4 files changed, 86 insertions, 6 deletions

diff --git a/lib/license/management/report.rb b/lib/license/management/report.rb
index 5ac41bb..a41f49d 100644
--- a/lib/license/management/report.rb
+++ b/lib/license/management/report.rb
@@ -2,6 +2,7 @@
 
 require 'license/management/report/base'
 require 'license/management/report/v1'
+require 'license/management/report/v2'
 
 module License
   module Management
@@ -11,7 +12,9 @@ module License
         nil => V1,
         '' => V1,
         '1' => V1,
-        '1.0' => V1
+        '1.0' => V1,
+        '2' => V2,
+        '2.0' => V2
       }.freeze
 
       # This method overrides the method defined in `LicenseFinder::JsonReport` to
diff --git a/lib/license/management/report/v1.rb b/lib/license/management/report/v1.rb
index 5882f72..02fd9bd 100644
--- a/lib/license/management/report/v1.rb
+++ b/lib/license/management/report/v1.rb
@@ -67,11 +67,11 @@ module License
         end
 
         def license_data(license)
-          return repository.item_for(license) if canonicalize?
+          return repository.item_for(license, spdx: false) if canonicalize?
 
           {
             'name' => license.name.split(/[\r\n]+/)[0],
-            'url' => license.url
+            'url' => license.url || ''
           }
         end
 
diff --git a/lib/license/management/report/v2.rb b/lib/license/management/report/v2.rb
new file mode 100644
index 0000000..5df6af7
--- /dev/null
+++ b/lib/license/management/report/v2.rb
@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+module License
+  module Management
+    module Report
+      class V2 < Base
+        def to_h
+          {
+            version: '2.0',
+            licenses: license_summary,
+            dependencies: dependencies.sort_by(&:name).map { |x| map_from(x) }
+          }
+        end
+
+        private
+
+        def all_licenses
+          dependencies.map { |x| x.licenses.to_a }.flatten
+        end
+
+        def license_summary
+          all_licenses
+            .group_by { |x| data_for(x)['name'] }
+            .sort_by { |x, y| [-y.size, x] }
+            .map { |_name, items| data_for(items[0]).merge(count: items.count) }
+        end
+
+        def data_for(license)
+          repository.item_for(license, spdx: true)
+        end
+
+        def map_from(dependency)
+          {
+            name: dependency.name,
+            url: dependency.homepage,
+            description: description_for(dependency),
+            paths: paths_from(dependency),
+            licenses: dependency.licenses.map { |x| data_for(x)['id'] }
+          }
+        end
+      end
+    end
+  end
+end
diff --git a/lib/license/management/repository.rb b/lib/license/management/repository.rb
index 2eee1b6..a478dd6 100644
--- a/lib/license/management/repository.rb
+++ b/lib/license/management/repository.rb
@@ -7,12 +7,19 @@ module License
       include Verifiable
 
       def initialize(
-        compatibility_path: License::Management.root.join('normalized-licenses.yml')
+        compatibility_path: License::Management.root.join('normalized-licenses.yml'),
+        spdx_path: License::Management.root.join('spdx-licenses.json')
       )
         @compatibility_data = YAML.safe_load(IO.read(compatibility_path))
+        @spdx_data = load_spdx_data_from(spdx_path)
       end
 
-      def item_for(license)
+      def item_for(license, spdx: true)
+        if spdx
+          item = spdx_data_for(license)
+          return item if item
+        end
+
         id = id_for(license)
         item = id ? compatibility_data['licenses'][id] : nil
         item ? { 'id' => id }.merge(item) : generate_item_for(license)
@@ -20,7 +27,22 @@ module License
 
       private
 
-      attr_reader :compatibility_data
+      attr_reader :spdx_data, :compatibility_data
+
+      def spdx_data_for(license)
+        id = id_for(license)
+        data = id ? spdx_data[id] : spdx_data[license.send(:short_name)]
+        if data
+          {
+            'id' => data['licenseId'],
+            'name' => data['name'],
+            'url' => data['detailsUrl']
+          }
+        else
+          log_info("could not find license named `#{license.send(:short_name)}` in SPDX index")
+          nil
+        end
+      end
 
       def id_for(license)
         ids = compatibility_data['ids']
@@ -44,6 +66,17 @@ module License
           'url' => present?(license.url) ? license.url : ''
         }
       end
+
+      def load_spdx_data_from(path)
+        content = IO.read(path)
+        json = JSON.parse(content)
+        licenses = json['licenses']
+
+        licenses.inject({}) do |memo, license|
+          memo[license['licenseId']] = license
+          memo
+        end
+      end
     end
   end
 end