add dependency license compatibility check
This commit is contained in:
		
							
								
								
									
										32
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										32
									
								
								README.md
									
									
									
									
									
								
							| @@ -351,8 +351,38 @@ In case of suppression, a note must be added to explain why it does not apply to | ||||
|  | ||||
| See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html. | ||||
|  | ||||
| ### Dependency-License-Compatibility | ||||
|  | ||||
| ## How to Run the Appplication on a Different Port  | ||||
| The `gw check` phase depends on a dependency-license-compatibility check. | ||||
| If any dependency violates the configured [list of allowed licenses](etc/allowed-licenses.json), the build will fail. | ||||
| New licenses can be added to that list after a legal investigation. | ||||
|  | ||||
| <big>**⚠**</big> | ||||
| *GPL* (*GNU General Public License*) is only allowed with classpath exception. | ||||
| Do <u>not</u> use any dependencies under *GPL* without this exception, | ||||
| except if these offer an alternative license which is allowed.  | ||||
|  | ||||
| To run just the dependency-license-compatibility check, use: | ||||
|  | ||||
| ```shell | ||||
| gw checkLicense | ||||
| ``` | ||||
|  | ||||
| If the check fails, a report can be found here: The generated license can be found under [dependencies-without-allowed-license.json](/build/reports/dependency-license/dependencies-without-allowed-license.json). | ||||
|  | ||||
| And to generate a report, use: | ||||
|  | ||||
| ```shell | ||||
| gw generateLicenseReport | ||||
| ``` | ||||
|  | ||||
| The generated license can be found here: [index.html](build/reports/dependency-license/index.html). | ||||
|  | ||||
| More information can be found on the [project's website](https://github.com/jk1/Gradle-License-Report). | ||||
|  | ||||
| ## How To ... | ||||
|  | ||||
| ### How to Run the Application on a Different Port  | ||||
|  | ||||
| By default, `gw bootRun` starts the application on port 8080. | ||||
|  | ||||
|   | ||||
| @@ -2,6 +2,7 @@ plugins { | ||||
|     id 'java' | ||||
|     id 'org.springframework.boot' version '2.7.2' | ||||
|     id 'io.spring.dependency-management' version '1.0.12.RELEASE' | ||||
|     id 'com.github.jk1.dependency-license-report' version '2.1' | ||||
|     id "org.owasp.dependencycheck" version "7.1.1" | ||||
|     id "com.diffplug.spotless" version "6.9.0" | ||||
| } | ||||
| @@ -91,3 +92,9 @@ dependencyCheck { | ||||
|     failBuildOnCVSS = 7 | ||||
| } | ||||
| project.tasks.check.dependsOn(dependencyCheckAnalyze) | ||||
|  | ||||
| licenseReport { | ||||
|     excludeBoms = true | ||||
|     allowedLicensesFile = new File("$projectDir/etc/allowed-licenses.json") | ||||
| } | ||||
| project.tasks.check.dependsOn(checkLicense) | ||||
|   | ||||
							
								
								
									
										32
									
								
								etc/allowed-licenses.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										32
									
								
								etc/allowed-licenses.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,32 @@ | ||||
| { | ||||
|     "allowedLicenses": [ | ||||
|         { "moduleLicense": "Apache 2.0" }, | ||||
|         { "moduleLicense": "Apache License, Version 2.0" }, | ||||
|         { "moduleLicense": "The Apache Software License, Version 2.0" }, | ||||
|  | ||||
|         { "moduleLicense": "BSD License" }, | ||||
|         { "moduleLicense": "BSD-2-Clause" }, | ||||
|  | ||||
|         { "moduleLicense": "CDDL 1.1" }, | ||||
|         { "moduleLicense": "CDDL/GPLv2+CE" }, | ||||
|         { "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" }, | ||||
|  | ||||
|         { "moduleLicense": "EDL 1.0" }, | ||||
|         { "moduleLicense": "Eclipse Distribution License 1.0" }, | ||||
|  | ||||
|         { "moduleLicense": "Eclipse Public License - v 1.0" }, | ||||
|         { "moduleLicense": "Eclipse Public License - v 2.0" }, | ||||
|         { "moduleLicense": "Eclipse Public License - v. 2.0" }, | ||||
|         { "moduleLicense": "Eclipse Public License - v1.0" }, | ||||
|         { "moduleLicense": "Eclipse Public License v 2.0" }, | ||||
|         { "moduleLicense": "Eclipse Public License v. 2.0" }, | ||||
|  | ||||
|         { "moduleLicense": "GNU General Public License, version 2 with the GNU Classpath Exception" }, | ||||
|         { "moduleLicense": "GPL2 w/ CPE" }, | ||||
|  | ||||
|         { "moduleLicense": "MIT License" }, | ||||
|         { "moduleLicense": "MIT" }, | ||||
|         { "moduleLicense": "The MIT License (MIT)" }, | ||||
|         { "moduleLicense": "The MIT License" } | ||||
|     ] | ||||
| } | ||||
		Reference in New Issue
	
	Block a user