[GitHub] [incubator-pekko] mdedetrich commented on issue #151: Investigate how to scan for problematic licenses

["mdedetrich (via GitHub)" <gi...@apache.org>]

mdedetrich commented on issue #151:
URL: https://github.com/apache/incubator-pekko/issues/151#issuecomment-1509762285

   So I created a PR against https://github.com/sbt/sbt-license-report/pull/55 which when merged would allow us to generate a report of all of the aggregated licenses for all of the transitive dependencies for this project which we can then inspect to make sure we don't see something weird. The plugin also lets us configure what Ivy scopes we want to generate the licenses for (see `licenseConfigurations`) so its possible to, for example, only generate licenses for the `compile` scope (if we don't care about licenses used for `test`)
   
   Its also possible to add functionality that will "break" the build if it picks up a problematic license (i.e. similar to `dependencyCheckFailBuildOnCVSS` for https://github.com/albuch/sbt-dependency-check).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@pekko.apache.org
For additional commands, e-mail: notifications-help@pekko.apache.org