在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):jk1/Gradle-License-Report开源软件地址(OpenSource Url):https://github.com/jk1/Gradle-License-Report开源编程语言(OpenSource Language):Groovy 100.0%开源软件介绍(OpenSource Introduction):Gradle License ReportA plugin for generating reports about the licenses of the dependencies for your Gradle project. This plugin will resolve all your dependencies, and then scour them for anything that looks like relevant licensing information. The theory is to automatically generate a report that you can hand to corporate IP lawyers in order to keep them busy. UsageAdd this to your plugins {
id 'com.github.jk1.dependency-license-report' version '2.0'
} For Gradle 6.X stick to 1.X plugin versions: plugins {
id 'com.github.jk1.dependency-license-report' version '1.17'
} Then run ConfigurationConfiguration described below is entirely optional. import com.github.jk1.license.render.*
import com.github.jk1.license.importer.*
licenseReport {
// Set output directory for the report data.
// Defaults to ${project.buildDir}/reports/dependency-license.
outputDir = "$projectDir/build/licenses"
// Select projects to examine for dependencies.
// Defaults to current project and all its subprojects
projects = [project] + project.subprojects
// Adjust the configurations to fetch dependencies. Default is 'runtimeClasspath'
// For Android projects use 'releaseRuntimeClasspath' or 'yourFlavorNameReleaseRuntimeClasspath'
// Use 'ALL' to dynamically resolve all configurations:
// configurations = ALL
configurations = ['runtimeClasspath']
// List the groups ids to exclude from dependency report. Supports regular expressions.
// For finer granularity, see: excludes.
excludeGroups = ['do.not.want']
// List the ids (in module:name format) to exclude from dependency report. Supports regular expressions.
// By default excludes is empty.
excludes = ['moduleGroup:moduleName']
// Don't include artifacts of project's own group into the report
excludeOwnGroup = true
// Don't exclude bom dependencies.
// If set to true, then all boms will be excluded from the report
excludeBoms = false
// Set custom report renderer, implementing ReportRenderer.
// Yes, you can write your own to support any format necessary.
renderers = [new XmlReportRenderer('third-party-libs.xml', 'Back-End Libraries')]
// Set importers to import any external dependency information, i.e. from npm.
// Custom importer should implement DependencyDataImporter interface.
importers = [new XmlReportImporter('Frontend dependencies', file(frontend_libs.xml))]
// This is for the allowed-licenses-file in checkLicense Task
// Accepts File, URL or String path to local or remote file
allowedLicensesFile = new File("$projectDir/config/allowed-licenses.json")
} My report is empty or contains wrong dependencies. Is it a plugin bug?The plugin discovers project dependencies from certain Gradle configurations. To put it (overly) simple, a configuration is a set of dependencies used for a particular purpose: compilation, testing, runtime, you name it. The plugin lets you configure which configurations you'd like to report dependencies from. Although it assumes reasonable defaults, for complex builds they may not always suffice. Custom configurations may come from the other plugins, build flavors and dimensions. One can even define their own configurations right in the build script. If unsure, check out Kotlin script supportPlugin is compatible with build scripts written in kotlin. Configuration syntax is slightly different from groovy though. Consider the following sample: import com.github.jk1.license.render.ReportRenderer
import com.github.jk1.license.render.InventoryHtmlReportRenderer
import com.github.jk1.license.filter.DependencyFilter
import com.github.jk1.license.filter.LicenseBundleNormalizer
plugins {
id("com.github.jk1.dependency-license-report") version "2.0"
}
licenseReport {
renderers = arrayOf<ReportRenderer>(InventoryHtmlReportRenderer("report.html","Backend"))
filters = arrayOf<DependencyFilter>(LicenseBundleNormalizer())
}
RenderersRenderers define how a final dependency report will look like. Plugin comes with a number of predefined renderers for text, html, xml and other popular presentation formats. It's also possible to create a custom renderer for the report. All the renderers support report file name customization via constructor parameter: import com.github.jk1.license.render.*
licenseReport {
renderers = [new XmlReportRenderer('third-party-libs.xml', 'Back-End Libraries')]
} To get the report generated in multiple formats just list them: import com.github.jk1.license.render.*
licenseReport {
renderers = [new XmlReportRenderer(), new CsvReportRenderer()]
} InventoryHtmlReportRenderThe InventoryHtmlReportRender renders a report grouped by license type so you can more easily identify which dependencies share the same license. This makes it easier to know the individual licenses you need to verify with your legal department. To use this report you simply add it to the configuration: import com.github.jk1.license.render.*
licenseReport {
renderers = [new InventoryHtmlReportRenderer()]
} This defaults to using the name of the project as the title and index.html as the name of the file it creates. You can
change this by passing additional arguments. The first argument is the filename to write out, and the 2nd is the title
to use in the report. For dependencies that don't declare their license they will be listed underneath the
There are no column headers on this file. Here is the example of how to config the InventoryHtmlReportRenderer to use an overrides file: import com.github.jk1.license.render.*
licenseReport {
renderers = [new InventoryHtmlReportRenderer('index.html', 'Some Title', new File(projectDir,"../unknown-license-details.txt"))]
} ImportersImporter adds license information from an external source to your report. Importer may come in handy if
The following example demonstrates how to use an importer: import com.github.jk1.license.importer.*
licenseReport {
// integrate javascript frontend dependencies into our report
importers = [ new XmlReportImporter("Front End", new File(projectDir,"src/main/webapp/vendor/front_end.xml") ) ]
} The expected input format for <topic>
<chunk>
<chapter title="Some of my favorite libraries">
<table>
<tr>
<!-- every non-empty chapter must have a title row, which is stripped -->
<th>Name</th>
<th>Version</th>
<th>License</th>
</tr>
<tr>
<td><a href="https://url.of.project/homepage">Name of library</a></td>
<td>1.2.3</td>
<td><a href="http://url.of.project/license">Name of license</a></td>
</tr>
<!-- more libraries here... -->
</table>
</chapter>
<!-- more chapters here...-->
</chunk>
<!-- more chunks here... -->
</topic> If there is only one chapter, the outer FiltersDependency filters transform discovered dependency data before rendering. This may include sorting, reordering, data substitution. Excluding transitive dependenciesThe following filter will leave only first-level dependencies in the report: import com.github.jk1.license.filter.*
...
licenseReport {
filters = [new ExcludeTransitiveDependenciesFilter()]
} License data groupingThis feature was contributed by Günther Grill When multiple dependencies are analysed and displayed in a report, often e.g. two licenses like the following one appears:
This can be avoided by providing an accurate normalisation file which contains rules to unify such entries. The configuration file has two sections:
{
"bundles" : [
{ "bundleName" : "apache1", "licenseName" : "Apache Software License, Version 1.1", "licenseUrl" : "http://www.apache.org/licenses/LICENSE-1.1" },
{ "bundleName" : "apache2", "licenseName" : "Apache License, Version 2.0", "licenseUrl" : "http://www.apache.org/licenses/LICENSE-2.0" },
{ "bundleName" : "cddl1", "licenseName" : "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE Version 1.0 (CDDL-1.0)", "licenseUrl" : "http://opensource.org/licenses/CDDL-1.0" }
],
"transformationRules" : [
{ "bundleName" : "apache2", "licenseNamePattern" : ".*The Apache Software License, Version 2.0.*" },
{ "bundleName" : "apache2", "licenseNamePattern" : "Apache 2" },
{ "bundleName" : "apache2", "licenseUrlPattern" : "http://www.apache.org/licenses/LICENSE-2.0.txt" },
{ "bundleName" : "apache2", "licenseNamePattern" : "Special Apache", "transformUrl" : false },
{ "bundleName" : "apache2", "licenseNamePattern" : "Keep this name", "transformName" : false }
]
} So dependencies with license-name The normalizer can be enabled via a filter. import com.github.jk1.license.filter.*
...
licenseReport {
filters = [new LicenseBundleNormalizer(bundlePath: "$projectDir/config/license-normalizer-bundle.json")]
} If no bundle-file is specified, a default file is used containing some commons rules. You are encouraged to create your own bundle-file and contribute back useful rules. Writing custom renderers, importers and filtersIt's also possible to implement a custom importer to support any dependency data format necessary. To do so put custom
importer implementation inside package org.sample;
import com.github.jk1.license.ImportedModuleBundle;
import com.github.jk1.license.importer.DependencyDataImporter;
import java.util.Collection;
public class CustomImporter implements DependencyDataImporter {
public String getImporterName() {
return "Custom importer";
}
public Collection<ImportedModuleBundle> doImport() {
throw new UnsupportedOperationException("Not implemented yet");
}
} with apply plugin: 'java'
repositories {
maven {
url 'https://plugins.gradle.org/m2/'
}
}
dependencies {
compile 'com.github.jk1:gradle-license-report:2.0'
}
Now you can use your custom importer in the main build: import org.sample.CustomImporter
...
licenseReport {
importers = [ new CustomImporter() ]
}
The same technique can be used to create a filter or a renderer to support custom report formats. Check Dependency LicensesThis task is for checking dependencies/imported modules if their licenses are allowed to be used. ./gradlew checkLicense If there are not allowed licenses, the task will fail and a report like the following
will be generated under {
"dependenciesWithoutAllowedLicenses": [
{
"moduleLicense": "Apache License, Version 2.0",
"moduleName": "org.jetbrains.kotlin:kotlin-stdlib",
"moduleVersion": "1.2.51"
},
{
"moduleLicense": "Apache License, Version 2.0",
"moduleName": "org.jetbrains.kotlin:kotlin-stdlib-common",
"moduleVersion": "1.2.51"
}
]
} Allowed licenses fileDefines which licenses are allowed to be used: {
"allowedLicenses": [
{
"moduleLicense": "Apache License, Version 2.0",
"moduleName": "org.jetbrains.kotlin:kotlin-stdlib",
"moduleVersion": "1.2.60"
},
{
"moduleLicense": "Apache License, Version 2.0",
"moduleName": "org.jetbrains.kotlin*",
"moduleVersion": ".*"
},
{
"moduleLicense": "MIT License",
"moduleName": ".*"
},
{
"moduleLicense": "MIT License"
},
{
"moduleLicense": "MIT License",
"moduleName": ""
}
]
}
Also specify the allowed license file in the configuration: licenseReport {
allowedLicensesFile = new File("$projectDir/config/allowed-licenses.json")
} or licenseReport {
allowedLicensesFile = new URL("http://company.com/licenses/allowed-licenses.json")
} |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论