Not all licenses listed?

[fenders]

Thanks first of all for providing this plugin! It is exactly, what we were looking for.

I integrated both, v3.0.0-beta-4 and also the latest v3.0.0-rc1 into a SonarQube 7.6.

We have three quite large multi-module projects. One of them having more than 200 maven modules.
After invoking the analysis, there are a couple of licenses listed on the project's License Check overview. These licenses of all three status: Forbidden, Allowed, Unknown.

Only thing is, there should be way more licenses. An analysis using the license-maven-plugin showed about 500 licenses, whereas the sonarqube-licensecheck only lists about 50.
In addition it seems, that the number of listed licenses varies when running the analysis multiple times.
Is there any way I can debug this?

Thanks and all the best,
Frank

[derkoe]

Only thing is, there should be way more licenses. An analysis using the license-maven-plugin showed about 500 licenses, whereas the sonarqube-licensecheck only lists about 50.

There are only 360 open source licenses in total out there - I guess the license-maven-plugin is wrong here. 50 different licenses are a lot anyway.

In addition it seems, that the number of listed licenses varies when running the analysis multiple times.
Is there any way I can debug this?

This seems interesting - can you reproduce this on a simpler example, maybe one that you can attach here or provide as a GitHub repo?

[fenders]

Thanks for your reply!

Sorry, for not expressing clear enough: I was referring to the number of libraries using open source licenses. So not the unique number of licenses as such but the number of libraries.

I will try to reproduce the second observation (varying number of found libraries) on a simpler example and give feedback.

Thanks so far!
Frank

[HSSE-Dev]

Since we also use LicenseCheck for multi module projects I tested it with us. In our case all dependencies were evaluated of the Master POM(but only from them), except those with Dependencie-Scope "Provided".
In the Mojo License Plugin all licenses of the submodules are also analyzed and for this reason a different result is obtained.
I can't confirm the different analysis results for several analyses, have scopes changed?

[fenders]

Thanks a lot! Thanks seems to explain the different numbers compared to Mojo License Plugin.
I'll see whether it's possible to make both things configurable and would provide an PR if you are interested.

I'll also going to investigate on the second issue and would create a new distinct issue for this as soon as I can provide more info to reproduce it (if it still appears).

Thanks again for your quick support!

[HSSE-Dev]

@fenders I am not familiar with the exact functionality of the plugin(only user) and have only contributed my experiences. For this reason it would be good if @derkoe gave a short explanation/statement.

[fenders]

According to #34, dependencies from submodules should also be included into the analysis.