Add supplier and value check

rules/gather_licenses_info.bzl

@@ -200,6 +200,7 @@ def licenses_info_to_json(licenses_info):
         "package_name": "{package_name}",
         "package_url": "{package_url}",
         "package_version": "{package_version}",
+        "supplier": "{supplier}",
         "license_text": "{license_text}",
         "used_by": [
           {used_by}
@@ -250,6 +251,7 @@ def licenses_info_to_json(licenses_info):
                 package_name = license.package_name,
                 package_url = license.package_url,
                 package_version = license.package_version,
+                supplier = license.supplier,
                 label = _strip_null_repo(license.label),
                 used_by = ",\n          ".join(sorted(['"%s"' % x for x in used_by[str(license.label)]])),
             ))

rules/license.bzl

@@ -73,6 +73,9 @@ _license = rule(
                   " by an applicatation.  It should be a value that" +
                   " increases over time, rather than a commit hash."
         ),
+        "supplier": attr.string(
+            doc = "Supplier for this package (e.g., 'Organization: <String>' or 'Person: <String>').",
+        ),
     },
 )
 
@@ -86,6 +89,7 @@ def license(
         package_name = None,
         package_url = None,
         package_version = None,
+        supplier = None,
         namespace = None,
         tags = [],
         visibility = ["//visibility:public"]):
@@ -125,6 +129,10 @@ def license(
         # buildifier: disable=print
         print("license(namespace=<str>) is deprecated.")
 
+    if supplier:
+        if not (supplier.startswith("Organization: ") or supplier.startswith("Person: ")):
+            fail("supplier must start with 'Organization: ' or 'Person: '")
+
     _license(
         name = name,
         license_kinds = license_kinds,
@@ -133,6 +141,7 @@ def license(
         package_name = package_name,
         package_url = package_url,
         package_version = package_version,
+        supplier = supplier,
         applicable_licenses = [],
         visibility = visibility,
         tags = tags,

rules/license_impl.bzl

@@ -39,6 +39,7 @@ def license_rule_impl(ctx):
         package_name = ctx.attr.package_name or ctx.label.package,
         package_url = ctx.attr.package_url,
         package_version = ctx.attr.package_version,
+        supplier = ctx.attr.supplier,
         license_text = ctx.file.license_text,
         label = ctx.label,
     )

rules/package_info.bzl

@@ -35,6 +35,7 @@ def _package_info_impl(ctx):
         package_url = ctx.attr.package_url,
         package_version = ctx.attr.package_version,
         purl = ctx.attr.purl,
+        supplier = ctx.attr.supplier,
     )
 
     # Experimental alternate design, using a generic 'data' back to hold things
@@ -46,6 +47,7 @@ def _package_info_impl(ctx):
             "package_url": ctx.attr.package_url,
             "package_version": ctx.attr.package_version,
             "purl": ctx.attr.purl,
+            "supplier": ctx.attr.supplier,
         },
     )
     return [provider, generic_provider]
@@ -74,6 +76,9 @@ _package_info = rule(
                   " https://github.com/package-url/purl-spec. This may be used when" +
                   " generating an SBOM.",
         ),
+        "supplier": attr.string(
+            doc = "Supplier for this package (e.g., 'Organization: <String>' or 'Person: <String>').",
+        ),
     },
 )
 
@@ -84,6 +89,7 @@ def package_info(
         package_url = None,
         package_version = None,
         purl = None,
+        supplier = None,
         **kwargs):
     """Wrapper for package_info rule.
 
@@ -111,6 +117,7 @@ def package_info(
         package_url = package_url,
         package_version = package_version,
         purl = purl,
+        supplier = supplier,
         applicable_licenses = [],
         visibility = visibility,
         tags = [],

rules/providers.bzl

@@ -44,6 +44,7 @@ LicenseInfo = provider(
         "package_name": "string: Human readable package name",
         "package_url": "URL from which this package was downloaded.",
         "package_version": "Human readable version string",
+        "supplier": "string: Supplier for this package (e.g., organization/person)",
     },
 )
 
@@ -56,6 +57,7 @@ PackageInfo = provider(
         "package_url": "string: URL from which this package was downloaded.",
         "package_version": "string: Human readable version string",
         "purl": "string: package url matching the purl spec (https://github.com/package-url/purl-spec)",
+        "supplier": "string: Supplier for this package (e.g., organization/person)",
     },
 )
 

rules_gathering/gather_metadata.bzl

@@ -196,6 +196,7 @@ def metadata_info_to_json(metadata_info):
         "package_name": "{package_name}",
         "package_url": "{package_url}",
         "package_version": "{package_version}",
+        "supplier": "{supplier}",
         "license_text": "{license_text}",
         "used_by": [
           {used_by}
@@ -216,7 +217,8 @@ def metadata_info_to_json(metadata_info):
             "package_name": "{package_name}",
             "package_url": "{package_url}",
             "package_version": "{package_version}",
-            "purl": "{purl}"
+            "purl": "{purl}",
+            "supplier": "{supplier}"
           }}"""
 
     # Build reverse map of license to user
@@ -249,6 +251,7 @@ def metadata_info_to_json(metadata_info):
                 package_name = license.package_name,
                 package_url = license.package_url,
                 package_version = license.package_version,
+                supplier = getattr(license, "supplier", ""),
                 label = _strip_null_repo(license.label),
                 bazel_package =  _bazel_package(license.label),
                 used_by = ",\n          ".join(sorted(['"%s"' % x for x in used_by[str(license.label)]])),
@@ -286,6 +289,7 @@ def metadata_info_to_json(metadata_info):
                 package_url = mi.package_url,
                 package_version = mi.package_version,
                 purl = mi.purl,
+                supplier = getattr(mi, "supplier", ""),
             ))
         # experimental: Support the ExperimentalMetadataInfo bag of data
         # WARNING: Do not depend on this. It will change without notice.
@@ -298,6 +302,7 @@ def metadata_info_to_json(metadata_info):
                 package_url = mi.data.get("package_url") or "",
                 package_version = mi.data.get("package_version") or "",
                 purl = mi.data.get("purl") or "",
+                supplier = mi.data.get("supplier") or "",
             ))
 
     return [main_template.format(

tests/BUILD

@@ -43,6 +43,7 @@ license(
     license_kinds = [":generic_notice_license"],
     # Note. This need not be precise. If a downloader creates the license
     # clause for you, then it should use the absolute download URL.
+    supplier = "Organization: Test Org",
     package_url = "http://github.com/bazelbuild/rules_license",
     package_version = "0.0.4",
 )