This SonarQube plugin ensures that projects in an organization adhere to a set of standard libraries and versions. This enables the governance of the used libraries and licences.
This software is licensed under the Apache Software License, Version 2.0
This plugin is compatible:
Put the pre-built jar-file (from release downloads) in the directory $SONARQUBE_HOME/extensions/plugins
and
restart the server to install the plugin. Activate the rules of this plugin ("License is not allowed", "Dependency has unknown license") in your SonarQube quality profiles - otherwise the plugin is not executed.
When a project is analyzed using the mvn sonar:sonar
in command line the extension is started automatically.
Please make sure to have all dependencies installed before launching the SonarQube analysis. So your complete build should look something like this:
mvn -B org.jacoco:jacoco-maven-plugin:prepare-agent -Dmaven.test.failure.ignore install
mvn -B sonar:sonar
After booting the SonarQube Server with the License-Check Plugin two new options can be found in the tab Administration.
^asm:asm$
to "BSD-3-Clause".*Apache.*2.*
to "Apache-2.0".The plugin scans for dependencies defined in your project including all transitive dependencies.
Currently supported formats are:
licensecheck.npm.resolvetransitive
is set to true
.The plugin contains a project dashboard showing a list of dependencies with version and a list of all used licences. Each table shows the status of the license (allowed, not allowed, not found). You can also export the data to Excel.
Example for "Dependencies" table:
Name | Version | License | Status |
---|---|---|---|
org.springframework.boot:spring-boot | 1.4.0.RELEASE | Apache-2.0 | Allowed |
core-js | 2.4.0 | MIT | Allowed |
dk.brics.automaton:automaton | 1.11-8 | BSD-3-Clause | Not Allowed |
saxon:saxon | 9.1.0.8j | Unknown |
Example for "Licenses" table:
Identifier | Name | Allowed |
---|---|---|
Apache-2.0 | Apache License 2.0 | true |
MIT | MIT License | true |
BSD-3-Clause | BSD 3-clause New or Revised License | false |