A streamlined tool for generating legal notices from open source dependencies. Built on the powerful purl2notices library, ossnotices provides a simple interface for scanning source code and producing attribution documentation required for OSS compliance.
- Simple Interface: Streamlined CLI for scanning local source code and archives
- Multi-Format Support: Generate notices in text, HTML, or JSON formats
- Archive Processing: Handle JAR, WAR, WHL, ZIP, and other archive formats
- SEMCL.ONE Integration: Seamlessly works with other ecosystem tools for comprehensive compliance workflows
pip install ossnoticesFor development:
git clone https://github.com/SemClone/ossnotices.git
cd ossnotices
pip install -e .# Scan current directory and generate default NOTICE.txt
ossnotices
# Process a specific project directory
ossnotices ./my-project --recursive -o NOTICE.txt# Basic directory scanning
ossnotices ./src --recursive -o NOTICE.txt
# Process archive files
ossnotices library.jar -o NOTICE.txt
# Generate HTML format for documentation
ossnotices ./project -f html -o notices.html
# JSON output for further processing
ossnotices ./project -f json -o notices.json
# Quiet mode for CI/CD pipelines
ossnotices . -q -o NOTICE.txtUsage: ossnotices [OPTIONS] [PATH]
Arguments:
PATH Directory or archive file to scan (default: current directory)
Options:
--version Show version and exit
-o, --output PATH Output file path (default: NOTICE.txt)
-f, --format TYPE Output format: text, html, json (default: text)
-r, --recursive Scan directories recursively
--cache/--no-cache Enable/disable caching (default: enabled)
-v, --verbose Enable verbose output
-q, --quiet Suppress all output except errors
--help Show help and exit
Caching is enabled by default and stores package information in .ossnotices.cache.json for faster subsequent runs.
# Disable caching
ossnotices . --no-cacheOSS Notices Generator is part of the comprehensive SEMCL.ONE compliance ecosystem:
- Works with src2purl for package identification
- Integrates with purl2notices for detailed attribution generation
- Complements osslili for license detection
- Supports upmex package metadata extraction
- Source Directories: Recursively scans for package dependencies
- Archive Files: JAR, WAR, WHL, ZIP, TAR, GZ, BZ2, EGG formats
Through purl2notices integration:
- Python (PyPI)
- JavaScript/Node.js (npm)
- Java (Maven)
- Ruby (RubyGems)
- Go modules
- Rust (Cargo)
- .NET (NuGet)
- PHP (Composer)
- And many more...
- User Guide - Comprehensive usage examples
- API Reference - Python API documentation
- Examples - Common workflows and integration patterns
We welcome contributions! Please see CONTRIBUTING.md for details on:
- Code of conduct
- Development setup
- Submitting pull requests
- Reporting issues
For support and questions:
- GitHub Issues - Bug reports and feature requests
- Documentation - Complete project documentation
- SEMCL.ONE Community - Ecosystem support and discussions
Apache License 2.0 - see LICENSE file for details.
See AUTHORS.md for a list of contributors.
Part of the SEMCL.ONE ecosystem for comprehensive OSS compliance and code analysis.