I tried sbt-rat. It reported no jar issues but logged nothing about them so I wouldn't be sure it really checked. It reported every file as a license issue because it doesn't know about our non-standard header. We can probably find a setting to tell Rat that our special Apache header is ok.
On Wed 8 Feb 2023, 17:24 Matthew Benedict de Detrich, <[email protected]> wrote: > So daffodil which is an Apache project built with sbt uses apache rat via > sbt in order to check for problematic licenses, see > https://github.com/Apache/daffodil#license-check. I think we can just copy > them > > For SBOM, this is already covered in Pekko (this was carried over from > Akka) > > On Wed, Feb 8, 2023 at 4:29 PM Josep Prat <[email protected]> wrote: > > > Hi there, > > > > FOSSA is usually used for a couple of things. One is the one you already > > assumed (check for problematic licenses). The other is to generate an > SBOM. > > AFAIR, Akka was using an sbt plugin to generate the SBOM. So the license > > checker would be the feature we are interested in. > > > > Best, > > > > > > > On 2023/02/08 16:04 CET PJ Fanning <[email protected]> wrote: > > > > > > > > > Hi everyone, > > > > > > Is anyone familiar with the Fossa checks in the Akka CI builds? We've > > disabled them in Pekko builds because we don't have API keys setup as > > repository secrets. > > > > > > ASF requires us to check for problematic licenses in our dependencies > > [1]. I'm making assumptions but I presume that this is what the Fossa > check > > is doing. If there is anyone who can correct me, that would be great. > > > > > > If this check does indeed make useful checks for annoying licenses, > then > > I'll see about getting the INFRA team to get an API key from Fossa and > set > > it up as a Repository secret for us. > > > > > > Regards, > > > PJ > > > > > > [1] https://www.apache.org/legal/resolved.html > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > Matthew de Detrich > > *Aiven Deutschland GmbH* > > Immanuelkirchstraße 26, 10405 Berlin > > Amtsgericht Charlottenburg, HRB 209739 B > > Geschäftsführer: Oskari Saarenmaa & Hannu Valtonen > > *m:* +491603708037 > > *w:* aiven.io *e:* [email protected] >
