scanoss
diff --git a/‎CHANGELOG.md‎
Lines changed: 8 additions & 1 deletion b/‎CHANGELOG.md‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 5 additions & 0 deletions b/‎README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/scanoss/data/osadl-copyleft.json‎
Lines changed: 133 additions & 0 deletions b/‎src/scanoss/data/osadl-copyleft.json‎
Lines changed: 133 additions & 0 deletions
diff --git a/‎src/scanoss/inspection/utils/license_utils.py‎
Lines changed: 51 additions & 71 deletions b/‎src/scanoss/inspection/utils/license_utils.py‎
Lines changed: 51 additions & 71 deletions
@@ -13,12 +13,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Supports both `-ls source1 source2` and `-ls source1 -ls source2` syntax
 
 ### Changed
+- **Switched to OSADL authoritative copyleft license data**
+  - Copyleft detection now uses [OSADL (Open Source Automation Development Lab)](https://www.osadl.org/) checklist data
+  - Adds missing `-or-later` license variants (GPL-2.0-or-later, GPL-3.0-or-later, LGPL-2.1-or-later, etc.)
+  - Expands copyleft coverage from 21 to 32 licenses
+  - Custom include/exclude/explicit filters still use legacy behavior for backward compatibility
+  - Dataset attribution added to README (CC-BY-4.0 license)
+
 - Copyleft inspection now defaults to component-level licenses only (component_declared, license_file)
   - Reduces noise from file-level license detections (file_header, scancode)
   - Use `-ls` to override and check specific sources
 
 ### Fixed
-- Fixed terminal cursor disappearing after aborting scan with Ctrl+C
+- Fixed the terminal cursor disappearing after aborting scan with Ctrl+C
 
 ## [1.40.1] - 2025-10-29
 ### Changed
 
@@ -135,3 +135,8 @@ Details of major changes to the library can be found in [CHANGELOG.md](CHANGELOG
 
 ## Background
 Details about the Winnowing algorithm used for scanning can be found [here](WINNOWING.md).
+
+## Dataset License Notice
+This application is licensed under the MIT License. However, it includes the OSADL copyleft license dataset ([osadl-copyleft.json](src/scanoss/data/osadl-copyleft.json)) which is licensed under the [Creative Commons Attribution 4.0 International license (CC-BY-4.0)](https://creativecommons.org/licenses/by/4.0/) by the [Open Source Automation Development Lab (OSADL) eG](https://www.osadl.org/).
+
+**Attribution:** A project by the Open Source Automation Development Lab (OSADL) eG. Original source: [https://www.osadl.org/fileadmin/checklists/copyleft.json](https://www.osadl.org/fileadmin/checklists/copyleft.json)
@@ -0,0 +1,133 @@
+{
+    "title": "OSADL Open Source License Obligations Checklist (https:\/\/www.osadl.org\/Checklists)",
+    "license": "Creative Commons Attribution 4.0 International license (CC-BY-4.0)",
+    "attribution": "A project by the Open Source Automation Development Lab (OSADL) eG. For further information about the project see the description at www.osadl.org\/checklists.",
+    "copyright": "(C) 2017 - 2024 Open Source Automation Development Lab (OSADL) eG and contributors, info@osadl.org",
+    "disclaimer": "The checklists and particularly the copyleft data have been assembled with maximum diligence and care; however, the authors do not warrant nor can be held liable in any way for its correctness, usefulness, merchantibility or fitness for a particular purpose as far as permissible by applicable law. Anyone who uses the information does this on his or her sole responsibility. For any individual legal advice, it is recommended to contact a lawyer.",
+    "timeformat": "%Y-%m-%dT%H:%M:%S%z",
+    "timestamp": "2025-10-30T11:23:00+0000",
+    "copyleft": 
+    {
+        "0BSD": "No",
+        "AFL-2.0": "No",
+        "AFL-2.1": "No",
+        "AFL-3.0": "No",
+        "AGPL-3.0-only": "Yes",
+        "AGPL-3.0-or-later": "Yes",
+        "Apache-1.0": "No",
+        "Apache-1.1": "No",
+        "Apache-2.0": "No",
+        "APSL-2.0": "Yes (restricted)",
+        "Artistic-1.0": "No",
+        "Artistic-1.0-Perl": "No",
+        "Artistic-2.0": "No",
+        "Bitstream-Vera": "No",
+        "blessing": "No",
+        "BlueOak-1.0.0": "No",
+        "BSD-1-Clause": "No",
+        "BSD-2-Clause": "No",
+        "BSD-2-Clause-Patent": "No",
+        "BSD-3-Clause": "No",
+        "BSD-3-Clause-Open-MPI": "No",
+        "BSD-4-Clause": "No",
+        "BSD-4-Clause-UC": "No",
+        "BSD-4.3TAHOE": "No",
+        "BSD-Source-Code": "No",
+        "BSL-1.0": "No",
+        "bzip2-1.0.5": "No",
+        "bzip2-1.0.6": "No",
+        "CC-BY-2.5": "No",
+        "CC-BY-3.0": "No",
+        "CDDL-1.0": "Yes (restricted)",
+        "CDDL-1.1": "Yes (restricted)",
+        "CPL-1.0": "Yes",
+        "curl": "No",
+        "ECL-1.0": "No",
+        "ECL-2.0": "No",
+        "EFL-2.0": "No",
+        "EPL-1.0": "Yes",
+        "EPL-2.0": "Yes (restricted)",
+        "EUPL-1.1": "Yes",
+        "EUPL-1.2": "Yes",
+        "FSFAP": "No",
+        "FSFUL": "No",
+        "FSFULLR": "No",
+        "FSFULLRWD": "No",
+        "FTL": "No",
+        "GPL-1.0-only": "Yes",
+        "GPL-1.0-or-later": "Yes",
+        "GPL-2.0-only": "Yes",
+        "GPL-2.0-only WITH Classpath-exception-2.0": "Yes (restricted)",
+        "GPL-2.0-or-later": "Yes",
+        "GPL-3.0-only": "Yes",
+        "GPL-3.0-or-later": "Yes",
+        "HPND": "No",
+        "IBM-pibs": "No",
+        "ICU": "No",
+        "IJG": "No",
+        "ImageMagick": "No",
+        "Info-ZIP": "No",
+        "IPL-1.0": "Yes",
+        "ISC": "No",
+        "JasPer-2.0": "No",
+        "LGPL-2.0-only": "Yes (restricted)",
+        "LGPL-2.0-or-later": "Yes (restricted)",
+        "LGPL-2.1-only": "Yes (restricted)",
+        "LGPL-2.1-or-later": "Yes (restricted)",
+        "LGPL-3.0-only": "Yes (restricted)",
+        "LGPL-3.0-or-later": "Yes (restricted)",
+        "Libpng": "No",
+        "libpng-2.0": "No",
+        "libtiff": "No",
+        "LicenseRef-scancode-bsla-no-advert": "No",
+        "LicenseRef-scancode-info-zip-2003-05": "No",
+        "LicenseRef-scancode-ppp": "No",
+        "Minpack": "No",
+        "MirOS": "No",
+        "MIT": "No",
+        "MIT-0": "No",
+        "MIT-CMU": "No",
+        "MPL-1.1": "Yes (restricted)",
+        "MPL-2.0": "Yes (restricted)",
+        "MPL-2.0-no-copyleft-exception": "Yes (restricted)",
+        "MS-PL": "Questionable",
+        "MS-RL": "Yes (restricted)",
+        "NBPL-1.0": "No",
+        "NCSA": "No",
+        "NTP": "No",
+        "OFL-1.1": "Yes (restricted)",
+        "OGC-1.0": "No",
+        "OLDAP-2.8": "No",
+        "OpenSSL": "Questionable",
+        "OSL-3.0": "Yes",
+        "PHP-3.01": "No",
+        "PostgreSQL": "No",
+        "PSF-2.0": "No",
+        "Python-2.0": "No",
+        "Qhull": "No",
+        "RSA-MD": "No",
+        "Saxpath": "No",
+        "SGI-B-2.0": "No",
+        "Sleepycat": "Yes",
+        "SMLNJ": "No",
+        "Spencer-86": "No",
+        "SSH-OpenSSH": "No",
+        "SSH-short": "No",
+        "SunPro": "No",
+        "Ubuntu-font-1.0": "Yes (restricted)",
+        "Unicode-3.0": "No",
+        "Unicode-DFS-2015": "No",
+        "Unicode-DFS-2016": "No",
+        "Unlicense": "No",
+        "UPL-1.0": "No",
+        "W3C": "No",
+        "W3C-19980720": "No",
+        "W3C-20150513": "No",
+        "WTFPL": "No",
+        "X11": "No",
+        "XFree86-1.1": "No",
+        "Zlib": "No",
+        "zlib-acknowledgement": "No",
+        "ZPL-2.0": "No"
+    }
+}
@@ -22,96 +22,84 @@
   THE SOFTWARE.
 """
 
-from ...scanossbase import ScanossBase
+from scanoss.osadl import Osadl
 
-DEFAULT_COPYLEFT_LICENSES = {
-    'agpl-3.0-only',
-    'artistic-1.0',
-    'artistic-2.0',
-    'cc-by-sa-4.0',
-    'cddl-1.0',
-    'cddl-1.1',
-    'cecill-2.1',
-    'epl-1.0',
-    'epl-2.0',
-    'gfdl-1.1-only',
-    'gfdl-1.2-only',
-    'gfdl-1.3-only',
-    'gpl-1.0-only',
-    'gpl-2.0-only',
-    'gpl-3.0-only',
-    'lgpl-2.1-only',
-    'lgpl-3.0-only',
-    'mpl-1.1',
-    'mpl-2.0',
-    'sleepycat',
-    'watcom-1.0',
-}
+from ...scanossbase import ScanossBase
 
 
 class LicenseUtil(ScanossBase):
     """
     A utility class for handling software licenses, particularly copyleft licenses.
 
-    This class provides functionality to initialize, manage, and query a set of
-    copyleft licenses. It also offers a method to generate URLs for license information.
+    Uses OSADL (Open Source Automation Development Lab) authoritative copyleft data
+    with optional include/exclude/explicit filters.
     """
 
     BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
-    BASE_OSADL_URL = 'https://www.osadl.org/fileadmin/checklists/unreflicenses'
 
     def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
         super().__init__(debug, trace, quiet)
-        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
-        self.copyleft_licenses = set()
+        self.osadl = Osadl(debug=debug)
+        self.include_licenses = set()
+        self.exclude_licenses = set()
+        self.explicit_licenses = set()
 
     def init(self, include: str = None, exclude: str = None, explicit: str = None):
         """
-        Initialize the set of copyleft licenses based on user input.
-
-        This method allows for customization of the copyleft license set by:
-        - Setting an explicit list of licenses
-        - Including additional licenses to the default set
-        - Excluding specific licenses from the default set
+        Initialize copyleft license filters.
 
-        :param include: Comma-separated string of licenses to include
-        :param exclude: Comma-separated string of licenses to exclude
-        :param explicit: Comma-separated string of licenses to use exclusively
+        :param include: Comma-separated licenses to mark as copyleft (in addition to OSADL)
+        :param exclude: Comma-separated licenses to mark as NOT copyleft (override OSADL)
+        :param explicit: Comma-separated licenses to use exclusively (ignore OSADL)
         """
-        if self.debug:
-            self.print_stderr(f'Include Copyleft licenses: ${include}')
-            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
-            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
+        # Parse explicit list (if provided, ignore OSADL completely)
         if explicit:
-            explicit = explicit.strip()
-        if explicit:
-            exp = [item.strip().lower() for item in explicit.split(',')]
-            self.copyleft_licenses = set(exp)
-            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.explicit_licenses = {lic.strip().lower() for lic in explicit.split(',') if lic.strip()}
+            self.print_debug(f'Explicit copyleft licenses: {self.explicit_licenses}')
             return
-        # If no explicit licenses were set, set default ones
-        self.copyleft_licenses = self.default_copyleft_licenses.copy()
-        if include:
-            include = include.strip()
+
+        # Parse include list (mark these as copyleft in addition to OSADL)
         if include:
-            inc = [item.strip().lower() for item in include.split(',')]
-            self.copyleft_licenses.update(inc)
-        if exclude:
-            exclude = exclude.strip()
+            self.include_licenses = {lic.strip().lower() for lic in include.split(',') if lic.strip()}
+            self.print_debug(f'Include licenses: {self.include_licenses}')
+
+        # Parse exclude list (mark these as NOT copyleft, overriding OSADL)
         if exclude:
-            inc = [item.strip().lower() for item in exclude.split(',')]
-            for lic in inc:
-                self.copyleft_licenses.discard(lic)
-        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.exclude_licenses = {lic.strip().lower() for lic in exclude.split(',') if lic.strip()}
+            self.print_debug(f'Exclude licenses: {self.exclude_licenses}')
 
     def is_copyleft(self, spdxid: str) -> bool:
         """
-        Check if a given license is considered copyleft.
+        Check if a license is copyleft.
+
+        Logic:
+        1. If explicit list provided → check if license in explicit list
+        2. If license in include list → return True
+        3. If license in exclude list → return False
+        4. Otherwise → use OSADL authoritative data
 
-        :param spdxid: The SPDX identifier of the license to check
-        :return: True if the license is copyleft, False otherwise
+        :param spdxid: SPDX license identifier
+        :return: True if copyleft, False otherwise
         """
-        return spdxid.lower() in self.copyleft_licenses
+        if not spdxid:
+            return False
+
+        spdxid_lc = spdxid.lower()
+
+        # Explicit mode: use only the explicit list
+        if self.explicit_licenses:
+            return spdxid_lc in self.explicit_licenses
+
+        # Include filter: if license in include list, force copyleft=True
+        if spdxid_lc in self.include_licenses:
+            return True
+
+        # Exclude filter: if license in exclude list, force copyleft=False
+        if spdxid_lc in self.exclude_licenses:
+            return False
+
+        # No filters matched, use OSADL authoritative data
+        return self.osadl.is_copyleft(spdxid)
 
     def get_spdx_url(self, spdxid: str) -> str:
         """
@@ -122,14 +110,6 @@ def get_spdx_url(self, spdxid: str) -> str:
         """
         return f'{self.BASE_SPDX_ORG_URL}/{spdxid}.html'
 
-    def get_osadl_url(self, spdxid: str) -> str:
-        """
-        Generate the URL for the OSADL (Open Source Automation Development Lab) page of a license.
-
-        :param spdxid: The SPDX identifier of the license
-        :return: The URL of the OSADL page for the given license
-        """
-        return f'{self.BASE_OSADL_URL}/{spdxid}.txt'
 
 
 #