add dependency license compatibility check
This commit is contained in:
parent
86128f5994
commit
c4531cb217
32
README.md
32
README.md
@ -351,8 +351,38 @@ In case of suppression, a note must be added to explain why it does not apply to
|
|||||||
|
|
||||||
See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html.
|
See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html.
|
||||||
|
|
||||||
|
### Dependency-License-Compatibility
|
||||||
|
|
||||||
## How to Run the Appplication on a Different Port
|
The `gw check` phase depends on a dependency-license-compatibility check.
|
||||||
|
If any dependency violates the configured [list of allowed licenses](etc/allowed-licenses.json), the build will fail.
|
||||||
|
New licenses can be added to that list after a legal investigation.
|
||||||
|
|
||||||
|
<big>**⚠**</big>
|
||||||
|
*GPL* (*GNU General Public License*) is only allowed with classpath exception.
|
||||||
|
Do <u>not</u> use any dependencies under *GPL* without this exception,
|
||||||
|
except if these offer an alternative license which is allowed.
|
||||||
|
|
||||||
|
To run just the dependency-license-compatibility check, use:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
gw checkLicense
|
||||||
|
```
|
||||||
|
|
||||||
|
If the check fails, a report can be found here: The generated license can be found under [dependencies-without-allowed-license.json](/build/reports/dependency-license/dependencies-without-allowed-license.json).
|
||||||
|
|
||||||
|
And to generate a report, use:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
gw generateLicenseReport
|
||||||
|
```
|
||||||
|
|
||||||
|
The generated license can be found here: [index.html](build/reports/dependency-license/index.html).
|
||||||
|
|
||||||
|
More information can be found on the [project's website](https://github.com/jk1/Gradle-License-Report).
|
||||||
|
|
||||||
|
## How To ...
|
||||||
|
|
||||||
|
### How to Run the Application on a Different Port
|
||||||
|
|
||||||
By default, `gw bootRun` starts the application on port 8080.
|
By default, `gw bootRun` starts the application on port 8080.
|
||||||
|
|
||||||
|
@ -2,6 +2,7 @@ plugins {
|
|||||||
id 'java'
|
id 'java'
|
||||||
id 'org.springframework.boot' version '2.7.2'
|
id 'org.springframework.boot' version '2.7.2'
|
||||||
id 'io.spring.dependency-management' version '1.0.12.RELEASE'
|
id 'io.spring.dependency-management' version '1.0.12.RELEASE'
|
||||||
|
id 'com.github.jk1.dependency-license-report' version '2.1'
|
||||||
id "org.owasp.dependencycheck" version "7.1.1"
|
id "org.owasp.dependencycheck" version "7.1.1"
|
||||||
id "com.diffplug.spotless" version "6.9.0"
|
id "com.diffplug.spotless" version "6.9.0"
|
||||||
}
|
}
|
||||||
@ -91,3 +92,9 @@ dependencyCheck {
|
|||||||
failBuildOnCVSS = 7
|
failBuildOnCVSS = 7
|
||||||
}
|
}
|
||||||
project.tasks.check.dependsOn(dependencyCheckAnalyze)
|
project.tasks.check.dependsOn(dependencyCheckAnalyze)
|
||||||
|
|
||||||
|
licenseReport {
|
||||||
|
excludeBoms = true
|
||||||
|
allowedLicensesFile = new File("$projectDir/etc/allowed-licenses.json")
|
||||||
|
}
|
||||||
|
project.tasks.check.dependsOn(checkLicense)
|
||||||
|
32
etc/allowed-licenses.json
Normal file
32
etc/allowed-licenses.json
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
{
|
||||||
|
"allowedLicenses": [
|
||||||
|
{ "moduleLicense": "Apache 2.0" },
|
||||||
|
{ "moduleLicense": "Apache License, Version 2.0" },
|
||||||
|
{ "moduleLicense": "The Apache Software License, Version 2.0" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "BSD License" },
|
||||||
|
{ "moduleLicense": "BSD-2-Clause" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "CDDL 1.1" },
|
||||||
|
{ "moduleLicense": "CDDL/GPLv2+CE" },
|
||||||
|
{ "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "EDL 1.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Distribution License 1.0" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "Eclipse Public License - v 1.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Public License - v 2.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Public License - v. 2.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Public License - v1.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Public License v 2.0" },
|
||||||
|
{ "moduleLicense": "Eclipse Public License v. 2.0" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "GNU General Public License, version 2 with the GNU Classpath Exception" },
|
||||||
|
{ "moduleLicense": "GPL2 w/ CPE" },
|
||||||
|
|
||||||
|
{ "moduleLicense": "MIT License" },
|
||||||
|
{ "moduleLicense": "MIT" },
|
||||||
|
{ "moduleLicense": "The MIT License (MIT)" },
|
||||||
|
{ "moduleLicense": "The MIT License" }
|
||||||
|
]
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user