Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generate dependency information / SBOM as part of the MAT build #40

Open
eclipsewebmaster opened this issue May 8, 2024 · 20 comments
Open
Assignees

Comments

@eclipsewebmaster
Copy link

| --- | --- |
| Bugzilla Link | 582480 |
| Status | ASSIGNED |
| Importance | P3 normal |
| Reported | Sep 27, 2023 08:00 EDT |
| Modified | Nov 09, 2023 04:40 EDT |
| Version | 1.14 |
| Reporter | Krum Tsvetkov |

Description

The topic of SBOMs was mentioned on the dev mailing list. I see various aspects and have at present no good idea about the solution, but would use the bug to keep the discussions / ideas.

Removal of IP Logs - the changes introduced last year https://www.eclipse.org/projects/handbook/#ip-history projects are not required to submit IP Logs, but to provide SBOMs. AFAIU there is still no standard way for this. For our last release I used the https://github.com/eclipse/dash-licenses tool and manually checked the report that all listed dependencies are approved. Generating this information can be done as part of the build, and for me this would be the first step.
I still wonder what to do with the information once it is generated. There is an option to fail the build. I haven't tried this one (we use only approved libs), but I intend to add a dependency to something not-approved and see what the effect is.
So far I only did some checks that the plugins I find in the standalone MAT package are all part of the generated dependency list (they are indeed a subset of it, the generated list contains more).

The second aspect is providing an SBOM as part of ...

I guess the best would be to find another Eclipse project which does this and mimic their setup. Any idea of a concrete project to look at?

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Sep 27, 2023 09:23

One example is the dash-license-tool project itself.

That has a ci build: https://ci.eclipse.org/dash/job/dash-license-tool/\
It seems to build several bom.json files. E.g.

[INFO] --- cyclonedx:2.7.9:makeAggregateBom (default) @ org.eclipse.dash.licenses ---
[INFO] CycloneDX: Resolving Dependencies
[INFO] CycloneDX: Creating BOM version 1.4 with 46 component(s)
[INFO] CycloneDX: Writing and validating BOM (JSON): /home/jenkins/agent/workspace/dash-license-tool/core/target/bom.json
[INFO] attaching as org.eclipse.dash.licenses-1.0.3-SNAPSHOT-cyclonedx.json

and archives them
[JENKINS] Archiving /home/jenkins/agent/workspace/dash-license-tool/core/target/bom.json to org.eclipse.dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-SNAPSHOT-cyclonedx.json
and they are visible on the CI build site.

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Sep 28, 2023 05:53

Thanks for the hint to look at Dash. It was straightforward to add both dash-license and cyclonedx to the build and let them produce "some" results as part of the local snapshot build :)
I have the changes in https://git.eclipse.org/r/c/mat/org.eclipse.mat/+/204643, which I marked as WIP for now.

I added the parameter to make dash-license fail the build in case of an unapproved dependency. Testet it locally with an arbitrary lib and the build failed lile:
[INFO] --- license-tool-plugin:1.0.2:license-check (license-check) @ parent ---
[INFO] Querying Eclipse Foundation for license data for 322 items.
[INFO] Found 283 items.
[INFO] Querying ClearlyDefined for license data for 12 items.
[INFO] Found 12 items.
[INFO] License information could not be automatically verified for the following content:
[INFO]
[INFO] maven/mavencentral/com.rabbitmq/amqp-client/5.19.0
[INFO]
[INFO] This content is either not correctly mapped by the system, or requires review.
[INFO] Summary file was written to: /Users/d041376/git/org.eclipse.mat/parent/target/dash/summary
[ERROR] Dependency license check failed. Some dependencies need to be vetted.
...

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 27.592 s
[INFO] Finished at: 2023-09-28T08:52:12+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.eclipse.dash:license-tool-plugin:1.0.2:license-check (license-check) on project parent: Some dependencies must be vetted. -> [Help 1]

I think this is understandable enough, and will keep the flag in.
I believe this check alone is enough for us to go through the next release.

Next step would be for both dash-license and cyclonedx to go through the results in detail and see if we are reporting too many results and try to tune the build to exclude some parts. Both tools support that.

What still puzzles me a bit is what to do with the results. We offer for download an update side which contains only MAT bundles + birt. And we do offer also the standalone MAT which includes everything an eclipse RCP needs to run. Having the full bom for the standalone MAT is reasonable I thing, but if people are using only the update site, then the bom will contain many more entries than provided software. I can't say how much of an issue this is.

I also see that the Dash project has the DEPENDENCIES file as part of their source repository. Same questions arise here too, plus we do support building against multiple targets/Eclipse versions. So, if I were to put a single file as part of the repository - 1) shall it contain the full bom (needed for the standalone MAT) or only what we need to build the plugins and 2) if we put the full list, shall it be for the target selected by default?

Any thoughts on these would be helpful.

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Sep 28, 2023 06:34

Ideally we would have a separate BOM for the update site. We could have a vulnerability in the standalone version due to an older level of Eclipse, and the work-around would be to install MAT into a newer Eclipse.

However, do build/test artifacts also appear in the BOM? E.g. SWTBot.
Do tools go into the SBOM, as they could have a vulnerability that causes problems in MAT?
Should test tools / test platform go into the SBOM? If they could never affect the deliverable code, then maybe not, but our build might not be that protected against malicious test tools.

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Sep 28, 2023 06:58

All examples I was were excluding test code, therefore tried it also for out build (still need to go through the results to see if this had effect).

I also felt like having separate BOMs for the two use cases is the most reasonable approach, but I'll have to see if I can get setup this with the provided tools.

I guess I'll need to spend some more time reading and understanding what are typical requirements for BOMs and what are Eclipse specific ones. If in doubt, I would probably reach out the the foundation staff to ask for some guidance. But I'll see first what I can find myself before bothering them.

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Oct 11, 2023 04:41

See also https://gitlab.eclipse.org/eclipsefdn/emo-team/sbom/-/blob/main/docs/sbom.adoc

The short version is that generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs. We've started capturing information here. Merge requests, issues, and comments welcome.

Date: October 12, 2023
Time: 1330h UTC

https://eclipse.zoom.us/j/84638945339

See you then!

Our office hours calendar, along with links to recordings is available here https://www.eclipse.org/projects/calendar/.

Wayne

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 11, 2023 16:12

Thanks Andrew! I won't be able to attend tomorrow, but I got the links to the sbom repo already and promised Wayne to give some feedback... then got caught in various other activities :(
Sorry for not updating the ticket with the info.

There was one more useful info - https://gitlab.eclipse.org/eclipsefdn/emo-team/sbom/-/issues/3 . In this issue it is basically discussed, that having sboms for the plugins is not useful and that sboms would be rather suitable for the Eclipse packages (i.e. I read it that we need one for the standalone MAT application, but not for the update site).

I still have a few questions, which I need to summarise.

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 26, 2023 05:14

I merged https://git.eclipse.org/r/c/mat/org.eclipse.mat/+/204643.\
I think it is a good-enough first step.
The build now will use:

  • dash-license tool to generate the list of dependencies with the corresponding reason for approval at Eclise. It will also fail the build if a non-approved dependency appears
  • cyclonedx plugin to generate sbom. I had to explicitly exclude the test modules, not sure yet why setting test scope to fasle didn't exclude them

I adapted the jenkins build config, so that these two files are archived and available as "latest results" in jenkins, as the dash project does.

I believe we would need some fine-tuning as we learn more about what is required. Therefore I'll keep this bug open.

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Oct 26, 2023 08:11

Bug 438844 added GZip processing of HPROF files, including a pure Jaza GZip reader via CQ 21570.
This was MIT licensed.

plugin: org.eclipse.mat.hprof
package: io.nayuki.deflate

The original code in this package was MIT licensed, I made updates for MAT under the same license.

There is some copyright / license text in the package-info.java

https://wiki.eclipse.org/About_files\
https://www.eclipse.org/legal/epl/about.php#long

so I think I need to update the about.html to include this information.

If the org.eclipse.mat.hprof plug-in binary is now under both licenses, then
I think I also need to update pom.xml but need to find how to specify both licenses (rather than a choice).
https://gitlab.eclipse.org/eclipsefdn/emo-team/sbom/-/blob/main/docs/sbom.adoc

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Oct 26, 2023 10:36

https://git.eclipse.org/r/c/mat/org.eclipse.mat/+/205139\
https://git.eclipse.org/c/mat/org.eclipse.mat.git/commit/?id=e4ad7e21fabf3727388e9d8174bdff80ac904c86

I made those changes, including to the o.e.mat.hprof pom.xml, but that license report is still the same. I don't think this is very important though.

maven/mavencentral/org.eclipse.mat/org.eclipse.mat.hprof/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat

The Help > About Eclipse Memory Analyzer > Installation Details > Plug-ins > org.eclipse.mat.hprof > Legal Info does show both licenses.

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 27, 2023 01:57

I've overlooked that, thanks for the updates!
I think the expression is correct, I don't know why dash-license reports only one.
Also in the cyclondex sbom.json there is no license information at all for MATs own bundles, and I can't yet figure out why.
Looking at dash-license output - there it is included... I can't spot the difference in the configs :)

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 27, 2023 02:26

One more thing we should check is versioning. So far we always keep the -SNAPSHOT version for maven and use the plugins with auto-generated versions with timestamps. I see the tools now all report a 1.15.0-SNAPSHOT version for MAT, which doesn't feel right. I don't know hot to deal with this. I found some recent changes for jgit/egit which seem related:
https://git.eclipse.org/r/c/jgit/jgit/+/204785/7

AFAIU they try to use the timestamp of the last commit ... I am not sure we need this, but it might be possible to use some parts of the change to influence the sbom results.

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 27, 2023 04:55

I was a bit confused about the licenses in the bom.json.
There is one bom.json generated for each of the modules, and in there the license is correct, also the dual license for o.e.m.hprof:
...
"component" : {
"group" : "org.eclipse.mat",
"name" : "org.eclipse.mat.hprof",
"version" : "1.15.0-SNAPSHOT",
"licenses" : [
{
"license" : {
"name" : "EPL-2.0 and MIT",
...

It is the aggregated bom (the one linked from jenkins) the license info is missing for the referenced MAT plugins, but is present for "foreign" libraries. No idea why this is so, and if this is fine (I suppose this is not fine as long as the only thing we publish is the aggregated bom).

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Oct 27, 2023 06:54

I added some metadata as recommended to the parent pom
https://git.eclipse.org/r/c/mat/org.eclipse.mat/+/205144

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Nov 02, 2023 05:31

The recording of the Open hours call about SBOMs on 12 October is now available:
https://www.youtube.com/watch?v=VeGfHzfdep4

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Nov 02, 2023 06:50

@andrew, some questions about the o.e.m.hprof license - I can't open the CQ 21570, (don't know why) and I have no experience with dual licenses, so I was hoping to have some more details in the CQ.

  • I see that SPDX expressions allow combining licenses with OR or AND, and you chose the AND. Do you have some details what this means (and what an OR would mean)?
  • as the hprof plugins is dual licensed, I suppose this would apply to project as a whole too? I guess at least for someone using the standalone version of MAT, where the hprof plugin is included, they have to agree to both, don't they? Do you know how this works?

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Nov 02, 2023 07:43

I don't know properly how it works but the top level Eclipse Foundation Software User Agreement has some lines:

The terms and conditions governing Plug-ins and Fragments should be contained in files named "about.html" ("Abouts"). The terms and conditions governing Features and Included Features should be contained in files named "license.html" ("Feature Licenses"). Abouts and Feature Licenses may be located in any directory of a Download or Module including, but not limited to the following locations:

The top-level (root) directory\
Plug-in and Fragment directories\
Inside Plug-ins and Fragments packaged as JARs\
Sub-directories of the directory named "src" of certain Plug-ins\
Feature directories

then if you look in org.eclipse.mat.hprof there is an about.html and about_files/DEFLATE-mit.html with the extra information.
That's basically a copyright statement and a no warranty term.
The license is 'AND' as both EPL 2.0 and MIT need to be followed.
'OR' would mean the user could choose either license.

The user can view the o.e.mat.hprof about.html with
Help > About Eclipse Memory Analyzer > Installation Details > Plug-ins > Memory Analyzer - HPROF Adapter > Legal Info

I don't think there is any need to change the top level Software User Agreement (and that might not be allowed anyway), and the user has agreed to follow all those sub level about.html files. If you go to some of the other plug-ins then they can have different terms. E.g. Apache Commons JXPath

@eclipsewebmaster
Copy link
Author

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Nov 03, 2023 05:05

Thanks! BTW, the last changes I made (add Bundle-License headers to the MANIFEST.MF files) might be unnecessary - I saw that in the manifest generated during the build the license headers were added. Nevertheless, I think I'll keep the explicit ones, so that we see these also in the source.

@eclipsewebmaster
Copy link
Author

By Andrew Johnson on Nov 08, 2023 06:57

The latest build just has the o.e.mat bundles in bom.json and summary, whereas previous had a lot more. Is this due to the Tycho change?

https://ci.eclipse.org/mat/job/tycho-mat-nightly/1508/artifact/parent/target/bom.json

Build Artifacts
bom.json 19.79 KB
view
summary 1.74 KB
view

https://ci.eclipse.org/mat/job/tycho-mat-nightly/1508/artifact/parent/target/dash/summary/*view*/

maven/mavencentral/org.eclipse.mat/org.eclipse.mat.api/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart.ui/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.dtfj/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.hprof/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ibmdumps/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.jdt/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.jruby.resolver/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.parser/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.product/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.report/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.help/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.rcp.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.rcp/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat

but a previous build had a lot more:
https://ci.eclipse.org/mat/job/tycho-mat-nightly/1505/artifact/parent/target/bom.json

https://ci.eclipse.org/mat/job/tycho-mat-nightly/1508/artifact/parent/target/dash/summary/*view*/

maven/mavencentral/com.ibm.icu/icu4j/73.2, GPL-2.0-or-later AND GPL-3.0-or-later AND LicenseRef-scancode-autoconf-simple-exception AND LicenseRef-scancode-autoconf-simple-exception-2.0 AND LicenseRef-scancode-unicode AND LicenseRef-scancode-unicode-icu-58 AND NTP AND LicenseRef-scancode-unicode, approved, #9093
maven/mavencentral/jakarta.el/jakarta.el-api/3.0.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.el
maven/mavencentral/jakarta.servlet/jakarta.servlet-api/4.0.4, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.servlet
maven/mavencentral/javax.servlet.jsp/javax.servlet.jsp-api/2.3.3, Apache-2.0 or CDDL-1.0, approved, CQ7385
maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707
maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709
maven/mavencentral/org.apache.felix/org.apache.felix.gogo.command/1.1.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.felix/org.apache.felix.gogo.runtime/1.1.6, Apache-2.0 AND MIT, approved, CQ22929
maven/mavencentral/org.apache.felix/org.apache.felix.gogo.shell/1.1.4, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.felix/org.apache.felix.scr/2.2.6, Apache-2.0 AND BSD-3-Clause AND MIT, approved, #798
maven/mavencentral/org.bouncycastle/bcpg-jdk18on/1.76, Apache-2.0, approved, #9824
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.76, MIT AND CC0-1.0, approved, #9827
maven/mavencentral/org.codehaus.mojo/animal-sniffer-annotations/1.9, MIT, approved, clearlydefined
maven/mavencentral/org.eclipse.jetty.toolchain/jetty-servlet-api/4.0.6, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-http/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-io/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-security/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-server/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-servlet/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-util-ajax/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.jetty/jetty-util/10.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.api/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart.ui/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.chart/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.dtfj/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.hprof/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ibmdumps/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.jdt/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.jruby.resolver/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.parser/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.product/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.report/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.help/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.rcp.feature/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui.rcp/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.eclipse.mat/org.eclipse.mat.ui/1.15.0-SNAPSHOT, EPL-2.0, approved, tools.mat
maven/mavencentral/org.glassfish/javax.el/3.0.0, , approved, CQ7384
maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.namespace.extender/1.0.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.namespace.implementation/1.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.service.cm/1.6.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.service.component/1.5.1, Apache-2.0, approved, #5389
maven/mavencentral/org.osgi/org.osgi.service.device/1.1.1, Apache-2.0, approved, #2418
maven/mavencentral/org.osgi/org.osgi.service.event/1.4.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.service.metatype/1.4.1, Apache-2.0, approved, #2419
maven/mavencentral/org.osgi/org.osgi.service.prefs/1.1.2, Apache-2.0, approved, #2451
maven/mavencentral/org.osgi/org.osgi.service.provisioning/1.2.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.service.upnp/1.2.1, Apache-2.0, approved, #2735
maven/mavencentral/org.osgi/org.osgi.service.useradmin/1.1.1, Apache-2.0, approved, #2437
maven/mavencentral/org.osgi/org.osgi.service.wireadmin/1.0.2, Apache-2.0, approved, #796
maven/mavencentral/org.osgi/org.osgi.util.function/1.2.0, Apache-2.0, approved, #6908
maven/mavencentral/org.osgi/org.osgi.util.measurement/1.0.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.util.position/1.0.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.osgi/org.osgi.util.promise/1.3.0, Apache-2.0, approved, #5266
maven/mavencentral/org.osgi/org.osgi.util.xml/1.0.2, Apache-2.0, approved, #799
maven/mavencentral/org.osgi/osgi.annotation/8.0.1, Apache-2.0, approved, #6909
maven/mavencentral/org.osgi/osgi.annotation/8.1.0, Apache-2.0, approved, #1985
maven/mavencentral/org.ow2.sat4j/org.ow2.sat4j.core/2.3.6, (EPL-1.0 OR LGPL-2.0-or-later) AND MIT, approved, #1929
maven/mavencentral/org.ow2.sat4j/org.ow2.sat4j.pb/2.3.6, (EPL-1.0 OR LGPL-2.1-or-later) AND MIT, approved, #1928
maven/mavencentral/org.slf4j/slf4j-api/2.0.5, MIT, approved, #5915
maven/mavencentral/org.tukaani/xz/1.9, LicenseRef-Public-Domain, approved, CQ23498
p2/orbit/p2.eclipse.feature/com.ibm.dtfj.feature/1.12.29003.202006111057, EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0, approved, technology.openj9
p2/orbit/p2.eclipse.feature/org.eclipse.e4.rcp/4.29.0.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.feature/org.eclipse.ecf.core.feature/1.6.1.v20230507-1923, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.feature/org.eclipse.ecf.core.ssl.feature/1.1.501.v20230507-1921, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.feature/org.eclipse.ecf.filetransfer.feature/3.14.1800.v20230422-0242, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.feature/org.eclipse.ecf.filetransfer.httpclient5.feature/1.1.701.v20230423-0417, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.feature/org.eclipse.ecf.filetransfer.ssl.feature/1.1.401.v20230422-0242, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.feature/org.eclipse.emf.common/2.30.0.v20230810-0713, EPL-1.0, approved, modeling.emf
p2/orbit/p2.eclipse.feature/org.eclipse.emf.ecore/2.35.0.v20230829-0934, EPL-1.0, approved, modeling.emf
p2/orbit/p2.eclipse.feature/org.eclipse.equinox.executable/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.feature/org.eclipse.equinox.p2.core.feature/1.6.1900.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.feature/org.eclipse.equinox.p2.extras.feature/1.4.2100.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.feature/org.eclipse.equinox.p2.rcp.feature/1.4.2100.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.feature/org.eclipse.equinox.p2.user.ui/2.4.2100.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.feature/org.eclipse.help/2.3.1500.v20230903-1000, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.feature/org.eclipse.rcp/4.29.0.v20230903-1000, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/com.ibm.dtfj.api/1.12.29003.202006111057, EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0, approved, technology.openj9
p2/orbit/p2.eclipse.plugin/com.ibm.dtfj.j9/1.12.29003.202006111057, EPL-2.0 OR Apache-2.0 OR GPL-2.0 WITH Classpath-exception-2.0 OR GPL-2.0-only WITH OpenJDK-assembly-exception-1.0, approved, technology.openj9
p2/orbit/p2.eclipse.plugin/com.sun.jna/5.13.0.v20230812-1000, Apache-2.0 AND LGPL-2.1-or-later, approved, #9849
p2/orbit/p2.eclipse.plugin/javax.annotation/1.3.5.v20200909-1856, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
p2/orbit/p2.eclipse.plugin/javax.inject/1.0.0.v20220405-0441, Apache-2.0, approved, CQ3555
p2/orbit/p2.eclipse.plugin/org.apache.ant/1.10.12.v20211102-1452, Apache-2.0 AND EPL-2.0 AND W3C AND LicenseRef-Flora AND LicenseRef-Public-Domain, approved, CQ23806
p2/orbit/p2.eclipse.plugin/org.apache.batik.constants/1.16.0.v20221027-0840, Apache-2.0, approved, #4851
p2/orbit/p2.eclipse.plugin/org.apache.batik.css/1.16.0.v20221027-0840, Apache-2.0, approved, #4852
p2/orbit/p2.eclipse.plugin/org.apache.batik.i18n/1.16.0.v20221027-0840, Apache-2.0, approved, #4849
p2/orbit/p2.eclipse.plugin/org.apache.batik.util/1.16.0.v20221027-0840, Apache-2.0, approved, #4850
p2/orbit/p2.eclipse.plugin/org.apache.commons.codec/1.14.0.v20221112-0806, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #3905
p2/orbit/p2.eclipse.plugin/org.apache.commons.io/2.8.0.v20210415-0900, Apache-2.0, approved, CQ23182
p2/orbit/p2.eclipse.plugin/org.apache.commons.jxpath/1.3.0.v200911051830, Apache-2.0, approved, CQ10790
p2/orbit/p2.eclipse.plugin/org.apache.commons.logging/1.2.0.v20180409-1502, Apache-2.0, approved, CQ10162
p2/orbit/p2.eclipse.plugin/org.apache.httpcomponents.client5.httpclient5-win/5.1.3.v20221013-1742, Apache-2.0 AND MIT, approved, #1828
p2/orbit/p2.eclipse.plugin/org.apache.httpcomponents.client5.httpclient5/5.1.3.v20221013-1742, Apache-2.0, approved, #6276
p2/orbit/p2.eclipse.plugin/org.apache.httpcomponents.core5.httpcore5-h2/5.1.4.v20221013-1742, Apache-2.0, approved, #3934
p2/orbit/p2.eclipse.plugin/org.apache.httpcomponents.core5.httpcore5/5.1.4.v20221013-1742, Apache-2.0, approved, #3945
p2/orbit/p2.eclipse.plugin/org.apache.jasper.glassfish/2.2.2.v201501141630, , approved, CQ4711
p2/orbit/p2.eclipse.plugin/org.apache.lucene.analysis-common/9.7.0.v20230703-0758, Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND LicenseRef-Permission-Notice AND LicenseRef-Python AND MIT AND (GPL-2.0-only OR LGPL-2.1-only OR MPL-1.1 OR CC-BY-4.0 OR Apache-2.0), approved, #9227
p2/orbit/p2.eclipse.plugin/org.apache.lucene.analysis-smartcn/9.7.0.v20230703-0758, Apache-2.0, approved, #9222
p2/orbit/p2.eclipse.plugin/org.apache.lucene.core/9.7.0.v20230703-0758, Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause AND LicenseRef-Permission-Notice AND LicenseRef-Python AND MIT AND (GPL-2.0-only OR LGPL-2.1-only OR MPL-1.1 OR CC-BY-4.0 OR Apache-2.0) AND (Apache-2.0 AND LicenseRef-Permission-Notice AND ICU), approved, #9226
p2/orbit/p2.eclipse.plugin/org.apache.xmlgraphics/2.7.0.v20221018-0736, Apache-2.0, approved, 3367
p2/orbit/p2.eclipse.plugin/org.eclipse.birt.chart.device.extension/4.12.0.v202211281949, EPL-2.0, approved, technology.birt
p2/orbit/p2.eclipse.plugin/org.eclipse.birt.chart.device.swt/4.12.0.v202211281949, EPL-2.0, approved, technology.birt
p2/orbit/p2.eclipse.plugin/org.eclipse.birt.chart.engine.extension/4.12.0.v202211281949, EPL-2.0, approved, technology.birt
p2/orbit/p2.eclipse.plugin/org.eclipse.birt.chart.engine/4.12.0.v202211281949, EPL-2.0, approved, technology.birt
p2/orbit/p2.eclipse.plugin/org.eclipse.birt.core/4.12.0.v202211281949, EPL-2.0, approved, technology.birt
p2/orbit/p2.eclipse.plugin/org.eclipse.compare.core/3.8.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.compare/3.9.200.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.commands/3.11.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.contenttype/3.9.100.v20230630-1232, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.databinding.beans/1.10.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.databinding.observable/1.13.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.databinding.property/1.10.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.databinding/1.13.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.expressions/3.9.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.filebuffers/3.8.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.filesystem/1.10.100.v20230717-1727, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.jobs/3.15.0.v20230808-1403, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.net/1.5.100.v20230630-1232, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.resources/3.19.100.v20230814-1312, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.runtime/3.29.0.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.core.variables/3.6.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.debug.core/3.21.100.v20230731-1425, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.debug.ui/3.18.100.v20230802-1257, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.commands/1.1.100.v20230630-1554, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.contexts/1.12.100.v20230725-1354, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.di.annotations/1.8.100.v20230617-1158, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.di.extensions.supplier/0.17.100.v20230630-1232, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.di.extensions/0.18.0.v20230429-1914, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.di/1.9.100.v20230721-1753, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.core.services/2.4.100.v20230708-0809, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.emf.xpath/0.4.100.v20230801-1255, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.bindings/0.14.100.v20230630-1554, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.css.core/0.14.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.css.swt.theme/0.14.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.css.swt/0.15.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.di/1.5.100.v20230630-1554, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.dialogs/1.4.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.ide/3.17.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.model.workbench/2.4.100.v20230801-1255, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.progress/0.4.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.services/1.6.100.v20230630-1554, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.swt.gtk/1.2.0.v20230501-1823, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.swt.win32/1.2.0.v20230501-1823, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.widgets/1.4.0.v20230317-0802, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench.addons.swt/1.5.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench.renderers.swt.cocoa/0.14.100.v20230630-1554, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench.renderers.swt/0.16.100.v20230801-1255, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench.swt/0.17.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench/1.15.100.v20230819-0347, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.e4.ui.workbench3/0.17.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.filetransfer/5.1.102.v20210409-2301, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.identity/3.10.0.v20230422-0242, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.provider.filetransfer.httpclient5.win32/1.1.0.v20230423-0417, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.provider.filetransfer.httpclient5/1.1.0.v20230423-0417, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.provider.filetransfer.ssl/1.1.0.v20230422-0242, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.provider.filetransfer/3.3.0.v20230422-0242, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf.ssl/1.3.0.v20230507-1921, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.ecf/3.11.0.v20230507-1923, EPL-1.0, approved, rt.ecf
p2/orbit/p2.eclipse.plugin/org.eclipse.emf.common/2.29.0.v20230810-0713, EPL-1.0, approved, modeling.emf
p2/orbit/p2.eclipse.plugin/org.eclipse.emf.ecore.change/2.15.0.v20230211-1150, EPL-1.0, approved, modeling.emf
p2/orbit/p2.eclipse.plugin/org.eclipse.emf.ecore.xmi/2.35.0.v20230801-1141, EPL-1.0, approved, modeling.emf
p2/orbit/p2.eclipse.plugin/org.eclipse.emf.ecore/2.35.0.v20230829-0934, EPL-2.0, approved, modeling.emf.emf
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.app/1.6.300.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.bidi/1.4.300.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.common/3.18.100.v20230730-1117, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.concurrent/1.2.100.v20211021-1418, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.console/1.4.500.v20211021-1418, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.event/1.6.200.v20230120-0604, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.frameworkadmin.equinox/1.2.400.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.frameworkadmin/2.2.200.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.http.jetty/3.8.300.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.http.registry/1.3.300.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.http.servlet/1.7.400.v20221006-1531, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.jsp.jasper.registry/1.2.100.v20211021-1418, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.jsp.jasper/1.1.700.v20220801-1124, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.cocoa.macosx.aarch64/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.cocoa.macosx.x86_64/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.cocoa.macosx/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.gtk.linux.aarch64/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.gtk.linux.ppc64le/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.gtk.linux.x86_64/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher.win32.win32.x86_64/1.2.700.v20221108-1024, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.launcher/1.6.500.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.artifact.repository/1.5.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.console/1.3.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.core/2.10.100.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.director.app/1.3.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.director/2.6.100.v20230718-0609, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.directorywatcher/1.4.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.engine/2.8.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.extensionlocation/1.5.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.garbagecollector/1.3.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.jarprocessor/1.3.200.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.metadata.repository/1.5.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.metadata/2.7.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.operations/2.7.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.publisher.eclipse/1.5.100.v20230814-2013, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.publisher/1.8.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.reconciler.dropins/1.5.100.v20230718-0611, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.repository.tools/2.4.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.repository/2.7.100.v20230710-0621, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.touchpoint.eclipse/2.4.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.touchpoint.natives/1.5.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.transport.ecf/1.4.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.ui.importexport/1.4.100.v20230728-2010, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.ui.sdk.scheduler/1.6.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.ui.sdk/1.3.100.v20230728-2010, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.ui/2.8.100.v20230728-2010, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.updatechecker/1.4.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.p2.updatesite/1.3.100.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.preferences/3.10.300.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.registry/3.11.300.v20230801-1826, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.security.linux/1.1.0.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.security.macosx/1.102.0.v20230616-1215, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.security.ui/1.4.0.v20230728-2008, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.security.win32.x86_64/1.2.0.v20230616-1215, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.security/1.4.0.v20230630-1303, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.simpleconfigurator.manipulator/2.2.200.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.equinox.simpleconfigurator/1.4.300.v20230630-1506, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.help.base/4.4.100.v20230903-1000, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.help.ui/4.6.0.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.help.webapp/3.11.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.help/3.10.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.core.compiler.batch/3.35.0.v20230814-2020, EPL-1.0, approved, eclipse.e4
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.core.manipulation/1.19.100.v20230811-2104, EPL-2.0, approved, eclipse.jdt
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.core/3.35.0.v20230814-1356, EPL-1.0, approved, eclipse.e4
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.debug/3.21.100.v20230728-0612, EPL-2.0, approved, eclipse.jdt
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.launching/3.20.100.v20230814-1810, EPL-2.0, approved, eclipse.jdt
p2/orbit/p2.eclipse.plugin/org.eclipse.jdt.ui/3.30.0.v20230822-0733, EPL-2.0, approved, eclipse.jdt
p2/orbit/p2.eclipse.plugin/org.eclipse.jface.databinding/1.15.100.v20230708-0916, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.jface.notifications/0.6.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.jface.text/3.24.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.jface/3.31.0.v20230821-1552, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ltk.core.refactoring/3.14.100.v20230728-0612, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ltk.ui.refactoring/3.13.100.v20230728-0612, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.osgi.compatibility.state/1.2.800.v20221116-1440, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.osgi.services/3.11.100.v20221006-1531, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.osgi.util/3.7.200.v20230103-1101, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.osgi/3.18.500.v20230801-1826, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.eclipse.plugin/org.eclipse.platform/4.29.0.v20230903-1000, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.rcp/4.29.0.v20230903-1000, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.search/3.15.200.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.cocoa.macosx.aarch64/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.cocoa.macosx.x86_64/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.gtk.linux.aarch64/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.gtk.linux.ppc64le/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.gtk.linux.x86_64/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt.win32.win32.x86_64/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swt/3.124.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.swtbot.eclipse.finder/4.1.0.202306071420, EPL-2.0, approved, technology.swtbot
p2/orbit/p2.eclipse.plugin/org.eclipse.swtbot.junit4_x/4.1.0.202306071420, EPL-2.0, approved, technology.swtbot
p2/orbit/p2.eclipse.plugin/org.eclipse.swtbot.swt.finder/4.1.0.202306071420, EPL-2.0, approved, technology.swtbot
p2/orbit/p2.eclipse.plugin/org.eclipse.team.core/3.10.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.team.ui/3.10.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.text/3.13.100.v20230801-1334, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.cheatsheets/3.8.100.v20230725-0936, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.cocoa/1.3.100.v20230214-1401, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.console/3.13.0.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.editors/3.17.0.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.forms/3.13.0.v20230807-1354, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.ide.application/1.5.100.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.ide/3.21.100.v20230825-1346, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.intro/3.7.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.navigator.resources/3.9.100.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.navigator/3.12.100.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.net/1.5.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.themes/1.2.2300.v20230807-1354, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.views.log/1.4.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.views.properties.tabbed/3.10.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.views/3.12.100.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.workbench.texteditor/3.17.100.v20230821-0745, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui.workbench/3.130.0.v20230822-0911, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.ui/3.204.0.v20230821-1342, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.update.configurator/3.5.100.v20230726-0617, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.eclipse.urischeme/1.3.100.v20230727-0604, EPL-2.0, approved, eclipse.platform
p2/orbit/p2.eclipse.plugin/org.hamcrest.core/2.2.0.v20230809-1000, BSD-3-Clause, approved, #9982
p2/orbit/p2.eclipse.plugin/org.hamcrest.library/1.3.0.v20180524-2246, BSD-2-Clause, approved, CQ7219
p2/orbit/p2.eclipse.plugin/org.junit/4.13.2.v20230809-1000, EPL-1.0, approved, CQ21439
p2/orbit/p2.eclipse.plugin/org.mozilla.javascript/1.7.10.v20190430-1943, MPL-2.0 AND BSD-3-Clause AND ISC, approved, CQ19626
p2/orbit/p2.eclipse.plugin/org.slf4j.api/1.7.30.v20221112-0806, MIT, approved, CQ21574
p2/orbit/p2.eclipse.plugin/org.w3c.css.sac/1.3.1.v200903091627, Apache-2.0 OR LicenseRef-Public-Domain OR W3C, approved, CQ1448
p2/orbit/p2.eclipse.plugin/org.w3c.dom.events/3.0.0.draft20060413_v201105210656, Apache-2.0, approved, CQ208
p2/orbit/p2.eclipse.plugin/org.w3c.dom.smil/1.0.1.v200903091627, Apache-2.0 OR LicenseRef-Public-Domain OR W3C, approved, CQ1448
p2/orbit/p2.eclipse.plugin/org.w3c.dom.svg/1.1.0.v201011041433, Apache-2.0, approved, CQ208
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.cocoa.macosx.aarch64/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.cocoa.macosx.x86_64/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.gtk.linux.aarch64/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.gtk.linux.ppc64le/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.gtk.linux.x86_64/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.equinox.executable_root.win32.win32.x86_64/3.8.2200.v20230717-2134, EPL-2.0, approved, eclipse.equinox
p2/orbit/p2.p2.installable.unit/org.eclipse.rcp_root/4.29.0.v20230903-1000, EPL-2.0, approved, eclipse.platform

@eclipsewebmaster
Copy link
Author

By Krum Tsvetkov on Nov 09, 2023 04:40

I added requireEagerResolve to the target platform configuration as
suggested in https://github.com/eclipse/dash-licenses#eclipse-tycho. With this the bom.json and summary contain all dependencies again.

I verified that the setting doesn't lead to having more plugins in the standalone version.
I haven't verified however if the bom / dash summary contents are different than before the tycho upgrade.

@krumts krumts self-assigned this May 15, 2024
@krumts krumts removed the legacy label May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants