Skip to content

feat: [five-c] Compliance extended report set#523

Merged
tdruez merged 6 commits intomainfrom
415-5c-compliance-reporting
Apr 24, 2026
Merged

feat: [five-c] Compliance extended report set#523
tdruez merged 6 commits intomainfrom
415-5c-compliance-reporting

Conversation

@tdruez
Copy link
Copy Markdown
Contributor

@tdruez tdruez commented Apr 22, 2026

Issues

Changes

  • Product license compliance export

Adds a per-product export of the license distribution already shown on the Compliance tab. For each license associated with the product's packages, the export includes the SPDX key, short name, internal key, number of packages using it, and the compliance alert level (error/warning). Useful for sharing license posture with legal or compliance reviewers outside the application, and for feeding downstream audit tooling.

  • Product security compliance export

Adds a per-product export of the vulnerabilities affecting the product's packages. For each vulnerability, the export includes the vulnerability ID, aliases (CVE, GHSA, PYSEC, etc.), summary, risk level and score, exploitability, weighted severity, number of affected and fixed packages within the product, and the reference URL. Useful for vulnerability triage reports, VEX-adjacent workflows, and security audits.

Both available as the following formats:

  • Comma-separated Values (.csv)
  • JSON (.json)
  • OpenDocument (.ods)
  • Microsoft Excel (.xlsx)
  • YAML (.yaml)

Screens

Available from the "Download" icon in both panel header of the "Product > Compliance tab"
Screenshot 2026-04-24 at 09 40 34

Screenshot 2026-04-24 at 09 40 46

tdruez added 6 commits April 22, 2026 13:44
Signed-off-by: tdruez <tdruez@aboutcode.org>
Signed-off-by: tdruez <tdruez@aboutcode.org>
Signed-off-by: tdruez <tdruez@aboutcode.org>
Signed-off-by: tdruez <tdruez@aboutcode.org>
Signed-off-by: tdruez <tdruez@aboutcode.org>
Signed-off-by: tdruez <tdruez@aboutcode.org>
@tdruez tdruez merged commit 4938cd4 into main Apr 24, 2026
4 checks passed
@tdruez tdruez deleted the 415-5c-compliance-reporting branch April 24, 2026 05:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant