
+      "seeAlso": [
+        "https://github.com/Neo23x0/sigma/blob/master/LICENSE.Detection.Rules.md"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EFL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EFL-2.0.json",
+      "referenceNumber": 177,
+      "name": "Eiffel Forum License v2.0",
+      "licenseId": "EFL-2.0",
+      "seeAlso": [
+        "http://www.eiffel-nice.org/license/eiffel-forum-license-2.html",
+        "https://opensource.org/licenses/EFL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Spencer-99.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Spencer-99.json",
+      "referenceNumber": 178,
+      "name": "Spencer License 99",
+      "licenseId": "Spencer-99",
+      "seeAlso": [
+        "http://www.opensource.apple.com/source/tcl/tcl-5/tcl/generic/regfronts.c"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CAL-1.0-Combined-Work-Exception.json",
+      "referenceNumber": 179,
+      "name": "Cryptographic Autonomy License 1.0 (Combined Work Exception)",
+      "licenseId": "CAL-1.0-Combined-Work-Exception",
+      "seeAlso": [
+        "http://cryptographicautonomylicense.com/license-text.html",
+        "https://opensource.org/licenses/CAL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-invariants-only.json",
+      "referenceNumber": 180,
+      "name": "GNU Free Documentation License v1.1 only - invariants",
+      "licenseId": "GFDL-1.1-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/TCL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TCL.json",
+      "referenceNumber": 181,
+      "name": "TCL/TK License",
+      "licenseId": "TCL",
+      "seeAlso": [
+        "http://www.tcl.tk/software/tcltk/license.html",
+        "https://fedoraproject.org/wiki/Licensing/TCL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SHL-0.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SHL-0.5.json",
+      "referenceNumber": 182,
+      "name": "Solderpad Hardware License v0.5",
+      "licenseId": "SHL-0.5",
+      "seeAlso": [
+        "https://solderpad.org/licenses/SHL-0.5/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.0-RFN.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.0-RFN.json",
+      "referenceNumber": 183,
+      "name": "SIL Open Font License 1.0 with Reserved Font Name",
+      "licenseId": "OFL-1.0-RFN",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0.json",
+      "referenceNumber": 184,
+      "name": "GNU Library General Public License v2 only",
+      "licenseId": "LGPL-2.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CERN-OHL-W-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-W-2.0.json",
+      "referenceNumber": 185,
+      "name": "CERN Open Hardware Licence Version 2 - Weakly Reciprocal",
+      "licenseId": "CERN-OHL-W-2.0",
+      "seeAlso": [
+        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Glide.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Glide.json",
+      "referenceNumber": 186,
+      "name": "3dfx Glide License",
+      "licenseId": "Glide",
+      "seeAlso": [
+        "http://www.users.on.net/~triforce/glidexp/COPYING.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/mpich2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/mpich2.json",
+      "referenceNumber": 187,
+      "name": "mpich2 License",
+      "licenseId": "mpich2",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MIT"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/psutils.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/psutils.json",
+      "referenceNumber": 188,
+      "name": "psutils License",
+      "licenseId": "psutils",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/psutils"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SPL-1.0.json",
+      "referenceNumber": 189,
+      "name": "Sun Public License v1.0",
+      "licenseId": "SPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/SPL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Apache-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Apache-1.1.json",
+      "referenceNumber": 190,
+      "name": "Apache License 1.1",
+      "licenseId": "Apache-1.1",
+      "seeAlso": [
+        "http://apache.org/licenses/LICENSE-1.1",
+        "https://opensource.org/licenses/Apache-1.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-4.0.json",
+      "referenceNumber": 191,
+      "name": "Creative Commons Attribution No Derivatives 4.0 International",
+      "licenseId": "CC-BY-ND-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/4.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/FreeBSD-DOC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FreeBSD-DOC.json",
+      "referenceNumber": 192,
+      "name": "FreeBSD Documentation License",
+      "licenseId": "FreeBSD-DOC",
+      "seeAlso": [
+        "https://www.freebsd.org/copyright/freebsd-doc-license/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SCEA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SCEA.json",
+      "referenceNumber": 193,
+      "name": "SCEA Shared Source License",
+      "licenseId": "SCEA",
+      "seeAlso": [
+        "http://research.scea.com/scea_shared_source_license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Latex2e.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Latex2e.json",
+      "referenceNumber": 194,
+      "name": "Latex2e License",
+      "licenseId": "Latex2e",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Latex2e"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Artistic-1.0-cl8.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-cl8.json",
+      "referenceNumber": 195,
+      "name": "Artistic License 1.0 w/clause 8",
+      "licenseId": "Artistic-1.0-cl8",
+      "seeAlso": [
+        "https://opensource.org/licenses/Artistic-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SGI-B-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SGI-B-1.1.json",
+      "referenceNumber": 196,
+      "name": "SGI Free Software License B v1.1",
+      "licenseId": "SGI-B-1.1",
+      "seeAlso": [
+        "http://oss.sgi.com/projects/FreeB/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NRL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NRL.json",
+      "referenceNumber": 197,
+      "name": "NRL License",
+      "licenseId": "NRL",
+      "seeAlso": [
+        "http://web.mit.edu/network/isakmp/nrllicense.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SWL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SWL.json",
+      "referenceNumber": 198,
+      "name": "Scheme Widget Library (SWL) Software License Agreement",
+      "licenseId": "SWL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/SWL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Zed.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Zed.json",
+      "referenceNumber": 199,
+      "name": "Zed License",
+      "licenseId": "Zed",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Zed"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CERN-OHL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.1.json",
+      "referenceNumber": 200,
+      "name": "CERN Open Hardware Licence v1.1",
+      "licenseId": "CERN-OHL-1.1",
+      "seeAlso": [
+        "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.1"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/RHeCos-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RHeCos-1.1.json",
+      "referenceNumber": 201,
+      "name": "Red Hat eCos Public License v1.1",
+      "licenseId": "RHeCos-1.1",
+      "seeAlso": [
+        "http://ecos.sourceware.org/old-license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/JasPer-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/JasPer-2.0.json",
+      "referenceNumber": 202,
+      "name": "JasPer License",
+      "licenseId": "JasPer-2.0",
+      "seeAlso": [
+        "http://www.ece.uvic.ca/~mdadams/jasper/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SSPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SSPL-1.0.json",
+      "referenceNumber": 203,
+      "name": "Server Side Public License, v 1",
+      "licenseId": "SSPL-1.0",
+      "seeAlso": [
+        "https://www.mongodb.com/licensing/server-side-public-license"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0+.json",
+      "referenceNumber": 204,
+      "name": "GNU General Public License v2.0 or later",
+      "licenseId": "GPL-2.0+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+        "https://opensource.org/licenses/GPL-2.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-1.4.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.4.json",
+      "referenceNumber": 205,
+      "name": "Open LDAP Public License v1.4",
+      "licenseId": "OLDAP-1.4",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003dc9f95c2f3f2ffb5e0ae55fe7388af75547660941"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/libpng-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/libpng-2.0.json",
+      "referenceNumber": 206,
+      "name": "PNG Reference Library version 2",
+      "licenseId": "libpng-2.0",
+      "seeAlso": [
+        "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CNRI-Python-GPL-Compatible.json",
+      "referenceNumber": 207,
+      "name": "CNRI Python Open Source GPL Compatible License Agreement",
+      "licenseId": "CNRI-Python-GPL-Compatible",
+      "seeAlso": [
+        "http://www.python.org/download/releases/1.6.1/download_win/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Aladdin.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Aladdin.json",
+      "referenceNumber": 208,
+      "name": "Aladdin Free Public License",
+      "licenseId": "Aladdin",
+      "seeAlso": [
+        "http://pages.cs.wisc.edu/~ghost/doc/AFPL/6.01/Public.htm"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-1.0.json",
+      "referenceNumber": 209,
+      "name": "CeCILL Free Software License Agreement v1.0",
+      "licenseId": "CECILL-1.0",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL_V1-fr.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Ruby.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Ruby.json",
+      "referenceNumber": 210,
+      "name": "Ruby License",
+      "licenseId": "Ruby",
+      "seeAlso": [
+        "http://www.ruby-lang.org/en/LICENSE.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NPL-1.1.json",
+      "referenceNumber": 211,
+      "name": "Netscape Public License v1.1",
+      "licenseId": "NPL-1.1",
+      "seeAlso": [
+        "http://www.mozilla.org/MPL/NPL/1.1/"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ImageMagick.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ImageMagick.json",
+      "referenceNumber": 212,
+      "name": "ImageMagick License",
+      "licenseId": "ImageMagick",
+      "seeAlso": [
+        "http://www.imagemagick.org/script/license.php"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Cube.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Cube.json",
+      "referenceNumber": 213,
+      "name": "Cube License",
+      "licenseId": "Cube",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Cube"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-only.json",
+      "referenceNumber": 214,
+      "name": "GNU Free Documentation License v1.1 only",
+      "licenseId": "GFDL-1.1-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-2.0.json",
+      "referenceNumber": 215,
+      "name": "Creative Commons Attribution 2.0 Generic",
+      "licenseId": "CC-BY-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AFL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AFL-1.2.json",
+      "referenceNumber": 216,
+      "name": "Academic Free License v1.2",
+      "licenseId": "AFL-1.2",
+      "seeAlso": [
+        "http://opensource.linux-mirror.org/licenses/afl-1.2.txt",
+        "http://wayback.archive.org/web/20021204204652/http://www.opensource.org/licenses/academic.php"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0.json",
+      "referenceNumber": 217,
+      "name": "Creative Commons Attribution Share Alike 2.0 Generic",
+      "licenseId": "CC-BY-SA-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-2.0.json",
+      "referenceNumber": 218,
+      "name": "CeCILL Free Software License Agreement v2.0",
+      "licenseId": "CECILL-2.0",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL_V2-en.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-advertising.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-advertising.json",
+      "referenceNumber": 219,
+      "name": "Enlightenment License (e16)",
+      "licenseId": "MIT-advertising",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MIT_With_Advertising"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.5.json",
+      "referenceNumber": 220,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 2.5 Generic",
+      "licenseId": "CC-BY-NC-SA-2.5",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/2.5/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Artistic-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0.json",
+      "referenceNumber": 221,
+      "name": "Artistic License 1.0",
+      "licenseId": "Artistic-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/Artistic-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSL-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSL-3.0.json",
+      "referenceNumber": 222,
+      "name": "Open Software License 3.0",
+      "licenseId": "OSL-3.0",
+      "seeAlso": [
+        "https://web.archive.org/web/20120101081418/http://rosenlaw.com:80/OSL3.0.htm",
+        "https://opensource.org/licenses/OSL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/X11.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/X11.json",
+      "referenceNumber": 223,
+      "name": "X11 License",
+      "licenseId": "X11",
+      "seeAlso": [
+        "http://www.xfree86.org/3.3.6/COPYRIGHT2.html#3"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Bahyph.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Bahyph.json",
+      "referenceNumber": 224,
+      "name": "Bahyph License",
+      "licenseId": "Bahyph",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Bahyph"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.0.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.0.1.json",
+      "referenceNumber": 225,
+      "name": "Open LDAP Public License v2.0.1",
+      "licenseId": "OLDAP-2.0.1",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003db6d68acd14e51ca3aab4428bf26522aa74873f0e"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EUDatagrid.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EUDatagrid.json",
+      "referenceNumber": 226,
+      "name": "EU DataGrid Software License",
+      "licenseId": "EUDatagrid",
+      "seeAlso": [
+        "http://eu-datagrid.web.cern.ch/eu-datagrid/license.html",
+        "https://opensource.org/licenses/EUDatagrid"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MTLL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MTLL.json",
+      "referenceNumber": 227,
+      "name": "Matrix Template Library License",
+      "licenseId": "MTLL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Matrix_Template_Library_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-invariants-only.json",
+      "referenceNumber": 228,
+      "name": "GNU Free Documentation License v1.2 only - invariants",
+      "licenseId": "GFDL-1.2-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-or-later.json",
+      "referenceNumber": 229,
+      "name": "GNU Free Documentation License v1.3 or later - no invariants",
+      "licenseId": "GFDL-1.3-no-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/curl.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/curl.json",
+      "referenceNumber": 230,
+      "name": "curl License",
+      "licenseId": "curl",
+      "seeAlso": [
+        "https://github.com/bagder/curl/blob/master/COPYING"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LAL-1.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LAL-1.3.json",
+      "referenceNumber": 231,
+      "name": "Licence Art Libre 1.3",
+      "licenseId": "LAL-1.3",
+      "seeAlso": [
+        "https://artlibre.org/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/DSDP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/DSDP.json",
+      "referenceNumber": 232,
+      "name": "DSDP License",
+      "licenseId": "DSDP",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/DSDP"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CERN-OHL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-1.2.json",
+      "referenceNumber": 233,
+      "name": "CERN Open Hardware Licence v1.2",
+      "licenseId": "CERN-OHL-1.2",
+      "seeAlso": [
+        "https://www.ohwr.org/project/licenses/wikis/cern-ohl-v1.2"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/TOSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TOSL.json",
+      "referenceNumber": 234,
+      "name": "Trusster Open Source License",
+      "licenseId": "TOSL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/TOSL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-autoconf-exception.json",
+      "referenceNumber": 235,
+      "name": "GNU General Public License v3.0 w/Autoconf exception",
+      "licenseId": "GPL-3.0-with-autoconf-exception",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/autoconf-exception-3.0.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-3.0.json",
+      "referenceNumber": 236,
+      "name": "Creative Commons Attribution 3.0 Unported",
+      "licenseId": "CC-BY-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Qhull.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Qhull.json",
+      "referenceNumber": 237,
+      "name": "Qhull License",
+      "licenseId": "Qhull",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Qhull"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-no-invariants-only.json",
+      "referenceNumber": 238,
+      "name": "GNU Free Documentation License v1.3 only - no invariants",
+      "licenseId": "GFDL-1.3-no-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/TORQUE-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TORQUE-1.1.json",
+      "referenceNumber": 239,
+      "name": "TORQUE v2.5+ Software License v1.1",
+      "licenseId": "TORQUE-1.1",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/TORQUEv1.1"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MS-PL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MS-PL.json",
+      "referenceNumber": 240,
+      "name": "Microsoft Public License",
+      "licenseId": "MS-PL",
+      "seeAlso": [
+        "http://www.microsoft.com/opensource/licenses.mspx",
+        "https://opensource.org/licenses/MS-PL"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Apache-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Apache-1.0.json",
+      "referenceNumber": 241,
+      "name": "Apache License 1.0",
+      "licenseId": "Apache-1.0",
+      "seeAlso": [
+        "http://www.apache.org/licenses/LICENSE-1.0"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/copyleft-next-0.3.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.1.json",
+      "referenceNumber": 242,
+      "name": "copyleft-next 0.3.1",
+      "licenseId": "copyleft-next-0.3.1",
+      "seeAlso": [
+        "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.1"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-or-later.json",
+      "referenceNumber": 243,
+      "name": "GNU Free Documentation License v1.2 or later",
+      "licenseId": "GFDL-1.2-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0+.json",
+      "referenceNumber": 244,
+      "name": "GNU General Public License v3.0 or later",
+      "licenseId": "GPL-3.0+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+        "https://opensource.org/licenses/GPL-3.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MulanPSL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MulanPSL-2.0.json",
+      "referenceNumber": 245,
+      "name": "Mulan Permissive Software License, Version 2",
+      "licenseId": "MulanPSL-2.0",
+      "seeAlso": [
+        "https://license.coscl.org.cn/MulanPSL2/"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/FSFAP.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FSFAP.json",
+      "referenceNumber": 246,
+      "name": "FSF All Permissive License",
+      "licenseId": "FSFAP",
+      "seeAlso": [
+        "https://www.gnu.org/prep/maintain/html_node/License-Notices-for-Other-Files.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Xerox.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Xerox.json",
+      "referenceNumber": 247,
+      "name": "Xerox License",
+      "licenseId": "Xerox",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Xerox"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDDL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDDL-1.0.json",
+      "referenceNumber": 248,
+      "name": "Common Development and Distribution License 1.0",
+      "licenseId": "CDDL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/cddl1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-invariants-only.json",
+      "referenceNumber": 249,
+      "name": "GNU Free Documentation License v1.3 only - invariants",
+      "licenseId": "GFDL-1.3-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/etalab-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/etalab-2.0.json",
+      "referenceNumber": 250,
+      "name": "Etalab Open License 2.0",
+      "licenseId": "etalab-2.0",
+      "seeAlso": [
+        "https://github.com/DISIC/politique-de-contribution-open-source/blob/master/LICENSE.pdf",
+        "https://raw.githubusercontent.com/DISIC/politique-de-contribution-open-source/master/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/XFree86-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/XFree86-1.1.json",
+      "referenceNumber": 251,
+      "name": "XFree86 License 1.1",
+      "licenseId": "XFree86-1.1",
+      "seeAlso": [
+        "http://www.xfree86.org/current/LICENSE4.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SNIA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SNIA.json",
+      "referenceNumber": 252,
+      "name": "SNIA Public License 1.1",
+      "licenseId": "SNIA",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/SNIA_Public_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPPL-1.1.json",
+      "referenceNumber": 253,
+      "name": "LaTeX Project Public License v1.1",
+      "licenseId": "LPPL-1.1",
+      "seeAlso": [
+        "http://www.latex-project.org/lppl/lppl-1-1.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CATOSL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CATOSL-1.1.json",
+      "referenceNumber": 254,
+      "name": "Computer Associates Trusted Open Source License 1.1",
+      "licenseId": "CATOSL-1.1",
+      "seeAlso": [
+        "https://opensource.org/licenses/CATOSL-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/TU-Berlin-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TU-Berlin-2.0.json",
+      "referenceNumber": 255,
+      "name": "Technische Universitaet Berlin License 2.0",
+      "licenseId": "TU-Berlin-2.0",
+      "seeAlso": [
+        "https://github.com/CorsixTH/deps/blob/fd339a9f526d1d9c9f01ccf39e438a015da50035/licences/libgsm.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3.json",
+      "referenceNumber": 256,
+      "name": "GNU Free Documentation License v1.3",
+      "licenseId": "GFDL-1.3",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-or-later.json",
+      "referenceNumber": 257,
+      "name": "GNU Free Documentation License v1.3 or later",
+      "licenseId": "GFDL-1.3-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LAL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LAL-1.2.json",
+      "referenceNumber": 258,
+      "name": "Licence Art Libre 1.2",
+      "licenseId": "LAL-1.2",
+      "seeAlso": [
+        "http://artlibre.org/licence/lal/licence-art-libre-12/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ICU.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ICU.json",
+      "referenceNumber": 259,
+      "name": "ICU License",
+      "licenseId": "ICU",
+      "seeAlso": [
+        "http://source.icu-project.org/repos/icu/icu/trunk/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/FTL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FTL.json",
+      "referenceNumber": 260,
+      "name": "Freetype Project License",
+      "licenseId": "FTL",
+      "seeAlso": [
+        "http://freetype.fis.uniroma2.it/FTL.TXT",
+        "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT",
+        "http://gitlab.freedesktop.org/freetype/freetype/-/raw/master/docs/FTL.TXT"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MirOS.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MirOS.json",
+      "referenceNumber": 261,
+      "name": "The MirOS Licence",
+      "licenseId": "MirOS",
+      "seeAlso": [
+        "https://opensource.org/licenses/MirOS"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-NetBSD.json",
+      "referenceNumber": 262,
+      "name": "BSD 2-Clause NetBSD License",
+      "licenseId": "BSD-2-Clause-NetBSD",
+      "seeAlso": [
+        "http://www.netbsd.org/about/redistribution.html#default"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0.json",
+      "referenceNumber": 263,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Unported",
+      "licenseId": "CC-BY-NC-ND-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSET-PL-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSET-PL-2.1.json",
+      "referenceNumber": 264,
+      "name": "OSET Public License version 2.1",
+      "licenseId": "OSET-PL-2.1",
+      "seeAlso": [
+        "http://www.osetfoundation.org/public-license",
+        "https://opensource.org/licenses/OPL-2.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-2.0.json",
+      "referenceNumber": 265,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 2.0 Generic",
+      "licenseId": "CC-BY-NC-ND-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SISSL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SISSL-1.2.json",
+      "referenceNumber": 266,
+      "name": "Sun Industry Standards Source License v1.2",
+      "licenseId": "SISSL-1.2",
+      "seeAlso": [
+        "http://gridscheduler.sourceforge.net/Gridengine_SISSL_license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Wsuipa.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Wsuipa.json",
+      "referenceNumber": 267,
+      "name": "Wsuipa License",
+      "licenseId": "Wsuipa",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Wsuipa"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Zimbra-1.4.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Zimbra-1.4.json",
+      "referenceNumber": 268,
+      "name": "Zimbra Public License v1.4",
+      "licenseId": "Zimbra-1.4",
+      "seeAlso": [
+        "http://www.zimbra.com/legal/zimbra-public-license-1-4"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Linux-OpenIB.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Linux-OpenIB.json",
+      "referenceNumber": 269,
+      "name": "Linux Kernel Variant of OpenIB.org license",
+      "licenseId": "Linux-OpenIB",
+      "seeAlso": [
+        "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/core/sa.h"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-3.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0.json",
+      "referenceNumber": 270,
+      "name": "GNU Lesser General Public License v3.0 only",
+      "licenseId": "LGPL-3.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+        "https://opensource.org/licenses/LGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.5.json",
+      "referenceNumber": 271,
+      "name": "Open LDAP Public License v2.5",
+      "licenseId": "OLDAP-2.5",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d6852b9d90022e8593c98205413380536b1b5a7cf"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AMPAS.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AMPAS.json",
+      "referenceNumber": 272,
+      "name": "Academy of Motion Picture Arts and Sciences BSD",
+      "licenseId": "AMPAS",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/BSD#AMPASBSD"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-1.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-1.0-or-later.json",
+      "referenceNumber": 273,
+      "name": "GNU General Public License v1.0 or later",
+      "licenseId": "GPL-1.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BUSL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BUSL-1.1.json",
+      "referenceNumber": 274,
+      "name": "Business Source License 1.1",
+      "licenseId": "BUSL-1.1",
+      "seeAlso": [
+        "https://mariadb.com/bsl11/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Adobe-Glyph.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Adobe-Glyph.json",
+      "referenceNumber": 275,
+      "name": "Adobe Glyph List License",
+      "licenseId": "Adobe-Glyph",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MIT#AdobeGlyph"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/0BSD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/0BSD.json",
+      "referenceNumber": 276,
+      "name": "BSD Zero Clause License",
+      "licenseId": "0BSD",
+      "seeAlso": [
+        "http://landley.net/toybox/license.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/W3C-19980720.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/W3C-19980720.json",
+      "referenceNumber": 277,
+      "name": "W3C Software Notice and License (1998-07-20)",
+      "licenseId": "W3C-19980720",
+      "seeAlso": [
+        "http://www.w3.org/Consortium/Legal/copyright-software-19980720.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/FSFUL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FSFUL.json",
+      "referenceNumber": 278,
+      "name": "FSF Unlimited License",
+      "licenseId": "FSFUL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0.json",
+      "referenceNumber": 279,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 Unported",
+      "licenseId": "CC-BY-NC-SA-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/DOC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/DOC.json",
+      "referenceNumber": 280,
+      "name": "DOC License",
+      "licenseId": "DOC",
+      "seeAlso": [
+        "http://www.cs.wustl.edu/~schmidt/ACE-copying.html",
+        "https://www.dre.vanderbilt.edu/~schmidt/ACE-copying.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/TMate.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TMate.json",
+      "referenceNumber": 281,
+      "name": "TMate Open Source License",
+      "licenseId": "TMate",
+      "seeAlso": [
+        "http://svnkit.com/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-open-group.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-open-group.json",
+      "referenceNumber": 282,
+      "name": "MIT Open Group variant",
+      "licenseId": "MIT-open-group",
+      "seeAlso": [
+        "https://gitlab.freedesktop.org/xorg/app/iceauth/-/blob/master/COPYING",
+        "https://gitlab.freedesktop.org/xorg/app/xvinfo/-/blob/master/COPYING",
+        "https://gitlab.freedesktop.org/xorg/app/xsetroot/-/blob/master/COPYING",
+        "https://gitlab.freedesktop.org/xorg/app/xauth/-/blob/master/COPYING"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AMDPLPA.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AMDPLPA.json",
+      "referenceNumber": 283,
+      "name": "AMD\u0027s plpa_map.c License",
+      "licenseId": "AMDPLPA",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/AMD_plpa_map_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Condor-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Condor-1.1.json",
+      "referenceNumber": 284,
+      "name": "Condor Public License v1.1",
+      "licenseId": "Condor-1.1",
+      "seeAlso": [
+        "http://research.cs.wisc.edu/condor/license.html#condor",
+        "http://web.archive.org/web/20111123062036/http://research.cs.wisc.edu/condor/license.html#condor"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PolyForm-Noncommercial-1.0.0.json",
+      "referenceNumber": 285,
+      "name": "PolyForm Noncommercial License 1.0.0",
+      "licenseId": "PolyForm-Noncommercial-1.0.0",
+      "seeAlso": [
+        "https://polyformproject.org/licenses/noncommercial/1.0.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Military-License.json",
+      "referenceNumber": 286,
+      "name": "BSD 3-Clause No Military License",
+      "licenseId": "BSD-3-Clause-No-Military-License",
+      "seeAlso": [
+        "https://gitlab.syncad.com/hive/dhive/-/blob/master/LICENSE",
+        "https://github.com/greymass/swift-eosio/blob/master/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-4.0.json",
+      "referenceNumber": 287,
+      "name": "Creative Commons Attribution 4.0 International",
+      "licenseId": "CC-BY-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by/4.0/legalcode"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGL-Canada-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGL-Canada-2.0.json",
+      "referenceNumber": 288,
+      "name": "Open Government Licence - Canada",
+      "licenseId": "OGL-Canada-2.0",
+      "seeAlso": [
+        "https://open.canada.ca/en/open-government-licence-canada"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-3.0-IGO.json",
+      "referenceNumber": 289,
+      "name": "Creative Commons Attribution Non Commercial Share Alike 3.0 IGO",
+      "licenseId": "CC-BY-NC-SA-3.0-IGO",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/3.0/igo/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EFL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EFL-1.0.json",
+      "referenceNumber": 290,
+      "name": "Eiffel Forum License v1.0",
+      "licenseId": "EFL-1.0",
+      "seeAlso": [
+        "http://www.eiffel-nice.org/license/forum.txt",
+        "https://opensource.org/licenses/EFL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Newsletr.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Newsletr.json",
+      "referenceNumber": 291,
+      "name": "Newsletr License",
+      "licenseId": "Newsletr",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Newsletr"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/copyleft-next-0.3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/copyleft-next-0.3.0.json",
+      "referenceNumber": 292,
+      "name": "copyleft-next 0.3.0",
+      "licenseId": "copyleft-next-0.3.0",
+      "seeAlso": [
+        "https://github.com/copyleft-next/copyleft-next/blob/master/Releases/copyleft-next-0.3.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-or-later.json",
+      "referenceNumber": 293,
+      "name": "GNU General Public License v3.0 or later",
+      "licenseId": "GPL-3.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+        "https://opensource.org/licenses/GPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDLA-Permissive-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-2.0.json",
+      "referenceNumber": 294,
+      "name": "Community Data License Agreement Permissive 2.0",
+      "licenseId": "CDLA-Permissive-2.0",
+      "seeAlso": [
+        "https://cdla.dev/permissive-2-0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-ND-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-ND-3.0.json",
+      "referenceNumber": 295,
+      "name": "Creative Commons Attribution No Derivatives 3.0 Unported",
+      "licenseId": "CC-BY-ND-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/C-UDA-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/C-UDA-1.0.json",
+      "referenceNumber": 296,
+      "name": "Computational Use of Data Agreement v1.0",
+      "licenseId": "C-UDA-1.0",
+      "seeAlso": [
+        "https://github.com/microsoft/Computational-Use-of-Data-Agreement/blob/master/C-UDA-1.0.md",
+        "https://cdla.dev/computational-use-of-data-agreement-v1-0/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Barr.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Barr.json",
+      "referenceNumber": 297,
+      "name": "Barr License",
+      "licenseId": "Barr",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Barr"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Vim.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Vim.json",
+      "referenceNumber": 298,
+      "name": "Vim License",
+      "licenseId": "Vim",
+      "seeAlso": [
+        "http://vimdoc.sourceforge.net/htmldoc/uganda.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-classpath-exception.json",
+      "referenceNumber": 299,
+      "name": "GNU General Public License v2.0 w/Classpath exception",
+      "licenseId": "GPL-2.0-with-classpath-exception",
+      "seeAlso": [
+        "https://www.gnu.org/software/classpath/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BitTorrent-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BitTorrent-1.1.json",
+      "referenceNumber": 300,
+      "name": "BitTorrent Open Source License v1.1",
+      "licenseId": "BitTorrent-1.1",
+      "seeAlso": [
+        "http://directory.fsf.org/wiki/License:BitTorrentOSL1.1"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDL-1.0.json",
+      "referenceNumber": 301,
+      "name": "Common Documentation License 1.0",
+      "licenseId": "CDL-1.0",
+      "seeAlso": [
+        "http://www.opensource.apple.com/cdl/",
+        "https://fedoraproject.org/wiki/Licensing/Common_Documentation_License",
+        "https://www.gnu.org/licenses/license-list.html#ACDL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-1.0.json",
+      "referenceNumber": 302,
+      "name": "Creative Commons Attribution Share Alike 1.0 Generic",
+      "licenseId": "CC-BY-SA-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ADSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ADSL.json",
+      "referenceNumber": 303,
+      "name": "Amazon Digital Services License",
+      "licenseId": "ADSL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/AmazonDigitalServicesLicense"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/PostgreSQL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PostgreSQL.json",
+      "referenceNumber": 304,
+      "name": "PostgreSQL License",
+      "licenseId": "PostgreSQL",
+      "seeAlso": [
+        "http://www.postgresql.org/about/licence",
+        "https://opensource.org/licenses/PostgreSQL"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.1.json",
+      "referenceNumber": 305,
+      "name": "SIL Open Font License 1.1",
+      "licenseId": "OFL-1.1",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+        "https://opensource.org/licenses/OFL-1.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NPL-1.0.json",
+      "referenceNumber": 306,
+      "name": "Netscape Public License v1.0",
+      "licenseId": "NPL-1.0",
+      "seeAlso": [
+        "http://www.mozilla.org/MPL/NPL/1.0/"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/xinetd.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/xinetd.json",
+      "referenceNumber": 307,
+      "name": "xinetd License",
+      "licenseId": "xinetd",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Xinetd_License"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.0-only.json",
+      "referenceNumber": 308,
+      "name": "GNU Library General Public License v2 only",
+      "licenseId": "LGPL-2.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.0-standalone.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/zlib-acknowledgement.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/zlib-acknowledgement.json",
+      "referenceNumber": 309,
+      "name": "zlib/libpng License with Acknowledgement",
+      "licenseId": "zlib-acknowledgement",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/ZlibWithAcknowledgement"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.1.json",
+      "referenceNumber": 310,
+      "name": "Open LDAP Public License v2.2.1",
+      "licenseId": "OLDAP-2.2.1",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d4bc786f34b50aa301be6f5600f58a980070f481e"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/APSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APSL-1.0.json",
+      "referenceNumber": 311,
+      "name": "Apple Public Source License 1.0",
+      "licenseId": "APSL-1.0",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Apple_Public_Source_License_1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-LBNL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-LBNL.json",
+      "referenceNumber": 312,
+      "name": "Lawrence Berkeley National Labs BSD variant license",
+      "licenseId": "BSD-3-Clause-LBNL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/LBNLBSD"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GLWTPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GLWTPL.json",
+      "referenceNumber": 313,
+      "name": "Good Luck With That Public License",
+      "licenseId": "GLWTPL",
+      "seeAlso": [
+        "https://github.com/me-shaon/GLWTPL/commit/da5f6bc734095efbacb442c0b31e33a65b9d6e85"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-3.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-only.json",
+      "referenceNumber": 314,
+      "name": "GNU Lesser General Public License v3.0 only",
+      "licenseId": "LGPL-3.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+        "https://opensource.org/licenses/LGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGC-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGC-1.0.json",
+      "referenceNumber": 315,
+      "name": "OGC Software License, Version 1.0",
+      "licenseId": "OGC-1.0",
+      "seeAlso": [
+        "https://www.ogc.org/ogc/software/1.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Dotseqn.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Dotseqn.json",
+      "referenceNumber": 316,
+      "name": "Dotseqn License",
+      "licenseId": "Dotseqn",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Dotseqn"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MakeIndex.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MakeIndex.json",
+      "referenceNumber": 317,
+      "name": "MakeIndex License",
+      "licenseId": "MakeIndex",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MakeIndex"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-only.json",
+      "referenceNumber": 318,
+      "name": "GNU General Public License v3.0 only",
+      "licenseId": "GPL-3.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+        "https://opensource.org/licenses/GPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-No-Nuclear-License-2014.json",
+      "referenceNumber": 319,
+      "name": "BSD 3-Clause No Nuclear License 2014",
+      "licenseId": "BSD-3-Clause-No-Nuclear-License-2014",
+      "seeAlso": [
+        "https://java.net/projects/javaeetutorial/pages/BerkeleyLicense"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-1.0-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-1.0-only.json",
+      "referenceNumber": 320,
+      "name": "GNU General Public License v1.0 only",
+      "licenseId": "GPL-1.0-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/IJG.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/IJG.json",
+      "referenceNumber": 321,
+      "name": "Independent JPEG Group License",
+      "licenseId": "IJG",
+      "seeAlso": [
+        "http://dev.w3.org/cvsweb/Amaya/libjpeg/Attic/README?rev\u003d1.2"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-1.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0-or-later.json",
+      "referenceNumber": 322,
+      "name": "Affero General Public License v1.0 or later",
+      "licenseId": "AGPL-1.0-or-later",
+      "seeAlso": [
+        "http://www.affero.org/oagpl.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.1-no-RFN.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.1-no-RFN.json",
+      "referenceNumber": 323,
+      "name": "SIL Open Font License 1.1 with no Reserved Font Name",
+      "licenseId": "OFL-1.1-no-RFN",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+        "https://opensource.org/licenses/OFL-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSL-1.0.json",
+      "referenceNumber": 324,
+      "name": "Boost Software License 1.0",
+      "licenseId": "BSL-1.0",
+      "seeAlso": [
+        "http://www.boost.org/LICENSE_1_0.txt",
+        "https://opensource.org/licenses/BSL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Libpng.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Libpng.json",
+      "referenceNumber": 325,
+      "name": "libpng License",
+      "licenseId": "Libpng",
+      "seeAlso": [
+        "http://www.libpng.org/pub/png/src/libpng-LICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0.json",
+      "referenceNumber": 326,
+      "name": "Creative Commons Attribution Non Commercial 3.0 Unported",
+      "licenseId": "CC-BY-NC-3.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/3.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-2.0.json",
+      "referenceNumber": 327,
+      "name": "Creative Commons Attribution Non Commercial 2.0 Generic",
+      "licenseId": "CC-BY-NC-2.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/2.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Unlicense.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Unlicense.json",
+      "referenceNumber": 328,
+      "name": "The Unlicense",
+      "licenseId": "Unlicense",
+      "seeAlso": [
+        "https://unlicense.org/"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPL-1.0.json",
+      "referenceNumber": 329,
+      "name": "Lucent Public License Version 1.0",
+      "licenseId": "LPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/LPL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/bzip2-1.0.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/bzip2-1.0.5.json",
+      "referenceNumber": 330,
+      "name": "bzip2 and libbzip2 License v1.0.5",
+      "licenseId": "bzip2-1.0.5",
+      "seeAlso": [
+        "https://sourceware.org/bzip2/1.0.5/bzip2-manual-1.0.5.html",
+        "http://bzip.org/1.0.5/bzip2-manual-1.0.5.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Entessa.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Entessa.json",
+      "referenceNumber": 331,
+      "name": "Entessa Public License v1.0",
+      "licenseId": "Entessa",
+      "seeAlso": [
+        "https://opensource.org/licenses/Entessa"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-2-Clause-Patent.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Patent.json",
+      "referenceNumber": 332,
+      "name": "BSD-2-Clause Plus Patent License",
+      "licenseId": "BSD-2-Clause-Patent",
+      "seeAlso": [
+        "https://opensource.org/licenses/BSDplusPatent"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ECL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ECL-2.0.json",
+      "referenceNumber": 333,
+      "name": "Educational Community License v2.0",
+      "licenseId": "ECL-2.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/ECL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Crossword.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Crossword.json",
+      "referenceNumber": 334,
+      "name": "Crossword License",
+      "licenseId": "Crossword",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Crossword"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-1.0.json",
+      "referenceNumber": 335,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 1.0 Generic",
+      "licenseId": "CC-BY-NC-ND-1.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nd-nc/1.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OCLC-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OCLC-2.0.json",
+      "referenceNumber": 336,
+      "name": "OCLC Research Public License 2.0",
+      "licenseId": "OCLC-2.0",
+      "seeAlso": [
+        "http://www.oclc.org/research/activities/software/license/v2final.htm",
+        "https://opensource.org/licenses/OCLC-2.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-1.1.json",
+      "referenceNumber": 337,
+      "name": "CeCILL Free Software License Agreement v1.1",
+      "licenseId": "CECILL-1.1",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL_V1.1-US.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-2.1.json",
+      "referenceNumber": 338,
+      "name": "CeCILL Free Software License Agreement v2.1",
+      "licenseId": "CECILL-2.1",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL_V2.1-en.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGDL-Taiwan-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGDL-Taiwan-1.0.json",
+      "referenceNumber": 339,
+      "name": "Taiwan Open Government Data License, version 1.0",
+      "licenseId": "OGDL-Taiwan-1.0",
+      "seeAlso": [
+        "https://data.gov.tw/license"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Abstyles.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Abstyles.json",
+      "referenceNumber": 340,
+      "name": "Abstyles License",
+      "licenseId": "Abstyles",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Abstyles"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/libselinux-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/libselinux-1.0.json",
+      "referenceNumber": 341,
+      "name": "libselinux public domain notice",
+      "licenseId": "libselinux-1.0",
+      "seeAlso": [
+        "https://github.com/SELinuxProject/selinux/blob/master/libselinux/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ANTLR-PD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ANTLR-PD.json",
+      "referenceNumber": 342,
+      "name": "ANTLR Software Rights Notice",
+      "licenseId": "ANTLR-PD",
+      "seeAlso": [
+        "http://www.antlr2.org/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-or-later.json",
+      "referenceNumber": 343,
+      "name": "GNU General Public License v2.0 or later",
+      "licenseId": "GPL-2.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html",
+        "https://opensource.org/licenses/GPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/IPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/IPL-1.0.json",
+      "referenceNumber": 344,
+      "name": "IBM Public License v1.0",
+      "licenseId": "IPL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/IPL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-enna.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-enna.json",
+      "referenceNumber": 345,
+      "name": "enna License",
+      "licenseId": "MIT-enna",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MIT#enna"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CPOL-1.02.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CPOL-1.02.json",
+      "referenceNumber": 346,
+      "name": "Code Project Open License 1.02",
+      "licenseId": "CPOL-1.02",
+      "seeAlso": [
+        "http://www.codeproject.com/info/cpol10.aspx"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-3.0-AT.json",
+      "referenceNumber": 347,
+      "name": "Creative Commons Attribution Share Alike 3.0 Austria",
+      "licenseId": "CC-BY-SA-3.0-AT",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/3.0/at/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0-with-GCC-exception.json",
+      "referenceNumber": 348,
+      "name": "GNU General Public License v3.0 w/GCC Runtime Library exception",
+      "licenseId": "GPL-3.0-with-GCC-exception",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gcc-exception-3.1.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-1-Clause.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-1-Clause.json",
+      "referenceNumber": 349,
+      "name": "BSD 1-Clause License",
+      "licenseId": "BSD-1-Clause",
+      "seeAlso": [
+        "https://svnweb.freebsd.org/base/head/include/ifaddrs.h?revision\u003d326823"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NTP-0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NTP-0.json",
+      "referenceNumber": 350,
+      "name": "NTP No Attribution",
+      "licenseId": "NTP-0",
+      "seeAlso": [
+        "https://github.com/tytso/e2fsprogs/blob/master/lib/et/et_name.c"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SugarCRM-1.1.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SugarCRM-1.1.3.json",
+      "referenceNumber": 351,
+      "name": "SugarCRM Public License v1.1.3",
+      "licenseId": "SugarCRM-1.1.3",
+      "seeAlso": [
+        "http://www.sugarcrm.com/crm/SPL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT.json",
+      "referenceNumber": 352,
+      "name": "MIT License",
+      "licenseId": "MIT",
+      "seeAlso": [
+        "https://opensource.org/licenses/MIT"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.1-RFN.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.1-RFN.json",
+      "referenceNumber": 353,
+      "name": "SIL Open Font License 1.1 with Reserved Font Name",
+      "licenseId": "OFL-1.1-RFN",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL_web",
+        "https://opensource.org/licenses/OFL-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Watcom-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Watcom-1.0.json",
+      "referenceNumber": 354,
+      "name": "Sybase Open Watcom Public License 1.0",
+      "licenseId": "Watcom-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/Watcom-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-SA-2.0-FR.json",
+      "referenceNumber": 355,
+      "name": "Creative Commons Attribution-NonCommercial-ShareAlike 2.0 France",
+      "licenseId": "CC-BY-NC-SA-2.0-FR",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-sa/2.0/fr/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ODbL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ODbL-1.0.json",
+      "referenceNumber": 356,
+      "name": "Open Data Commons Open Database License v1.0",
+      "licenseId": "ODbL-1.0",
+      "seeAlso": [
+        "http://www.opendatacommons.org/licenses/odbl/1.0/",
+        "https://opendatacommons.org/licenses/odbl/1-0/"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/FSFULLR.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/FSFULLR.json",
+      "referenceNumber": 357,
+      "name": "FSF Unlimited License (with License Retention)",
+      "licenseId": "FSFULLR",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/FSF_Unlimited_License#License_Retention_Variant"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-1.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.3.json",
+      "referenceNumber": 358,
+      "name": "Open LDAP Public License v1.3",
+      "licenseId": "OLDAP-1.3",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003de5f8117f0ce088d0bd7a8e18ddf37eaa40eb09b1"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SSH-OpenSSH.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SSH-OpenSSH.json",
+      "referenceNumber": 359,
+      "name": "SSH OpenSSH license",
+      "licenseId": "SSH-OpenSSH",
+      "seeAlso": [
+        "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/LICENCE#L10"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-2-Clause.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause.json",
+      "referenceNumber": 360,
+      "name": "BSD 2-Clause \"Simplified\" License",
+      "licenseId": "BSD-2-Clause",
+      "seeAlso": [
+        "https://opensource.org/licenses/BSD-2-Clause"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/HPND.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/HPND.json",
+      "referenceNumber": 361,
+      "name": "Historical Permission Notice and Disclaimer",
+      "licenseId": "HPND",
+      "seeAlso": [
+        "https://opensource.org/licenses/HPND"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Zimbra-1.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Zimbra-1.3.json",
+      "referenceNumber": 362,
+      "name": "Zimbra Public License v1.3",
+      "licenseId": "Zimbra-1.3",
+      "seeAlso": [
+        "http://web.archive.org/web/20100302225219/http://www.zimbra.com/license/zimbra-public-license-1-3.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Borceux.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Borceux.json",
+      "referenceNumber": 363,
+      "name": "Borceux license",
+      "licenseId": "Borceux",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Borceux"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-1.1.json",
+      "referenceNumber": 364,
+      "name": "Open LDAP Public License v1.1",
+      "licenseId": "OLDAP-1.1",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d806557a5ad59804ef3a44d5abfbe91d706b0791f"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OFL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OFL-1.0.json",
+      "referenceNumber": 365,
+      "name": "SIL Open Font License 1.0",
+      "licenseId": "OFL-1.0",
+      "seeAlso": [
+        "http://scripts.sil.org/cms/scripts/page.php?item_id\u003dOFL10_web"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NASA-1.3.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NASA-1.3.json",
+      "referenceNumber": 366,
+      "name": "NASA Open Source Agreement 1.3",
+      "licenseId": "NASA-1.3",
+      "seeAlso": [
+        "http://ti.arc.nasa.gov/opensource/nosa/",
+        "https://opensource.org/licenses/NASA-1.3"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/VOSTROM.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/VOSTROM.json",
+      "referenceNumber": 367,
+      "name": "VOSTROM Public License for Open Source",
+      "licenseId": "VOSTROM",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/VOSTROM"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-0.json",
+      "referenceNumber": 368,
+      "name": "MIT No Attribution",
+      "licenseId": "MIT-0",
+      "seeAlso": [
+        "https://github.com/aws/mit-0",
+        "https://romanrm.net/mit-zero",
+        "https://github.com/awsdocs/aws-cloud9-user-guide/blob/master/LICENSE-SAMPLECODE"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ISC.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ISC.json",
+      "referenceNumber": 369,
+      "name": "ISC License",
+      "licenseId": "ISC",
+      "seeAlso": [
+        "https://www.isc.org/licenses/",
+        "https://www.isc.org/downloads/software-support-policy/isc-license/",
+        "https://opensource.org/licenses/ISC"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Unicode-DFS-2016.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Unicode-DFS-2016.json",
+      "referenceNumber": 370,
+      "name": "Unicode License Agreement - Data Files and Software (2016)",
+      "licenseId": "Unicode-DFS-2016",
+      "seeAlso": [
+        "http://www.unicode.org/copyright.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BlueOak-1.0.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BlueOak-1.0.0.json",
+      "referenceNumber": 371,
+      "name": "Blue Oak Model License 1.0.0",
+      "licenseId": "BlueOak-1.0.0",
+      "seeAlso": [
+        "https://blueoakcouncil.org/license/1.0.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LiLiQ-Rplus-1.1.json",
+      "referenceNumber": 372,
+      "name": "Licence Libre du Québec – Réciprocité forte version 1.1",
+      "licenseId": "LiLiQ-Rplus-1.1",
+      "seeAlso": [
+        "https://www.forge.gouv.qc.ca/participez/licence-logicielle/licence-libre-du-quebec-liliq-en-francais/licence-libre-du-quebec-reciprocite-forte-liliq-r-v1-1/",
+        "http://opensource.org/licenses/LiLiQ-Rplus-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NOSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NOSL.json",
+      "referenceNumber": 373,
+      "name": "Netizen Open Source License",
+      "licenseId": "NOSL",
+      "seeAlso": [
+        "http://bits.netizen.com.au/licenses/NOSL/nosl.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SMLNJ.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SMLNJ.json",
+      "referenceNumber": 374,
+      "name": "Standard ML of New Jersey License",
+      "licenseId": "SMLNJ",
+      "seeAlso": [
+        "https://www.smlnj.org/license.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-3.0+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0+.json",
+      "referenceNumber": 375,
+      "name": "GNU Lesser General Public License v3.0 or later",
+      "licenseId": "LGPL-3.0+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+        "https://opensource.org/licenses/LGPL-3.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CPAL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CPAL-1.0.json",
+      "referenceNumber": 376,
+      "name": "Common Public Attribution License 1.0",
+      "licenseId": "CPAL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/CPAL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/PSF-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PSF-2.0.json",
+      "referenceNumber": 377,
+      "name": "Python Software Foundation License 2.0",
+      "licenseId": "PSF-2.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/Python-2.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/RPL-1.5.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RPL-1.5.json",
+      "referenceNumber": 378,
+      "name": "Reciprocal Public License 1.5",
+      "licenseId": "RPL-1.5",
+      "seeAlso": [
+        "https://opensource.org/licenses/RPL-1.5"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-FreeBSD.json",
+      "referenceNumber": 379,
+      "name": "BSD 2-Clause FreeBSD License",
+      "licenseId": "BSD-2-Clause-FreeBSD",
+      "seeAlso": [
+        "http://www.freebsd.org/copyright/freebsd-license.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-Modern-Variant.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-Modern-Variant.json",
+      "referenceNumber": 380,
+      "name": "MIT License Modern Variant",
+      "licenseId": "MIT-Modern-Variant",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing:MIT#Modern_Variants",
+        "https://ptolemy.berkeley.edu/copyright.htm",
+        "https://pirlwww.lpl.arizona.edu/resources/guide/software/PerlTk/Tixlic.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Nokia.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Nokia.json",
+      "referenceNumber": 381,
+      "name": "Nokia Open Source License",
+      "licenseId": "Nokia",
+      "seeAlso": [
+        "https://opensource.org/licenses/nokia"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-no-invariants-only.json",
+      "referenceNumber": 382,
+      "name": "GNU Free Documentation License v1.1 only - no invariants",
+      "licenseId": "GFDL-1.1-no-invariants-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/PDDL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PDDL-1.0.json",
+      "referenceNumber": 383,
+      "name": "Open Data Commons Public Domain Dedication \u0026 License 1.0",
+      "licenseId": "PDDL-1.0",
+      "seeAlso": [
+        "http://opendatacommons.org/licenses/pddl/1.0/",
+        "https://opendatacommons.org/licenses/pddl/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EUPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EUPL-1.0.json",
+      "referenceNumber": 384,
+      "name": "European Union Public License 1.0",
+      "licenseId": "EUPL-1.0",
+      "seeAlso": [
+        "http://ec.europa.eu/idabc/en/document/7330.html",
+        "http://ec.europa.eu/idabc/servlets/Doc027f.pdf?id\u003d31096"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDDL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDDL-1.1.json",
+      "referenceNumber": 385,
+      "name": "Common Development and Distribution License 1.1",
+      "licenseId": "CDDL-1.1",
+      "seeAlso": [
+        "http://glassfish.java.net/public/CDDL+GPL_1_1.html",
+        "https://javaee.github.io/glassfish/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.3-only.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.3-only.json",
+      "referenceNumber": 386,
+      "name": "GNU Free Documentation License v1.3 only",
+      "licenseId": "GFDL-1.3-only",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/fdl-1.3.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.6.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.6.json",
+      "referenceNumber": 387,
+      "name": "Open LDAP Public License v2.6",
+      "licenseId": "OLDAP-2.6",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d1cae062821881f41b73012ba816434897abf4205"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/JSON.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/JSON.json",
+      "referenceNumber": 388,
+      "name": "JSON License",
+      "licenseId": "JSON",
+      "seeAlso": [
+        "http://www.json.org/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-3.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-3.0-or-later.json",
+      "referenceNumber": 389,
+      "name": "GNU Lesser General Public License v3.0 or later",
+      "licenseId": "LGPL-3.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/lgpl-3.0-standalone.html",
+        "https://opensource.org/licenses/LGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-3.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-3.0.json",
+      "referenceNumber": 390,
+      "name": "GNU General Public License v3.0 only",
+      "licenseId": "GPL-3.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gpl-3.0-standalone.html",
+        "https://opensource.org/licenses/GPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Fair.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Fair.json",
+      "referenceNumber": 391,
+      "name": "Fair License",
+      "licenseId": "Fair",
+      "seeAlso": [
+        "http://fairlicense.org/",
+        "https://opensource.org/licenses/Fair"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-with-font-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-font-exception.json",
+      "referenceNumber": 392,
+      "name": "GNU General Public License v2.0 w/Font exception",
+      "licenseId": "GPL-2.0-with-font-exception",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/gpl-faq.html#FontException"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSL-2.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSL-2.1.json",
+      "referenceNumber": 393,
+      "name": "Open Software License 2.1",
+      "licenseId": "OSL-2.1",
+      "seeAlso": [
+        "http://web.archive.org/web/20050212003940/http://www.rosenlaw.com/osl21.htm",
+        "https://opensource.org/licenses/OSL-2.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LPPL-1.3a.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LPPL-1.3a.json",
+      "referenceNumber": 394,
+      "name": "LaTeX Project Public License v1.3a",
+      "licenseId": "LPPL-1.3a",
+      "seeAlso": [
+        "http://www.latex-project.org/lppl/lppl-1-3a.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NAIST-2003.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NAIST-2003.json",
+      "referenceNumber": 395,
+      "name": "Nara Institute of Science and Technology License (2003)",
+      "licenseId": "NAIST-2003",
+      "seeAlso": [
+        "https://enterprise.dejacode.com/licenses/public/naist-2003/#license-text",
+        "https://github.com/nodejs/node/blob/4a19cc8947b1bba2b2d27816ec3d0edf9b28e503/LICENSE#L343"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-4.0.json",
+      "referenceNumber": 396,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 4.0 International",
+      "licenseId": "CC-BY-NC-ND-4.0",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-3.0-DE.json",
+      "referenceNumber": 397,
+      "name": "Creative Commons Attribution Non Commercial 3.0 Germany",
+      "licenseId": "CC-BY-NC-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.1+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1+.json",
+      "referenceNumber": 398,
+      "name": "GNU Library General Public License v2.1 or later",
+      "licenseId": "LGPL-2.1+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+        "https://opensource.org/licenses/LGPL-2.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OPL-1.0.json",
+      "referenceNumber": 399,
+      "name": "Open Public License v1.0",
+      "licenseId": "OPL-1.0",
+      "seeAlso": [
+        "http://old.koalateam.com/jackaroo/OPL_1_0.TXT",
+        "https://fedoraproject.org/wiki/Licensing/Open_Public_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/HPND-sell-variant.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/HPND-sell-variant.json",
+      "referenceNumber": 400,
+      "name": "Historical Permission Notice and Disclaimer - sell variant",
+      "licenseId": "HPND-sell-variant",
+      "seeAlso": [
+        "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/sunrpc/auth_gss/gss_generic_token.c?h\u003dv4.19"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/QPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/QPL-1.0.json",
+      "referenceNumber": 401,
+      "name": "Q Public License 1.0",
+      "licenseId": "QPL-1.0",
+      "seeAlso": [
+        "http://doc.qt.nokia.com/3.3/license.html",
+        "https://opensource.org/licenses/QPL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/EUPL-1.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EUPL-1.2.json",
+      "referenceNumber": 402,
+      "name": "European Union Public License 1.2",
+      "licenseId": "EUPL-1.2",
+      "seeAlso": [
+        "https://joinup.ec.europa.eu/page/eupl-text-11-12",
+        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl_v1.2_en.pdf",
+        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%20EN.txt",
+        "https://joinup.ec.europa.eu/sites/default/files/inline-files/EUPL%20v1_2%20EN(1).txt",
+        "http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri\u003dCELEX:32017D0863",
+        "https://opensource.org/licenses/EUPL-1.2"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.2-no-invariants-or-later.json",
+      "referenceNumber": 403,
+      "name": "GNU Free Documentation License v1.2 or later - no invariants",
+      "licenseId": "GFDL-1.2-no-invariants-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.2.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/eCos-2.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/eCos-2.0.json",
+      "referenceNumber": 404,
+      "name": "eCos license version 2.0",
+      "licenseId": "eCos-2.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/ecos-license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NCGL-UK-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NCGL-UK-2.0.json",
+      "referenceNumber": 405,
+      "name": "Non-Commercial Government Licence",
+      "licenseId": "NCGL-UK-2.0",
+      "seeAlso": [
+        "http://www.nationalarchives.gov.uk/doc/non-commercial-government-licence/version/2/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Beerware.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Beerware.json",
+      "referenceNumber": 406,
+      "name": "Beerware License",
+      "licenseId": "Beerware",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Beerware",
+        "https://people.freebsd.org/~phk/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Open-MPI.json",
+      "referenceNumber": 407,
+      "name": "BSD 3-Clause Open MPI variant",
+      "licenseId": "BSD-3-Clause-Open-MPI",
+      "seeAlso": [
+        "https://www.open-mpi.org/community/license.php",
+        "http://www.netlib.org/lapack/LICENSE.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-bison-exception.json",
+      "referenceNumber": 408,
+      "name": "GNU General Public License v2.0 w/Bison exception",
+      "licenseId": "GPL-2.0-with-bison-exception",
+      "seeAlso": [
+        "http://git.savannah.gnu.org/cgit/bison.git/tree/data/yacc.c?id\u003d193d7c7054ba7197b0789e14965b739162319b5e#n141"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-B.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-B.json",
+      "referenceNumber": 409,
+      "name": "CeCILL-B Free Software License Agreement",
+      "licenseId": "CECILL-B",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-2.0-with-autoconf-exception.json",
+      "referenceNumber": 410,
+      "name": "GNU General Public License v2.0 w/Autoconf exception",
+      "licenseId": "GPL-2.0-with-autoconf-exception",
+      "seeAlso": [
+        "http://ac-archive.sourceforge.net/doc/copyright.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EPL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EPL-2.0.json",
+      "referenceNumber": 411,
+      "name": "Eclipse Public License 2.0",
+      "licenseId": "EPL-2.0",
+      "seeAlso": [
+        "https://www.eclipse.org/legal/epl-2.0",
+        "https://www.opensource.org/licenses/EPL-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-feh.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-feh.json",
+      "referenceNumber": 412,
+      "name": "feh License",
+      "licenseId": "MIT-feh",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/MIT#feh"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/RPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RPL-1.1.json",
+      "referenceNumber": 413,
+      "name": "Reciprocal Public License 1.1",
+      "licenseId": "RPL-1.1",
+      "seeAlso": [
+        "https://opensource.org/licenses/RPL-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CDLA-Permissive-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CDLA-Permissive-1.0.json",
+      "referenceNumber": 414,
+      "name": "Community Data License Agreement Permissive 1.0",
+      "licenseId": "CDLA-Permissive-1.0",
+      "seeAlso": [
+        "https://cdla.io/permissive-1-0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Python-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Python-2.0.json",
+      "referenceNumber": 415,
+      "name": "Python License 2.0",
+      "licenseId": "Python-2.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/Python-2.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/MPL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MPL-1.0.json",
+      "referenceNumber": 416,
+      "name": "Mozilla Public License 1.0",
+      "licenseId": "MPL-1.0",
+      "seeAlso": [
+        "http://www.mozilla.org/MPL/MPL-1.0.html",
+        "https://opensource.org/licenses/MPL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/GFDL-1.1-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/GFDL-1.1-or-later.json",
+      "referenceNumber": 417,
+      "name": "GNU Free Documentation License v1.1 or later",
+      "licenseId": "GFDL-1.1-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/fdl-1.1.txt"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/diffmark.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/diffmark.json",
+      "referenceNumber": 418,
+      "name": "diffmark license",
+      "licenseId": "diffmark",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/diffmark"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/GPL-1.0+.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/GPL-1.0+.json",
+      "referenceNumber": 419,
+      "name": "GNU General Public License v1.0 or later",
+      "licenseId": "GPL-1.0+",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/gpl-1.0-standalone.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OpenSSL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OpenSSL.json",
+      "referenceNumber": 420,
+      "name": "OpenSSL License",
+      "licenseId": "OpenSSL",
+      "seeAlso": [
+        "http://www.openssl.org/source/license.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSL-1.0.json",
+      "referenceNumber": 421,
+      "name": "Open Software License 1.0",
+      "licenseId": "OSL-1.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/OSL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Parity-6.0.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Parity-6.0.0.json",
+      "referenceNumber": 422,
+      "name": "The Parity Public License 6.0.0",
+      "licenseId": "Parity-6.0.0",
+      "seeAlso": [
+        "https://paritylicense.com/versions/6.0.0.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-1.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-1.0.json",
+      "referenceNumber": 423,
+      "name": "Affero General Public License v1.0",
+      "licenseId": "AGPL-1.0",
+      "seeAlso": [
+        "http://www.affero.org/oagpl.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/YPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/YPL-1.1.json",
+      "referenceNumber": 424,
+      "name": "Yahoo! Public License v1.1",
+      "licenseId": "YPL-1.1",
+      "seeAlso": [
+        "http://www.zimbra.com/license/yahoo_public_license_1.1.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/SSH-short.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SSH-short.json",
+      "referenceNumber": 425,
+      "name": "SSH short notice",
+      "licenseId": "SSH-short",
+      "seeAlso": [
+        "https://github.com/openssh/openssh-portable/blob/1b11ea7c58cd5c59838b5fa574cd456d6047b2d4/pathnames.h",
+        "http://web.mit.edu/kolya/.f/root/athena.mit.edu/sipb.mit.edu/project/openssh/OldFiles/src/openssh-2.9.9p2/ssh-add.1",
+        "https://joinup.ec.europa.eu/svn/lesoll/trunk/italc/lib/src/dsa_key.cpp"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/IBM-pibs.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/IBM-pibs.json",
+      "referenceNumber": 426,
+      "name": "IBM PowerPC Initialization and Boot Software",
+      "licenseId": "IBM-pibs",
+      "seeAlso": [
+        "http://git.denx.de/?p\u003du-boot.git;a\u003dblob;f\u003darch/powerpc/cpu/ppc4xx/miiphy.c;h\u003d297155fdafa064b955e53e9832de93bfb0cfb85b;hb\u003d9fab4bf4cc077c21e43941866f3f2c196f28670d"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Xnet.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Xnet.json",
+      "referenceNumber": 427,
+      "name": "X.Net License",
+      "licenseId": "Xnet",
+      "seeAlso": [
+        "https://opensource.org/licenses/Xnet"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/TU-Berlin-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/TU-Berlin-1.0.json",
+      "referenceNumber": 428,
+      "name": "Technische Universitaet Berlin License 1.0",
+      "licenseId": "TU-Berlin-1.0",
+      "seeAlso": [
+        "https://github.com/swh/ladspa/blob/7bf6f3799fdba70fda297c2d8fd9f526803d9680/gsm/COPYRIGHT"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-3.0.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0.json",
+      "referenceNumber": 429,
+      "name": "GNU Affero General Public License v3.0",
+      "licenseId": "AGPL-3.0",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/agpl.txt",
+        "https://opensource.org/licenses/AGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CAL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CAL-1.0.json",
+      "referenceNumber": 430,
+      "name": "Cryptographic Autonomy License 1.0",
+      "licenseId": "CAL-1.0",
+      "seeAlso": [
+        "http://cryptographicautonomylicense.com/license-text.html",
+        "https://opensource.org/licenses/CAL-1.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/AFL-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AFL-3.0.json",
+      "referenceNumber": 431,
+      "name": "Academic Free License v3.0",
+      "licenseId": "AFL-3.0",
+      "seeAlso": [
+        "http://www.rosenlaw.com/AFL3.0.htm",
+        "https://opensource.org/licenses/afl-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CECILL-C.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CECILL-C.json",
+      "referenceNumber": 432,
+      "name": "CeCILL-C Free Software License Agreement",
+      "licenseId": "CECILL-C",
+      "seeAlso": [
+        "http://www.cecill.info/licences/Licence_CeCILL-C_V1-en.html"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGL-UK-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGL-UK-3.0.json",
+      "referenceNumber": 433,
+      "name": "Open Government Licence v3.0",
+      "licenseId": "OGL-UK-3.0",
+      "seeAlso": [
+        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-Clear.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Clear.json",
+      "referenceNumber": 434,
+      "name": "BSD 3-Clause Clear License",
+      "licenseId": "BSD-3-Clause-Clear",
+      "seeAlso": [
+        "http://labs.metacarta.com/license-explanation.html#license"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-Modification.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Modification.json",
+      "referenceNumber": 435,
+      "name": "BSD 3-Clause Modification",
+      "licenseId": "BSD-3-Clause-Modification",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing:BSD#Modification_Variant"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-SA-2.0-UK.json",
+      "referenceNumber": 436,
+      "name": "Creative Commons Attribution Share Alike 2.0 England and Wales",
+      "licenseId": "CC-BY-SA-2.0-UK",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-sa/2.0/uk/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Saxpath.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Saxpath.json",
+      "referenceNumber": 437,
+      "name": "Saxpath License",
+      "licenseId": "Saxpath",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Saxpath_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NLPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NLPL.json",
+      "referenceNumber": 438,
+      "name": "No Limit Public License",
+      "licenseId": "NLPL",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/NLPL"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/SimPL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/SimPL-2.0.json",
+      "referenceNumber": 439,
+      "name": "Simple Public License 2.0",
+      "licenseId": "SimPL-2.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/SimPL-2.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/psfrag.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/psfrag.json",
+      "referenceNumber": 440,
+      "name": "psfrag License",
+      "licenseId": "psfrag",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/psfrag"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Spencer-86.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Spencer-86.json",
+      "referenceNumber": 441,
+      "name": "Spencer License 86",
+      "licenseId": "Spencer-86",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Henry_Spencer_Reg-Ex_Library_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OCCT-PL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OCCT-PL.json",
+      "referenceNumber": 442,
+      "name": "Open CASCADE Technology Public License",
+      "licenseId": "OCCT-PL",
+      "seeAlso": [
+        "http://www.opencascade.com/content/occt-public-license"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/CERN-OHL-S-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CERN-OHL-S-2.0.json",
+      "referenceNumber": 443,
+      "name": "CERN Open Hardware Licence Version 2 - Strongly Reciprocal",
+      "licenseId": "CERN-OHL-S-2.0",
+      "seeAlso": [
+        "https://www.ohwr.org/project/cernohl/wikis/Documents/CERN-OHL-version-2"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/ErlPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ErlPL-1.1.json",
+      "referenceNumber": 444,
+      "name": "Erlang Public License v1.1",
+      "licenseId": "ErlPL-1.1",
+      "seeAlso": [
+        "http://www.erlang.org/EPLICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/MIT-CMU.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/MIT-CMU.json",
+      "referenceNumber": 445,
+      "name": "CMU License",
+      "licenseId": "MIT-CMU",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing:MIT?rd\u003dLicensing/MIT#CMU_Style",
+        "https://github.com/python-pillow/Pillow/blob/fffb426092c8db24a5f4b6df243a8a3c01fb63cd/LICENSE"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/NIST-PD.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NIST-PD.json",
+      "referenceNumber": 446,
+      "name": "NIST Public Domain Notice",
+      "licenseId": "NIST-PD",
+      "seeAlso": [
+        "https://github.com/tcheneau/simpleRPL/blob/e645e69e38dd4e3ccfeceb2db8cba05b7c2e0cd3/LICENSE.txt",
+        "https://github.com/tcheneau/Routing/blob/f09f46fcfe636107f22f2c98348188a65a135d98/README.md"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OSL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OSL-2.0.json",
+      "referenceNumber": 447,
+      "name": "Open Software License 2.0",
+      "licenseId": "OSL-2.0",
+      "seeAlso": [
+        "http://web.archive.org/web/20041020171434/http://www.rosenlaw.com/osl2.0.html"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/APSL-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/APSL-2.0.json",
+      "referenceNumber": 448,
+      "name": "Apple Public Source License 2.0",
+      "licenseId": "APSL-2.0",
+      "seeAlso": [
+        "http://www.opensource.apple.com/license/apsl/"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Leptonica.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Leptonica.json",
+      "referenceNumber": 449,
+      "name": "Leptonica License",
+      "licenseId": "Leptonica",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Leptonica"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/PolyForm-Small-Business-1.0.0.json",
+      "referenceNumber": 450,
+      "name": "PolyForm Small Business License 1.0.0",
+      "licenseId": "PolyForm-Small-Business-1.0.0",
+      "seeAlso": [
+        "https://polyformproject.org/licenses/small-business/1.0.0"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/LiLiQ-P-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/LiLiQ-P-1.1.json",
+      "referenceNumber": 451,
+      "name": "Licence Libre du Québec – Permissive version 1.1",
+      "licenseId": "LiLiQ-P-1.1",
+      "seeAlso": [
+        "https://forge.gouv.qc.ca/licence/fr/liliq-v1-1/",
+        "http://opensource.org/licenses/LiLiQ-P-1.1"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NetCDF.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NetCDF.json",
+      "referenceNumber": 452,
+      "name": "NetCDF license",
+      "licenseId": "NetCDF",
+      "seeAlso": [
+        "http://www.unidata.ucar.edu/software/netcdf/copyright.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/OML.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OML.json",
+      "referenceNumber": 453,
+      "name": "Open Market License",
+      "licenseId": "OML",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/Open_Market_License"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/AGPL-3.0-or-later.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/AGPL-3.0-or-later.json",
+      "referenceNumber": 454,
+      "name": "GNU Affero General Public License v3.0 or later",
+      "licenseId": "AGPL-3.0-or-later",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/agpl.txt",
+        "https://opensource.org/licenses/AGPL-3.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OLDAP-2.2.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OLDAP-2.2.json",
+      "referenceNumber": 455,
+      "name": "Open LDAP Public License v2.2",
+      "licenseId": "OLDAP-2.2",
+      "seeAlso": [
+        "http://www.openldap.org/devel/gitweb.cgi?p\u003dopenldap.git;a\u003dblob;f\u003dLICENSE;hb\u003d470b0c18ec67621c85881b2733057fecf4a1acc3"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause.json",
+      "referenceNumber": 456,
+      "name": "BSD 3-Clause \"New\" or \"Revised\" License",
+      "licenseId": "BSD-3-Clause",
+      "seeAlso": [
+        "https://opensource.org/licenses/BSD-3-Clause"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/WTFPL.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/WTFPL.json",
+      "referenceNumber": 457,
+      "name": "Do What The F*ck You Want To Public License",
+      "licenseId": "WTFPL",
+      "seeAlso": [
+        "http://www.wtfpl.net/about/",
+        "http://sam.zoy.org/wtfpl/COPYING"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/OGL-UK-2.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/OGL-UK-2.0.json",
+      "referenceNumber": 458,
+      "name": "Open Government Licence v2.0",
+      "licenseId": "OGL-UK-2.0",
+      "seeAlso": [
+        "http://www.nationalarchives.gov.uk/doc/open-government-licence/version/2/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-3-Clause-Attribution.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-3-Clause-Attribution.json",
+      "referenceNumber": 459,
+      "name": "BSD with attribution",
+      "licenseId": "BSD-3-Clause-Attribution",
+      "seeAlso": [
+        "https://fedoraproject.org/wiki/Licensing/BSD_with_Attribution"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/RPSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/RPSL-1.0.json",
+      "referenceNumber": 460,
+      "name": "RealNetworks Public Source License v1.0",
+      "licenseId": "RPSL-1.0",
+      "seeAlso": [
+        "https://helixcommunity.org/content/rpsl",
+        "https://opensource.org/licenses/RPSL-1.0"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/CC-BY-NC-ND-3.0-DE.json",
+      "referenceNumber": 461,
+      "name": "Creative Commons Attribution Non Commercial No Derivatives 3.0 Germany",
+      "licenseId": "CC-BY-NC-ND-3.0-DE",
+      "seeAlso": [
+        "https://creativecommons.org/licenses/by-nc-nd/3.0/de/legalcode"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/EUPL-1.1.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/EUPL-1.1.json",
+      "referenceNumber": 462,
+      "name": "European Union Public License 1.1",
+      "licenseId": "EUPL-1.1",
+      "seeAlso": [
+        "https://joinup.ec.europa.eu/software/page/eupl/licence-eupl",
+        "https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/eupl1.1.-licence-en_0.pdf",
+        "https://opensource.org/licenses/EUPL-1.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/Sendmail-8.23.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Sendmail-8.23.json",
+      "referenceNumber": 463,
+      "name": "Sendmail License 8.23",
+      "licenseId": "Sendmail-8.23",
+      "seeAlso": [
+        "https://www.proofpoint.com/sites/default/files/sendmail-license.pdf",
+        "https://web.archive.org/web/20181003101040/https://www.proofpoint.com/sites/default/files/sendmail-license.pdf"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/ODC-By-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/ODC-By-1.0.json",
+      "referenceNumber": 464,
+      "name": "Open Data Commons Attribution License v1.0",
+      "licenseId": "ODC-By-1.0",
+      "seeAlso": [
+        "https://opendatacommons.org/licenses/by/1.0/"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/D-FSL-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/D-FSL-1.0.json",
+      "referenceNumber": 465,
+      "name": "Deutsche Freie Software Lizenz",
+      "licenseId": "D-FSL-1.0",
+      "seeAlso": [
+        "http://www.dipp.nrw.de/d-fsl/lizenzen/",
+        "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/de/D-FSL-1_0_de.txt",
+        "http://www.dipp.nrw.de/d-fsl/index_html/lizenzen/en/D-FSL-1_0_en.txt",
+        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl",
+        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/deutsche-freie-software-lizenz",
+        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/german-free-software-license",
+        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_de.txt/at_download/file",
+        "https://www.hbz-nrw.de/produkte/open-access/lizenzen/dfsl/D-FSL-1_0_en.txt/at_download/file"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-4-Clause.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-4-Clause.json",
+      "referenceNumber": 466,
+      "name": "BSD 4-Clause \"Original\" or \"Old\" License",
+      "licenseId": "BSD-4-Clause",
+      "seeAlso": [
+        "http://directory.fsf.org/wiki/License:BSD_4Clause"
+      ],
+      "isOsiApproved": false,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/LGPL-2.1.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/LGPL-2.1.json",
+      "referenceNumber": 467,
+      "name": "GNU Lesser General Public License v2.1 only",
+      "licenseId": "LGPL-2.1",
+      "seeAlso": [
+        "https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html",
+        "https://opensource.org/licenses/LGPL-2.1"
+      ],
+      "isOsiApproved": true,
+      "isFsfLibre": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/BSD-2-Clause-Views.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/BSD-2-Clause-Views.json",
+      "referenceNumber": 468,
+      "name": "BSD 2-Clause with views sentence",
+      "licenseId": "BSD-2-Clause-Views",
+      "seeAlso": [
+        "http://www.freebsd.org/copyright/freebsd-license.html",
+        "https://people.freebsd.org/~ivoras/wine/patch-wine-nvidia.sh",
+        "https://github.com/protegeproject/protege/blob/master/license.txt"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Artistic-1.0-Perl.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Artistic-1.0-Perl.json",
+      "referenceNumber": 469,
+      "name": "Artistic License 1.0 (Perl)",
+      "licenseId": "Artistic-1.0-Perl",
+      "seeAlso": [
+        "http://dev.perl.org/licenses/artistic.html"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/NPOSL-3.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/NPOSL-3.0.json",
+      "referenceNumber": 470,
+      "name": "Non-Profit Open Software License 3.0",
+      "licenseId": "NPOSL-3.0",
+      "seeAlso": [
+        "https://opensource.org/licenses/NOSL3.0"
+      ],
+      "isOsiApproved": true
+    },
+    {
+      "reference": "https://spdx.org/licenses/gSOAP-1.3b.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/gSOAP-1.3b.json",
+      "referenceNumber": 471,
+      "name": "gSOAP Public License v1.3b",
+      "licenseId": "gSOAP-1.3b",
+      "seeAlso": [
+        "http://www.cs.fsu.edu/~engelen/license.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/Interbase-1.0.html",
+      "isDeprecatedLicenseId": false,
+      "detailsUrl": "https://spdx.org/licenses/Interbase-1.0.json",
+      "referenceNumber": 472,
+      "name": "Interbase Public License v1.0",
+      "licenseId": "Interbase-1.0",
+      "seeAlso": [
+        "https://web.archive.org/web/20060319014854/http://info.borland.com/devsupport/interbase/opensource/IPL.html"
+      ],
+      "isOsiApproved": false
+    },
+    {
+      "reference": "https://spdx.org/licenses/StandardML-NJ.html",
+      "isDeprecatedLicenseId": true,
+      "detailsUrl": "https://spdx.org/licenses/StandardML-NJ.json",
+      "referenceNumber": 473,
+      "name": "Standard ML of New Jersey License",
+      "licenseId": "StandardML-NJ",
+      "seeAlso": [
+        "http://www.smlnj.org//license.html"
+      ],
+      "isOsiApproved": false
+    }
+  ],
+  "releaseDate": "2021-08-08"
+}
\ No newline at end of file
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py
new file mode 100644
index 0000000000..22ed5070ea
--- /dev/null
+++ b/meta/lib/oe/sbom.py
@@ -0,0 +1,84 @@ 
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+import collections
+
+DepRecipe = collections.namedtuple("DepRecipe", ("doc", "doc_sha1", "recipe"))
+DepSource = collections.namedtuple("DepSource", ("doc", "doc_sha1", "recipe", "file"))
+
+
+def get_recipe_spdxid(d):
+    return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN"))
+
+
+def get_download_spdxid(d, idx):
+    return "SPDXRef-Download-%s-%d" % (d.getVar("PN"), idx)
+
+
+def get_package_spdxid(pkg):
+    return "SPDXRef-Package-%s" % pkg
+
+
+def get_source_file_spdxid(d, idx):
+    return "SPDXRef-SourceFile-%s-%d" % (d.getVar("PN"), idx)
+
+
+def get_packaged_file_spdxid(pkg, idx):
+    return "SPDXRef-PackagedFile-%s-%d" % (pkg, idx)
+
+
+def get_image_spdxid(img):
+    return "SPDXRef-Image-%s" % img
+
+
+def get_sdk_spdxid(sdk):
+    return "SPDXRef-SDK-%s" % sdk
+
+
+def write_doc(d, spdx_doc, subdir, spdx_deploy=None, indent=None):
+    from pathlib import Path
+
+    if spdx_deploy is None:
+        spdx_deploy = Path(d.getVar("SPDXDEPLOY"))
+
+    dest = spdx_deploy / subdir / (spdx_doc.name + ".spdx.json")
+    dest.parent.mkdir(exist_ok=True, parents=True)
+    with dest.open("wb") as f:
+        doc_sha1 = spdx_doc.to_json(f, sort_keys=True, indent=indent)
+
+    l = spdx_deploy / "by-namespace" / spdx_doc.documentNamespace.replace("/", "_")
+    l.parent.mkdir(exist_ok=True, parents=True)
+    l.symlink_to(os.path.relpath(dest, l.parent))
+
+    return doc_sha1
+
+
+def read_doc(fn):
+    import hashlib
+    import oe.spdx
+    import io
+    import contextlib
+
+    @contextlib.contextmanager
+    def get_file():
+        if isinstance(fn, io.IOBase):
+            yield fn
+        else:
+            with fn.open("rb") as f:
+                yield f
+
+    with get_file() as f:
+        sha1 = hashlib.sha1()
+        while True:
+            chunk = f.read(4096)
+            if not chunk:
+                break
+            sha1.update(chunk)
+
+        f.seek(0)
+        doc = oe.spdx.SPDXDocument.from_json(f)
+
+    return (doc, sha1.hexdigest())
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py
new file mode 100644
index 0000000000..7aaf2af5ed
--- /dev/null
+++ b/meta/lib/oe/spdx.py
@@ -0,0 +1,357 @@ 
+#
+# Copyright OpenEmbedded Contributors
+#
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+#
+# This library is intended to capture the JSON SPDX specification in a type
+# safe manner. It is not intended to encode any particular OE specific
+# behaviors, see the sbom.py for that.
+#
+# The documented SPDX spec document doesn't cover the JSON syntax for
+# particular configuration, which can make it hard to determine what the JSON
+# syntax should be. I've found it is actually much simpler to read the official
+# SPDX JSON schema which can be found here: https://github.com/spdx/spdx-spec
+# in schemas/spdx-schema.json
+#
+
+import hashlib
+import itertools
+import json
+
+SPDX_VERSION = "2.2"
+
+
+#
+# The following are the support classes that are used to implement SPDX object
+#
+
+class _Property(object):
+    """
+    A generic SPDX object property. The different types will derive from this
+    class
+    """
+
+    def __init__(self, *, default=None):
+        self.default = default
+
+    def setdefault(self, dest, name):
+        if self.default is not None:
+            dest.setdefault(name, self.default)
+
+
+class _String(_Property):
+    """
+    A scalar string property for an SPDX object
+    """
+
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+
+    def set_property(self, attrs, name):
+        def get_helper(obj):
+            return obj._spdx[name]
+
+        def set_helper(obj, value):
+            obj._spdx[name] = value
+
+        def del_helper(obj):
+            del obj._spdx[name]
+
+        attrs[name] = property(get_helper, set_helper, del_helper)
+
+    def init(self, source):
+        return source
+
+
+class _Object(_Property):
+    """
+    A scalar SPDX object property of a SPDX object
+    """
+
+    def __init__(self, cls, **kwargs):
+        super().__init__(**kwargs)
+        self.cls = cls
+
+    def set_property(self, attrs, name):
+        def get_helper(obj):
+            if not name in obj._spdx:
+                obj._spdx[name] = self.cls()
+            return obj._spdx[name]
+
+        def set_helper(obj, value):
+            obj._spdx[name] = value
+
+        def del_helper(obj):
+            del obj._spdx[name]
+
+        attrs[name] = property(get_helper, set_helper)
+
+    def init(self, source):
+        return self.cls(**source)
+
+
+class _ListProperty(_Property):
+    """
+    A list of SPDX properties
+    """
+
+    def __init__(self, prop, **kwargs):
+        super().__init__(**kwargs)
+        self.prop = prop
+
+    def set_property(self, attrs, name):
+        def get_helper(obj):
+            if not name in obj._spdx:
+                obj._spdx[name] = []
+            return obj._spdx[name]
+
+        def set_helper(obj, value):
+            obj._spdx[name] = list(value)
+
+        def del_helper(obj):
+            del obj._spdx[name]
+
+        attrs[name] = property(get_helper, set_helper, del_helper)
+
+    def init(self, source):
+        return [self.prop.init(o) for o in source]
+
+
+class _StringList(_ListProperty):
+    """
+    A list of strings as a property for an SPDX object
+    """
+
+    def __init__(self, **kwargs):
+        super().__init__(_String(), **kwargs)
+
+
+class _ObjectList(_ListProperty):
+    """
+    A list of SPDX objects as a property for an SPDX object
+    """
+
+    def __init__(self, cls, **kwargs):
+        super().__init__(_Object(cls), **kwargs)
+
+
+class MetaSPDXObject(type):
+    """
+    A metaclass that allows properties (anything derived from a _Property
+    class) to be defined for a SPDX object
+    """
+    def __new__(mcls, name, bases, attrs):
+        attrs["_properties"] = {}
+
+        for key in attrs.keys():
+            if isinstance(attrs[key], _Property):
+                prop = attrs[key]
+                attrs["_properties"][key] = prop
+                prop.set_property(attrs, key)
+
+        return super().__new__(mcls, name, bases, attrs)
+
+
+class SPDXObject(metaclass=MetaSPDXObject):
+    """
+    The base SPDX object; all SPDX spec classes must derive from this class
+    """
+    def __init__(self, **d):
+        self._spdx = {}
+
+        for name, prop in self._properties.items():
+            prop.setdefault(self._spdx, name)
+            if name in d:
+                self._spdx[name] = prop.init(d[name])
+
+    def serializer(self):
+        return self._spdx
+
+    def __setattr__(self, name, value):
+        if name in self._properties or name == "_spdx":
+            super().__setattr__(name, value)
+            return
+        raise KeyError("%r is not a valid SPDX property" % name)
+
+#
+# These are the SPDX objects implemented from the spec. The *only* properties
+# that can be added to these objects are ones directly specified in the SPDX
+# spec, however you may add helper functions to make operations easier.
+#
+# Defaults should *only* be specified if the SPDX spec says there is a certain
+# required value for a field (e.g. dataLicense), or if the field is mandatory
+# and has some sane "this field is unknown" (e.g. "NOASSERTION")
+#
+
+class SPDXAnnotation(SPDXObject):
+    annotationDate = _String()
+    annotationType = _String()
+    annotator = _String()
+    comment = _String()
+
+class SPDXChecksum(SPDXObject):
+    algorithm = _String()
+    checksumValue = _String()
+
+
+class SPDXRelationship(SPDXObject):
+    spdxElementId = _String()
+    relatedSpdxElement = _String()
+    relationshipType = _String()
+    comment = _String()
+    annotations = _ObjectList(SPDXAnnotation)
+
+
+class SPDXExternalReference(SPDXObject):
+    referenceCategory = _String()
+    referenceType = _String()
+    referenceLocator = _String()
+
+
+class SPDXPackageVerificationCode(SPDXObject):
+    packageVerificationCodeValue = _String()
+    packageVerificationCodeExcludedFiles = _StringList()
+
+
+class SPDXPackage(SPDXObject):
+    ALLOWED_CHECKSUMS = [
+        "SHA1",
+        "SHA224",
+        "SHA256",
+        "SHA384",
+        "SHA512",
+        "MD2",
+        "MD4",
+        "MD5",
+        "MD6",
+    ]
+
+    name = _String()
+    SPDXID = _String()
+    versionInfo = _String()
+    downloadLocation = _String(default="NOASSERTION")
+    supplier = _String(default="NOASSERTION")
+    homepage = _String()
+    licenseConcluded = _String(default="NOASSERTION")
+    licenseDeclared = _String(default="NOASSERTION")
+    summary = _String()
+    description = _String()
+    sourceInfo = _String()
+    copyrightText = _String(default="NOASSERTION")
+    licenseInfoFromFiles = _StringList(default=["NOASSERTION"])
+    externalRefs = _ObjectList(SPDXExternalReference)
+    packageVerificationCode = _Object(SPDXPackageVerificationCode)
+    hasFiles = _StringList()
+    packageFileName = _String()
+    annotations = _ObjectList(SPDXAnnotation)
+    checksums = _ObjectList(SPDXChecksum)
+
+
+class SPDXFile(SPDXObject):
+    SPDXID = _String()
+    fileName = _String()
+    licenseConcluded = _String(default="NOASSERTION")
+    copyrightText = _String(default="NOASSERTION")
+    licenseInfoInFiles = _StringList(default=["NOASSERTION"])
+    checksums = _ObjectList(SPDXChecksum)
+    fileTypes = _StringList()
+
+
+class SPDXCreationInfo(SPDXObject):
+    created = _String()
+    licenseListVersion = _String()
+    comment = _String()
+    creators = _StringList()
+
+
+class SPDXExternalDocumentRef(SPDXObject):
+    externalDocumentId = _String()
+    spdxDocument = _String()
+    checksum = _Object(SPDXChecksum)
+
+
+class SPDXExtractedLicensingInfo(SPDXObject):
+    name = _String()
+    comment = _String()
+    licenseId = _String()
+    extractedText = _String()
+
+
+class SPDXDocument(SPDXObject):
+    spdxVersion = _String(default="SPDX-" + SPDX_VERSION)
+    dataLicense = _String(default="CC0-1.0")
+    SPDXID = _String(default="SPDXRef-DOCUMENT")
+    name = _String()
+    documentNamespace = _String()
+    creationInfo = _Object(SPDXCreationInfo)
+    packages = _ObjectList(SPDXPackage)
+    files = _ObjectList(SPDXFile)
+    relationships = _ObjectList(SPDXRelationship)
+    externalDocumentRefs = _ObjectList(SPDXExternalDocumentRef)
+    hasExtractedLicensingInfos = _ObjectList(SPDXExtractedLicensingInfo)
+
+    def __init__(self, **d):
+        super().__init__(**d)
+
+    def to_json(self, f, *, sort_keys=False, indent=None, separators=None):
+        class Encoder(json.JSONEncoder):
+            def default(self, o):
+                if isinstance(o, SPDXObject):
+                    return o.serializer()
+
+                return super().default(o)
+
+        sha1 = hashlib.sha1()
+        for chunk in Encoder(
+            sort_keys=sort_keys,
+            indent=indent,
+            separators=separators,
+        ).iterencode(self):
+            chunk = chunk.encode("utf-8")
+            f.write(chunk)
+            sha1.update(chunk)
+
+        return sha1.hexdigest()
+
+    @classmethod
+    def from_json(cls, f):
+        return cls(**json.load(f))
+
+    def add_relationship(self, _from, relationship, _to, *, comment=None, annotation=None):
+        if isinstance(_from, SPDXObject):
+            from_spdxid = _from.SPDXID
+        else:
+            from_spdxid = _from
+
+        if isinstance(_to, SPDXObject):
+            to_spdxid = _to.SPDXID
+        else:
+            to_spdxid = _to
+
+        r = SPDXRelationship(
+            spdxElementId=from_spdxid,
+            relatedSpdxElement=to_spdxid,
+            relationshipType=relationship,
+        )
+
+        if comment is not None:
+            r.comment = comment
+
+        if annotation is not None:
+            r.annotations.append(annotation)
+
+        self.relationships.append(r)
+
+    def find_by_spdxid(self, spdxid):
+        for o in itertools.chain(self.packages, self.files):
+            if o.SPDXID == spdxid:
+                return o
+        return None
+
+    def find_external_document_ref(self, namespace):
+        for r in self.externalDocumentRefs:
+            if r.spdxDocument == namespace:
+                return r
+        return None