THE SPDX WIKI IS NO LONGER ACTIVE. ALL CONTENT HAS BEEN MOVED TO https://github.com/spdx
Technical Team/Use Cases/2.0/Third party produces bill of materials for software package
From SPDX Wiki
A customer requests a third party to audit their entire codebase to determine all rights holders and licenses for every file in the code base
Stackholders and Interests
- Auditee
- The organization in possession of the code that wants to understand the licensing and rights holders of that code.
- Auditor
- Third party that need to analyze the codebase and inform the auditee of what the licensing is and who the rights holders are.
Main Success Scenario
- Auditee delivers code to auditor
- Auditor extracts licensing and copyright information from files
- Auditor evaluates evidence and identifies most likely licensing and rights holders
- Auditor provides SPDX data to auditee
- Legal staff at auditee look at concluded licensing and right holder and take any necessary actions to comply with the licenses