diff --git a/README.md b/README.md
index 985322cf..68cdaf14 100644
--- a/README.md
+++ b/README.md
@@ -351,8 +351,38 @@ In case of suppression, a note must be added to explain why it does not apply to
See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html.
+### Dependency-License-Compatibility
-## How to Run the Appplication on a Different Port
+The `gw check` phase depends on a dependency-license-compatibility check.
+If any dependency violates the configured [list of allowed licenses](etc/allowed-licenses.json), the build will fail.
+New licenses can be added to that list after a legal investigation.
+
+**⚠**
+*GPL* (*GNU General Public License*) is only allowed with classpath exception.
+Do not use any dependencies under *GPL* without this exception,
+except if these offer an alternative license which is allowed.
+
+To run just the dependency-license-compatibility check, use:
+
+```shell
+gw checkLicense
+```
+
+If the check fails, a report can be found here: The generated license can be found under [dependencies-without-allowed-license.json](/build/reports/dependency-license/dependencies-without-allowed-license.json).
+
+And to generate a report, use:
+
+```shell
+gw generateLicenseReport
+```
+
+The generated license can be found here: [index.html](build/reports/dependency-license/index.html).
+
+More information can be found on the [project's website](https://github.com/jk1/Gradle-License-Report).
+
+## How To ...
+
+### How to Run the Application on a Different Port
By default, `gw bootRun` starts the application on port 8080.
diff --git a/build.gradle b/build.gradle
index 60569c99..f5e6a0a3 100644
--- a/build.gradle
+++ b/build.gradle
@@ -2,6 +2,7 @@ plugins {
id 'java'
id 'org.springframework.boot' version '2.7.2'
id 'io.spring.dependency-management' version '1.0.12.RELEASE'
+ id 'com.github.jk1.dependency-license-report' version '2.1'
id "org.owasp.dependencycheck" version "7.1.1"
id "com.diffplug.spotless" version "6.9.0"
}
@@ -91,3 +92,9 @@ dependencyCheck {
failBuildOnCVSS = 7
}
project.tasks.check.dependsOn(dependencyCheckAnalyze)
+
+licenseReport {
+ excludeBoms = true
+ allowedLicensesFile = new File("$projectDir/etc/allowed-licenses.json")
+}
+project.tasks.check.dependsOn(checkLicense)
diff --git a/etc/allowed-licenses.json b/etc/allowed-licenses.json
new file mode 100644
index 00000000..cbacbf0b
--- /dev/null
+++ b/etc/allowed-licenses.json
@@ -0,0 +1,32 @@
+{
+ "allowedLicenses": [
+ { "moduleLicense": "Apache 2.0" },
+ { "moduleLicense": "Apache License, Version 2.0" },
+ { "moduleLicense": "The Apache Software License, Version 2.0" },
+
+ { "moduleLicense": "BSD License" },
+ { "moduleLicense": "BSD-2-Clause" },
+
+ { "moduleLicense": "CDDL 1.1" },
+ { "moduleLicense": "CDDL/GPLv2+CE" },
+ { "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" },
+
+ { "moduleLicense": "EDL 1.0" },
+ { "moduleLicense": "Eclipse Distribution License 1.0" },
+
+ { "moduleLicense": "Eclipse Public License - v 1.0" },
+ { "moduleLicense": "Eclipse Public License - v 2.0" },
+ { "moduleLicense": "Eclipse Public License - v. 2.0" },
+ { "moduleLicense": "Eclipse Public License - v1.0" },
+ { "moduleLicense": "Eclipse Public License v 2.0" },
+ { "moduleLicense": "Eclipse Public License v. 2.0" },
+
+ { "moduleLicense": "GNU General Public License, version 2 with the GNU Classpath Exception" },
+ { "moduleLicense": "GPL2 w/ CPE" },
+
+ { "moduleLicense": "MIT License" },
+ { "moduleLicense": "MIT" },
+ { "moduleLicense": "The MIT License (MIT)" },
+ { "moduleLicense": "The MIT License" }
+ ]
+}