maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lyons, Roy" <Roy.Ly...@cmegroup.com>
Subject Re: Source code verification/compliance with Maven?
Date Thu, 09 May 2013 14:15:53 GMT
Well, I know that Sonatype has a product they have been pretty aggressive
with called CLM.

CLM shows both vulnerabilities and license threats -- including undefined
licenses...  Perhaps that is what you need?


Thanks,

Roy Lyons





On 5/9/13 4:15 AM, "Daniel Pocock" <daniel@pocock.com.au> wrote:

>
>Hi,
>
>There is a lot of confusion about the distinction between software that
>is free (like malware in app stores) and software that is really free
>with open source code.
>
>Several people have asked me how they can be sure that a Maven build
>(including all downloaded plugins) only uses genuine open source
>software, and that the binary downloads are identical to the source
>releases.  There are many users that want to build projects from source
>code in clean, non-networked environments.
>
>How can somebody tell Maven to
>a) recursively download source JARs for all plugins and dependencies
>(and their build plugins) and compile them one by one?
>b) stop if any source JAR contains binary artifacts or if a
>dependency/plugin source is not available?
>c) put all downloaded source in some kind of tree where it can be tarred
>up, copied onto a DVD and then built by a machine that is offline?
>
>I'm aware of the command "mvn dependency:sources", but this only appears
>to fetch the sources on a best effort basis and doesn't appear to
>compile them.
>
>Regards,
>
>Daniel
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
>For additional commands, e-mail: users-help@maven.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org


Mime
View raw message