Hi, Looking for some guidance on doing some source license auditing. My needs are two fold. I need to track down all the licenses of all our dependencies, which there seems to be an abundance of plugins. But I also need to audit the licenses of our committed source, as many come from open and non-open projects, I need to track the individual files as well.
I’ve started by using Apache RAT [1], which seems to be okay for auditing the source, but given that we have a significant number of modules, configuration of RAT is somewhat a pain (I have a bunch of custom license definitions and matchers) which seem to have to be added to every POM file (doesn’t like going into the parent POM likely because of the way we are using Tycho). Can anyone recommend a plugin that might be better for my use case? I’d like to be able to have a single config file (or artifact) that contains the license declarations, and then be able to reference that from all my modules. The Codehaus License Maven Plugin [2] seems close to what I want, but I can’t seem to figure out how to get it to show me files that are missing license headers or even show me a per file license summary. If anyone can point me to some examples or tutorials that explain this that would be much appreciated. [1] http://creadur.apache.org/rat/apache-rat-plugin/examples/custom-license.html <http://creadur.apache.org/rat/apache-rat-plugin/examples/custom-license.html> [2] http://www.mojohaus.org/license-maven-plugin/examples/example-thirdparty.html <http://www.mojohaus.org/license-maven-plugin/examples/example-thirdparty.html> Thanks, JK Jim Klo Senior Software Engineer Center for Software Engineering SRI International t. @nsomnac
smime.p7s
Description: S/MIME cryptographic signature