Most licenses not detected #37
Comments
|
Found some more log from https://www.hack23.com/jenkins/view/Future/job/Citizen-Intelligence-Agency-Latest-Plugin-Dependencies/1993/consoleText
So don't match any specified license, any way of including different license text to match the same license ? |
|
The problem is that Maven has no standard format for licenses - only free text. So each license has many different representations. The plugin provides a mapping from Maven license string via regex to a license from the defined license list. For dependencies without a license you can also map groupId:artifactId to a license. This mapping has to be configured manually. You'll find the mapping under Administration > Configuration > License Check > Maven Licenses (or Maven Dependencies for the groupId:artifactId mapping). Only very few defaults for Maven dependency mappings are provided there. In #15 we want to provide more defaults. PRs welcome :-) |
Have been using https://www.mojohaus.org/license-maven-plugin/ to generate list of 3:rd party licenses example at https://hack23.github.io/cia/third-party-report.html .
But when using latest v3.0.0-beta-2 I get mostly "No License found for Dependency" : https://www.hack23.com/sonar/project/issues?id=com.hack23.cia%3Acia-all&resolved=false&rules=licensecheck%3Alicensecheck.unlisted&types=CODE_SMELL
Example "No License found for Dependency: com.amazonaws:aws-java-sdk-ec2" is detected as "The Apache Software License, Version 2.0" by maven-license-plugin but not by this plugin.
Have I missed something obvious ? When using license-maven-plugin, i actually have to specify license merges since a lots of project use different license string for the same project
<licenseMerges> <licenseMerge>GNU General Public License, version 2,with the Classpath Exception|GPLv2+CE|GPL2 w/ CPE|GNU General Public License, Version 2 with the Classpath Exception</licenseMerge> <licenseMerge>Common Public License|CPL</licenseMerge> <licenseMerge>Do What the Fuck You Want to Public License|WTFPL</licenseMerge> <licenseMerge>GNU Lesser General Public Licence (LGPL)|GNU Lesser General Public Licence|Lesser General Public License (LGPL)|GNU LESSER GENERAL PUBLIC LICENSE|GNU Lesser General Public License|LGPL</licenseMerge> <licenseMerge>GNU General Lesser Public License (LGPL) version 2.1|LGPL 2.1|GNU Lesser General Public License, Version 2.1</licenseMerge> <licenseMerge>The Apache Software License, Version 2.0|Apache License 2.0|Apache 2|Apache License, Version 2.0|Apache 2.0|Apache Software License - Version 2.0|Apache License, version 2.0|Apache License Version 2.0|ASF 2.0|AL 2.0</licenseMerge> <licenseMerge>The Apache Software License|Apache Software Licenses|ASL</licenseMerge> <licenseMerge>Eclipse Public License - Version 1.0|Eclipse Public License - v 1.0|Eclipse Public License (EPL), Version 1.0|Eclipse Public License 1.0</licenseMerge> <licenseMerge>Common Development and Distribution License (CDDL) version 1.0|Common Development and Distribution License (CDDL) v1.0|COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0|CDDL|Common Development and Distribution License</licenseMerge> <licenseMerge>Common Development and Distribution License (CDDL) version 1.1|CDDL 1.1</licenseMerge> <licenseMerge>The BSD License|BSD|BSD licence|BSD License</licenseMerge> <licenseMerge>Mozilla Public License Version 1.1|MPL 1.1</licenseMerge> <licenseMerge>The MIT License|MIT License|MIT license</licenseMerge> <licenseMerge>BSD style|dom4j|BSD-Style|BSD-Style License</licenseMerge> </licenseMerges>Do I need to specify extra licenses if the exact string don't match for this plugin as well ?
All the best
The text was updated successfully, but these errors were encountered: