maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Klo <jim....@sri.com>
Subject License Auditing
Date Mon, 28 Sep 2015 16:13:20 GMT
Hi,

Looking for some guidance on doing some source license auditing.  My needs are two fold. 
I need to track down all the licenses of all our dependencies, which there seems to be an
abundance of plugins. But I also need to audit the licenses of our committed source, as many
come from open and non-open projects, I need to track the individual files as well.

I’ve started by using Apache RAT [1], which seems to be okay for auditing the source, but
given that we have a significant number of modules, configuration of RAT is somewhat a pain
(I have a bunch of custom license definitions and matchers) which seem to have to be added
to every POM file (doesn’t like going into the parent POM likely because of the way we are
 using Tycho).

Can anyone recommend a plugin that might be better for my use case?  I’d like to be able
to have a single config file (or artifact) that contains the license declarations, and then
be able to reference that from all my modules.  The Codehaus License Maven Plugin [2] seems
close to what I want, but I can’t seem to figure out how to get it to show me files that
are missing license headers or even show me a per file license summary.  If anyone can point
me to some examples or tutorials that explain this that would be much appreciated.

[1] http://creadur.apache.org/rat/apache-rat-plugin/examples/custom-license.html <http://creadur.apache.org/rat/apache-rat-plugin/examples/custom-license.html>
[2] http://www.mojohaus.org/license-maven-plugin/examples/example-thirdparty.html <http://www.mojohaus.org/license-maven-plugin/examples/example-thirdparty.html>

Thanks,

JK

Jim Klo
Senior Software Engineer
Center for Software Engineering
SRI International
t.	@nsomnac


Mime
View raw message