Re: A license check tool offered by Apache SkyWalking Community

[kezhenxu94]

Hi Vladimir Sitnikov thanks for sharing! Yes overriding a dependencies license is important when the tool cannot identify it, and we have this feature too  > 18. Declare the dependency licenses which cannot be identified by this tool. apache/skywalking-eyes: A full-featured license tool to check and fix license headers and resolve dependencies' licenses. github.com Currently license eye supports Golang, maven, npm, and Rust cargo, while gradle is in my roadmap too. Glad to see your tool! On Aug 25, 2022, at 00:02, Vladimir Sitnikov <sitnikov.vladi...@gmail.com> wrote: I have a similar tool in form of a Gradle plugin: https://github.com/vlsi/vlsi-release-plugins/blob/45865c3186a7ecc0d30b1f88c2f31160b5e1b13a/plugins/license-gather-plugin/README.md It searches for LICENSE-like files in dependencies, checks if the license is A-B-X compatible, and generates the final license file (with all the LICENSE-like files from the dependencies). I've created it for Apache JMeter and Apache Calcite: https://github.com/apache/jmeter/blob/b73f69074f8b3b5d71767ab0fedb52f16a1e55d6/src/licenses/build.gradle.kts https://github.com/apache/calcite/blob/b9c2099ea92a575084b55a206efc5dd341c0df62/release/build.gradle.kts#L101-L121 From my experience, it is important to be able to "override the detected license" as many dependencies do not properly declare the actual license, and sometimes dependencies fail to include license texts in their release artifacts. Vladimir