assimilis

module

v1.0.0 Latest Latest Go to latest Published: Jan 20, 2026 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/traefik/assimilis

Links

Open Source Insights

README ¶

Myrmica Assimilis - Generate OSS Attribution Files

Description

Generate third-party attribution artifacts (NOTICE + "Third Party Licenses" HTML) from a CycloneDX JSON SBOM.

It is intended to be used in CI/CD to produce release artifacts that can be shipped alongside binaries/images.

Output

By default, it writes:

third_party/THIRD_PARTY_LICENSES.html: grouped by license, with license texts and "used by" list. Based on cargo-about (default example available here)
third_party/NOTICE.md: per-dependency copyright/notice block (only for deps that expose copyright)
third_party/licenses/*.txt: cached SPDX license texts

Usage

Place the SBOM in third_party/sbom

By default, Assimilis looks for third_party/sbom/<REPO_NAME>.cdx.json. The SBOM must have this exact naming pattern.
Run Assimilis

From your repository root:
```
assimilis --repo-name <REPO_NAME>
```

Configuration

NAME:
   assimilis - Generate OSS attribution files

USAGE:
   assimilis [global options] [command [command options]]

COMMANDS:
   version  Display version information
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --repo-name string        Name of the repository
   --html-template string    Override HTML template path (default: embedded)
   --notice-template string  Override NOTICE template path (default: embedded)
   --spdx-version string     SPDX license-list-data version/tag (default: "v3.27.0")
   --help, -h                show help

Custom/Non-SPDX Licenses (LicenseRef-*)

If a component uses a non-SPDX license ID or an unmapped license expression, Assimilis expects a corresponding license text file in third_party/licenses/custom.

Example:

third_party/licenses/custom/LicenseRef-<CUSTOM_LICENSE_NAME>.txt

If the text is missing, generation fails.

The Mymirca colony

Myrmica Lobicornis 🐜: Update and merge pull requests.
Myrmica Aloba 🐜: Add labels and milestone on pull requests and issues.
Messor Structor 🐜: Manage multiple documentation versions with Mkdocs.
Lasius Mixtus 🐜: Publish documentation to a GitHub repository from another.
Myrmica Bibikoffi 🐜: Closes stale issues
Chalepoxenus Kutteri 🐜: Track a GitHub repository and publish on Slack.
Myrmica Gallienii 🐜: Keep Forks Synchronized

Directories ¶

Path	Synopsis
cmd Package main provides the Assimilis license report generator CLI entry point.	Package main provides the Assimilis license report generator CLI entry point.
pkg
generator Package generator generates NOTICE/HTML attribution artifacts from a CycloneDX SBOM.	Package generator generates NOTICE/HTML attribution artifacts from a CycloneDX SBOM.
logger Package logger provides logging setup and configuration.	Package logger provides logging setup and configuration.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL