raviknox · June 27, 2025 11:37
diff --git a/sbom-license-mapping.json b/sbom-license-mapping.json
 {
  "MIT": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, allows proprietary use"
  },
  "BSD-2-Clause": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, allows proprietary use"
  },
  "BSD-3-Clause": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, allows proprietary use"
  },
  "Apache-2.0": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, includes patent grant"
  },
  "ISC": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, similar to simplified BSD"
  },
  "Zlib": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, allows proprietary use"
  },
  "Boost-1.0": {
    "Severity": 1,
      "LicenseType": "Permissive",
        "Classification": "Permissive",
          "RiskFactor": "Minimal obligations, allows proprietary use"
  },
  "Unlicense": {
    "Severity": 0,
      "LicenseType": "Public Domain",
        "Classification": "Public Domain",
          "RiskFactor": "No restrictions, fully permissive"
  },

  "GPL-2.0-only": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Requires source code disclosure on distribution"
  },
  "GPL-2.0-or-later": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Requires source code disclosure on distribution"
  },
  "GPL-3.0-only": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Stronger patent and anti-tivoization clauses"
  },
  "GPL-3.0-or-later": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Stronger patent and anti-tivoization clauses"
  },
  "AGPL-3.0-only": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Strong copyleft with network use disclosure requirements"
  },
  "AGPL-3.0-or-later": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Strong copyleft with network use disclosure requirements"
  },

  "LGPL-2.1-only": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "Allows linking with proprietary software, requires source disclosure of modifications"
  },
  "LGPL-2.1-or-later": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "Allows linking with proprietary software, requires source disclosure of modifications"
  },
  "LGPL-3.0-only": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "Allows linking with proprietary software, includes patent provisions"
  },
  "LGPL-3.0-or-later": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "Allows linking with proprietary software, includes patent provisions"
  },

  "MPL-1.1": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "File-level copyleft, requires disclosure of modifications to MPL-covered files"
  },
  "MPL-2.0": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "File-level copyleft, partial sharing obligation"
  },

  "CDDL-1.0": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "File-level copyleft, requires source disclosure for modifications"
  },

  "EPL-1.0": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "File-level copyleft with patent grants"
  },
  "EPL-2.0": {
    "Severity": 2,
      "LicenseType": "Weak Copyleft",
        "Classification": "Weak Copyleft",
          "RiskFactor": "File-level copyleft with patent grants and compatibility improvements"
  },

  "OSL-3.0": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Requires source code disclosure, copyleft obligations for network use"
  },

  "EUPL-1.2": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "Strong copyleft, compatible with several other copyleft licenses"
  },

  "CeCILL-2.1": {
    "Severity": 3,
      "LicenseType": "Copyleft",
        "Classification": "Strong Copyleft",
          "RiskFactor": "French law equivalent to GPL, requires source disclosure"
  }
 }
	{
	"MIT": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, allows proprietary use"
	},
	"BSD-2-Clause": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, allows proprietary use"
	},
	"BSD-3-Clause": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, allows proprietary use"
	},
	"Apache-2.0": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, includes patent grant"
	},
	"ISC": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, similar to simplified BSD"
	},
	"Zlib": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, allows proprietary use"
	},
	"Boost-1.0": {
	"Severity": 1,
	"LicenseType": "Permissive",
	"Classification": "Permissive",
	"RiskFactor": "Minimal obligations, allows proprietary use"
	},
	"Unlicense": {
	"Severity": 0,
	"LicenseType": "Public Domain",
	"Classification": "Public Domain",
	"RiskFactor": "No restrictions, fully permissive"
	},

	"GPL-2.0-only": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Requires source code disclosure on distribution"
	},
	"GPL-2.0-or-later": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Requires source code disclosure on distribution"
	},
	"GPL-3.0-only": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Stronger patent and anti-tivoization clauses"
	},
	"GPL-3.0-or-later": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Stronger patent and anti-tivoization clauses"
	},
	"AGPL-3.0-only": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Strong copyleft with network use disclosure requirements"
	},
	"AGPL-3.0-or-later": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Strong copyleft with network use disclosure requirements"
	},

	"LGPL-2.1-only": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "Allows linking with proprietary software, requires source disclosure of modifications"
	},
	"LGPL-2.1-or-later": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "Allows linking with proprietary software, requires source disclosure of modifications"
	},
	"LGPL-3.0-only": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "Allows linking with proprietary software, includes patent provisions"
	},
	"LGPL-3.0-or-later": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "Allows linking with proprietary software, includes patent provisions"
	},

	"MPL-1.1": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "File-level copyleft, requires disclosure of modifications to MPL-covered files"
	},
	"MPL-2.0": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "File-level copyleft, partial sharing obligation"
	},

	"CDDL-1.0": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "File-level copyleft, requires source disclosure for modifications"
	},

	"EPL-1.0": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "File-level copyleft with patent grants"
	},
	"EPL-2.0": {
	"Severity": 2,
	"LicenseType": "Weak Copyleft",
	"Classification": "Weak Copyleft",
	"RiskFactor": "File-level copyleft with patent grants and compatibility improvements"
	},

	"OSL-3.0": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Requires source code disclosure, copyleft obligations for network use"
	},

	"EUPL-1.2": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "Strong copyleft, compatible with several other copyleft licenses"
	},

	"CeCILL-2.1": {
	"Severity": 3,
	"LicenseType": "Copyleft",
	"Classification": "Strong Copyleft",
	"RiskFactor": "French law equivalent to GPL, requires source disclosure"
	}
	}
No results found