Skip to content

Maven Plug-in to scan used licenses on a product

License

Notifications You must be signed in to change notification settings

davu-all/LicenseScout

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Maven Central Build Status codecov Codacy Badge Known Vulnerabilities (Core) Known Vulnerabilities (Maven Plug-in) GitHub top language CLA assistant GitHub



LicenseScout is a Maven Plug-in to identify third-party artifacts (libraries) and their licenses, in Java as well as JavaScript projects. The goal is to get an overview over the used licenses, and the artifacts for which no license could be detected. A proper output document is generated listing the used licenses and the corresponding license texts. In a configuration file each license identified is marked as ACCEPTED or NOT_ACCEPTED. This decision depends on the your project's license and may require legal support.

Getting started

For detail information, see the User manual.

Prerequisites

  • Maven 3 installation

Run the quickstart example

To build and run LicenseScout on itself in this repository:

cd org.aposin.licensescout.quickstart
mvn clean install

This does:

  • Compiles the LicenseScout Maven plug-in
  • Creates a LicenseScout configuration bundle
  • Runs the LicenseScout on its own dependencies and creates license reports for it

The reports are written to the directory org.aposin.licensescout.licensereport/target/licensescout.

ℹ️ For further information about how to configure the Plugin, please see the User manual.

As an example output, the NOTICE.txt in this repository is the result of LiceseScout running on itself.

Next steps

Run LicenseScout on your own project

Have a look at the pom.xml in org.aposin.licensescout.licensereport. It contains a typical configuration of how the LicenseScout is applied to a project.

You may want to start by re-using this project and just alter the parameter scanDirectory (Note: the value may also be an absolute path that points anywhere in the file system).

Alternatively, you can copy out the plugin configurations and take them over to your own project's POM.

Create a project specific configuration

The quickstart example you just executed uses a minimal configuration that is just sufficient to run the LicenseScout on its own dependencies.

For you own project, you will need to maintain a configuration that is specific to your project. Take the project org.aposin.licensescout.configuration.sample as a starting point by creating a copy of it. If you cange the name of the project (recommended!) make sure you also adapt the group and artifact IDs that are used as configuration in the licensescout run (in org.aposin.licensescout.licensereport/pom.xml):

<plugin>
	<groupId>org.apache.maven.plugins</groupId>
	<artifactId>maven-dependency-plugin</artifactId>
	<executions>
		<execution>
			...
			<configuration>
				<artifactItems>
					<artifactItem>
						<groupId>your.new.groupId</groupId>
						<artifactId>your.new.artifactId</artifactId>
						<version>${org.aposin.licensescout.configuration.version}</version>
						<classifier>configuration</classifier>
						...
					</artifactItem>
				</artifactItems>
				...
			</configuration>
		</execution>
	</executions>
</plugin>

Then, start adding the configurations you need:

  • License definitions
  • License notices
  • Vendor names (for filtering out own artifacts)
  • License name and URL mappings
  • Exceptions for certain artifacts (checkedarchives.csv)
  • Provider definitions

See also the full documentation: it describes the format of the configuration files and how their information is processed.

You may also want to create a customized version of the templates used for the license reports.

Contributing

Please read CODE_OF_CONDUCT.md for details on our code of conduct, and CONTRIBUTING.md for the process for submitting pull requests to us.

Authors

The authors list is maintained in the CONTRIBUTORS.txt file. See also the Contributors list at GitHub.

License

This project is under the Apache License 2.0 - see the LICENSE file for details.

About

Maven Plug-in to scan used licenses on a product

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 97.0%
  • Groovy 3.0%