sonarqube-licensecheck
sonarqube-licensecheck copied to clipboard
porscheinformatik
SonarQube Licensecheck Plugin
License check currently only supports one license per dependency. Many packages nowadays have multiple licenses (combined with AND/OR) and even additions or exceptions. We have to define a concept how...
Sonar: 8.5.0.37579 sonarqube-licensecheck: 4.0.0 ``` INFO: ------------------------------------------------------------------------ INFO: EXECUTION FAILURE INFO: ------------------------------------------------------------------------ INFO: Total time: 5:21.148s INFO: Final Memory: 26M/94M INFO: ------------------------------------------------------------------------ ERROR: Error during SonarScanner execution java.lang.NullPointerException at org.glassfish.json.JsonGeneratorImpl.writeEscapedString(JsonGeneratorImpl.java:555)...
We are using a project structure that place the files required for the scan in this way: - root/backend/build/reports/dependency-license/license-details.json - root/frontend/package.json The plugin tries to find the files directly in...
I am running licensecheck plugin on a Java - Maven project. The scanner fails ad throws stackoverflow error. How do we resolve this? Stack Trace is below ``` [INFO] Sensor...
Please add an option to deactivate transitive license resolving for JAVA (Maven & Gradle) scanning also. Or describe where might be a good place to insert this as may I'm...
today import e.g. gradle report is fixed to: license-details.json add a Sonar property to setup this path dynamically
Maven projects can be mapped to a license by their group/artifactID. It would be cool to have a similar feature for NPM packages. We publish NPM packages to a private...
For testing the scanning of transitive npm dependencies i tested the current master [commit ](https://github.com/porscheinformatik/sonarqube-licensecheck/commit/2df37b4d96a64222f3bab027ad654e3932bd619f ) and activate the property "licensecheck.npm.resolvetransitive=true". For comparison i used the npm package [license-checker](https://github.com/davglass/license-checker) Thereby...
Some (many) tools generate oss license-check files in structured files. https://github.com/jk1/Gradle-License-Report https://www.npmjs.com/package/license-report https://www.mojohaus.org/license-maven-plugin/ Could it be an other aproach, to import the output files of this kind of tools/plugins instead...