FOSSology - any recent experiences?

[Joan Touzet <wo...@apache.org>]

Hi everyone,

Apache CouchDB is about to make their big 2.0 release. As part of
final due diligence we're double-checking all of our dependencies
for licenses. Based on prior experiences, I recommended our team
leverage FOSSology (https://www.fossology.org/), an open source
tool I've used before for scouring source code archives for
licenses and allowing them to be tagged as "clear" after a
combination of automated and manual analysis.

I'm curious if any other teams out there use FOSSology to help
with this ASF-mandatory activity, and if so, would you be willing
to share your experiences? Do you have any recommendations for
the settings within the automated scanner? We're presently using
a combination of Nomos and Monk scanning and finding the results
quite satisfactory on a relatively large codebase with complex
JavaScript dependencies.

Looking forward to your stories!

-Joan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org