Skip to content

sktelecom/onot

BranchesTags

Repository files navigation

onot

CI Security License OpenSSF Scorecard PyPI Latest release Download for Windows

onot generates open source software notices (OSS Notice) from SBOM documents. It reads SPDX 2.x (JSON/YAML/Tag-Value/RDF), CycloneDX (JSON/XML), and Excel, and produces HTML, Text, Markdown, and PDF notices. License texts are bundled, so it runs fully offline (air-gapped) — your SBOM never leaves the machine. Jointly developed by Kakao and SK telecom.

onot app

User guide: English

Download (desktop app)

No setup required. Grab the latest installer from Releases, open the app, and drop in an SBOM file to preview and download a notice — Windows (onot-Setup-x.y.z.exe) and macOS (.dmg).

The installers are unsigned. On first launch Windows SmartScreen may warn about an "unknown publisher" — choose More info → Run anyway. On macOS, right-click the app and choose Open to pass Gatekeeper.

CLI

pip install "onot[spdx,cyclonedx,excel,api]"   # from PyPI; add ,pdf for PDF output

# SBOM (format auto-detected) → notices in multiple formats
onot generate -i sbom.spdx.json -f html -f markdown --output-dir ./output

#   -f/--format   html | text | markdown | pdf (repeatable)
#   --lang        ko | en
#   --config      onot.yaml (company info, etc.)
#   --online      fetch missing license texts remotely (offline by default)
#   --stdout      write a single text format to stdout

onot formats   # supported output formats
onot version

Input format is auto-detected by extension and content (including SPDX JSON vs. CycloneDX JSON). PDF output needs pip install ".[pdf]" (WeasyPrint); the desktop app uses a built-in converter.

Local API (sidecar)

onot-sidecar --port 8765
# POST /api/parse    upload → parse result
# POST /api/render   upload + format/lang/company → notice
# GET  /api/formats, GET /healthz

Desktop app (Electron)

pnpm -C frontend install && pnpm -C frontend build
pnpm -C electron install && pnpm -C electron start   # dev
pnpm -C electron run dist                            # package (.dmg/.exe/.AppImage)

Upload → preview → download. All processing is local; the SBOM never leaves the machine.

Development

bash .claude/gate.sh   # lint + pytest (cov ≥ 90) + frontend build/test + electron sidecar test

Refresh license data with python scripts/update_license_data.py (bundles SPDX license-list-data). Design and decision records live in docs/2.0/ (TRACEABILITY.md, DECISIONS.md).

Contributing

Contributions are welcome! See CONTRIBUTING.md for how to set up your environment, run the checks, and open a pull request. Please also read our Code of Conduct. To report a security vulnerability, follow SECURITY.md instead of opening a public issue.

Maintainers

Name Company Email
Rogers Kakao um4825@gmail.com
Haksung SK telecom hakssung@gmail.com

License

Apache-2.0

About

Generate open source software notices (OSS Notice) from SBOM documents — SPDX, CycloneDX, Excel → HTML/Text/Markdown/PDF. Offline, type-safe Python core with CLI, local API, and an installable desktop app.

github.com/sktelecom/onot#readme

Topics

electron python open-source spdx oss-compliance license-compliance sbom cyclonedx oss-notice

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

15 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases 4

1.1.0 Latest
Jun 3, 2026
+ 3 releases

Packages

 
 
 

Contributors

Languages