Also see https://github.com/nexB/vulnerablecode/pull/1102/files#diff-aa2cf137c50d3fb0242d00e7fbe786cc8e3d8c3d22c32b8afedde439965f2fb9R49, any reason we are using SPDX version of the license expression with `spdx_license_expression` instead of the scancode license expression version?
Originally posted by @AyanSinhaMahapatra in #1102 (comment)