I use Maven to build my web app projects, when I add some dependent library to the pom file, it again adds some more dependent jars to the project recursively. Is there a way to find out or restrict that only jars having a certain type of license - say Apache License, BSD etc should be included. Or is there a way to find out that a jar file is under GPL/ASL etc without going to the website for each jar in the application?
+3
A:
During the acquisition of a company I was working for, the acquiring company used the following software / consultancy to do what you're describing.
http://www.blackducksoftware.com/transact
Although I'm guessing you were probably looking for a free alternative. There may be other methods, but the fact this company make money doing this suggests an alternative is probably less thorough/accurate.
lucas1000001
2010-08-17 08:10:26
Yes, a free alternative will be great!
Ram
2010-08-17 09:34:14
+2
A:
The Maven "Project Info Reports" plugin produces a Dependencies report that includes the Licenses for the dependencies. Here's an example.
Obviously, this depends on the dependent POMs declaring their dependencies properly, and it requires that you build your site documentation "online".
Stephen C
2010-08-17 09:40:27
Thanks Stephen, this is what I exactly wanted. Though some of the libraries are under unknown, but I can live with it :)
Ram
2010-08-17 16:21:32