LF not picking up two of our Golang dependencies

[dkoper]

Running the LF report on https://github.com/cloudfoundry/cli gives a list of most of its vendored dependencies and licenses, but it missed two dependencies:

https://github.com/cloudfoundry/cli/tree/master/vendor/golang.org/x/sys/unix https://github.com/cloudfoundry/cli/blob/master/vendor/gopkg.in/yaml.v2

The former contains a BSD-3 Clause LICENSE file. The latter contains a LICENSE file with Apache boilerplate code.

The issue is not that it could not detect the licenses, the issue is that the dependencies were not included in the report at all.

FYI:

diesk@cloud-cf:~/workspace/cli$ license_finder --debug
LicenseFinder::GoDep: is not installed
LicenseFinder::GoWorkspace: is installed
LicenseFinder::GoWorkspace: is not active
LicenseFinder::GoVendor: is installed
LicenseFinder::GoVendor: is active
LicenseFinder::Bundler: is installed
LicenseFinder::Bundler: is not active
LicenseFinder::NPM: is not installed
LicenseFinder::Pip: is not installed
LicenseFinder::Bower: is not installed
LicenseFinder::Maven: is not installed
LicenseFinder::Gradle: is installed
LicenseFinder::Gradle: is not active
LicenseFinder::CocoaPods: no command defined
LicenseFinder::CocoaPods: is not active
LicenseFinder::Rebar: is not installed
LicenseFinder::Nuget: no command defined
LicenseFinder::Nuget: is not active

All dependencies are approved for use
diesk@cloud-cf:~/workspace/cli$

[kdykeman]

There seem to be two different causes for the missing dependencies:

1. In version 2.1.2 of license, the heuristic for identifying standard packages would match some non-standard packages. There's been a change to the heuristics for excluding standard packages since the last release that should resolve the issue with yaml.v2 not showing up.
2. Running go list -f "{{join .Deps \"\n\"}}" ./... (which is what LF is doing under the covers for GoVendor projects) doesn't list 'golang.org/x/sys/unix' as a dependency when run on the cli project.

Holding this issue open for more information on 2.