• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

Project: sonarqube-licensecheck (GitHub Link)

• sonarqube-licensecheck-master
  • svg-icons
    • delete.svg
    • pencil.svg
    • magnify.svg
  • src
    • main
      • resources
        • at
          • porscheinformatik
            • sonarqube
              • licensecheck
                • license
                  • spdx_license_list.json
                • mavenlicense
                  • default_license_mapping.json
      • web
        • configuration
          • project-licenses-page.vue
          • maven-dependencies-page.vue
          • licenses-page.vue
          • maven-licenses-page.vue
        • dashboard.js
        • configuration.js
        • modal-dialog.vue
        • dashboard
          • dependencies.vue
          • licenses.vue
          • icons.css
          • excel-builder.js
      • java
        • at
          • porscheinformatik
            • sonarqube
              • licensecheck
                • utils
                  • IOUtils.java
                • ValidateLicenses.java
                • maven
                  • LicenseFinder.java
                  • DirectoryFinder.java
                  • SettingsXmlHandler.java
                  • SettingsXmlParser.java
                  • MavenDependencyScanner.java
                  • Setting.java
                • LicenseCheckPageDefinition.java
                • LicenseCheckPropertyKeys.java
                • LicenseCheckPlugin.java
                • Dependency.java
                • npm
                  • PackageJsonDependencyScanner.java
                • mavendependency
                  • MavenDependency.java
                  • MavenDependencySettingsService.java
                  • MavenDependencyService.java
                • license
                  • LicenseService.java
                  • LicenseSettingsService.java
                  • License.java
                • webservice
                  • configuration
                    • MavenLicenseConfiguration.java
                    • ProjectLicenseConfiguration.java
                    • HTTPConfiguration.java
                    • MavenDependencyConfiguration.java
                    • LicenseConfiguration.java
                  • mavendependency
                    • MavenDependencyShowAction.java
                    • MavenDependencyEditAction.java
                    • MavenDependencyWs.java
                    • MavenDependencyDeleteAction.java
                    • MavenDependencyAddAction.java
                  • license
                    • LicenseAddAction.java
                    • LicenseDeleteAction.java
                    • LicenseShowAction.java
                    • LicenseWs.java
                    • LicenseEditAction.java
                  • mavenlicense
                    • MavenLicenseAddAction.java
                    • MavenLicenseShowAction.java
                    • MavenLicenseDeleteAction.java
                    • MavenLicenseEditAction.java
                    • MavenLicenseWs.java
                  • projectLicense
                    • ProjectLicenseDeleteAction.java
                    • ProjectLicenseShowAction.java
                    • ProjectLicenseWs.java
                    • ProjectLicenseEditAction.java
                    • ProjectLicenseAddAction.java
                • LicenseCheckMetrics.java
                • LicenseCheckRulesDefinition.java
                • mavenlicense
                  • MavenLicenseSettingsService.java
                  • MavenLicenseService.java
                  • MavenLicense.java
                • interfaces
                  • Scanner.java
                • LicenseCheckSensor.java
                • projectLicense
                  • ProjectLicense.java
                  • ProjectLicenseService.java
                  • ProjectLicenseSettingsService.java
    • compiled-icons
      • pencil.js
      • magnify.js
      • delete.js
      • index.js
    • test
      • resources
        • node_modules
          • angular
            • package.json
          • arangojs
            • package.json
          • linkedlist
            • package.json
          • retry
            • package.json
        • test.pom
        • spdc_license_list.json
        • package.json
      • java
        • at
          • porscheinformatik
            • sonarqube
              • licensecheck
                • ValidateLicensesTest.java
                • utils
                  • IOUtilsTest.java
                • maven
                  • MavenDependencyScannerTest.java
                • PackageJsonDependencyScannerTest.java
                • LicenseTest.java
                • DependencyTest.java
  • test-server.js
  • pom.xml
  • LICENSE
  • .editorconfig
  • package-lock.json
  • webpack.config.js
  • renovate.json
  • .travis.yml
  • README.md
  • package.json
  • .gitignore
  • docs
    • licensecheck_configuration.jpg

SonarQube License-Check

This SonarQube plugin ensures that projects in an organization adhere to a set of standard libraries and versions. This enables the governance of the used libraries and licences.

License

This software is licensed under the Apache Software License, Version 2.0

Compatibility

This plugin is compatible:

• 1.x versions with SonarQube >= 5.3 and < 6.
• 2.x version with SonarQube >= 6.5 and < 7.
• 3.x version with SonarQube >= 6.7 LTS and < 8.

Installation

Put the pre-built jar-file (from release downloads) in the directory $SONARQUBE_HOME/extensions/plugins and restart the server to install the plugin. Activate the rules of this plugin ("License is not allowed", "Dependency has unknown license") in your SonarQube quality profiles - otherwise the plugin is not executed.

Execution

When a project is analyzed using the mvn sonar:sonar in command line the extension is started automatically.

Please make sure to have all dependencies installed before launching the SonarQube analysis. So your complete build should look something like this:

mvn -B org.jacoco:jacoco-maven-plugin:prepare-agent -Dmaven.test.failure.ignore install
mvn -B sonar:sonar

Configuration

After booting the SonarQube Server with the License-Check Plugin two new options can be found in the tab Administration.

• Within the general settings the plugin can be manually enabled or disabled. By default it is enabled.
• All other configuration is under License-Check specific settings (Configuration > License Check).
  • Under "Licenses" you can allow or disallow licenses globally and add/edit the list of known licenses.
  • Under "Project Licenses" you can allow and disallow licenses for a specific project.
  • Under "Maven Dependencies" you can map the Maven key (groupId:artifactId) to licenses using regular expressions. E.g. ^asm:asm$ to "BSD-3-Clause"
  • Under "Maven Licenses" you can map Maven license texts to licenses using regular expressions, e.g. .*Apache.*2.* to "Apache-2.0".

Features

Analysis

The plugin scans for dependencies defined in your project including all transitive dependencies.

Currently supported formats are:

• Maven POM files - all dependencies with scope "compile" and "runtime" are checked
• NPM package.json files - all dependencies (except "devDependencies") are checked
  • Note that transitive dependencies are not scanned unless licensecheck.npm.resolvetransitive is set to true.

Project Dashboard

The plugin contains a project dashboard showing a list of dependencies with version and a list of all used licences. Each table shows the status of the license (allowed, not allowed, not found). You can also export the data to Excel.

Example for "Dependencies" table:

Name	Version	License	Status
org.springframework.boot:spring-boot	1.4.0.RELEASE	Apache-2.0	Allowed
core-js	2.4.0	MIT	Allowed
dk.brics.automaton:automaton	1.11-8	BSD-3-Clause	Not Allowed
saxon:saxon	9.1.0.8j		Unknown

Example for "Licenses" table:

Identifier	Name	Allowed
Apache-2.0	Apache License 2.0	true
MIT	MIT License	true
BSD-3-Clause	BSD 3-clause New or Revised License	false