Audit all licenses used by your github organization/user
gem install organization_license_auditFor yourself (git config github.user)
organization-license-audit
parllel_tests
git clone git@github.com:grosser/parallel_tests.git --depth 1 --quiet
bundle --path vendor/bundle --quiet
license_finder --quiet
All gems are approved for use
evil_gem
git clone git@github.com:grosser/evil_gem.git --depth 1 --quiet
bundle --path vendor/bundle --quiet
license_finder --quiet
Dependencies that need approval:
evil_gem_dependency, 0.3.9, GPL
...
Failed:
https://github.com/grosser/parallel -- Michael Grosser <michael@grosser.it>For someone else
organization-license-audit --user grosserIgnore gems (ignores repos that have a *.gemspec)
organization-license-audit --ignore-gemsSilent: only show vulnerable repos
organization-license-audit 2>/dev/null
CI: ignore old/unmaintained proejcts, unfixable/unimportant
organization-license-audit \
--ignore https://github.com/xxx/a \
--ignore b \
--organization xxx \
--token yyy
If this takes to long for you organization you can run it in parallel by giving OLA_GROUP=1/4 .. 2/4 .. 3/4 .. 4/4 as env variables in travis to get 4 parallel builds.
script: organization-license-audit ...
env:
- OLA_GROUP=1/4
- OLA_GROUP=2/4
- OLA_GROUP=3/4
- OLA_GROUP=4/4
not interested in npm and bundler ?
--without npm,bundler
just add --csv to get a nice csv report (--csv '\t' for tab separated -> paste into google docs)
# create a token that has access to your repositories
curl -v -u your-user-name -X POST https://api.github.com/authorizations --data '{"scopes":["repo"]}'
enter your password -> TOKEN
organization-license-audit --user your-user --token TOKEN --organization your-organizationorganization-license-audit ... \
--approve rake,rails,test-unit \
--whitelist MIT,BSD,LGPL \
To approve individual licenses or add dependencies take a look at licence_finder
Michael Grosser
michael@grosser.it
License: MIT
