Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

License discovery for Maven packages



  • I have set up a feed with a connector to maven central and pulled various packages into the feed. Unfortunately none of them have automatically picked up the license and they all show "Not Detected". Does this mean I have to go through all the packages manually and configure them?


  • inedo-engineer

    Hi @matt-wood_5559,

    A Maven package's license is determined by the license field in the POM:
    https://maven.apache.org/pom.html#Licenses

    There are unfortunately no real standards here, and the author can put in anything from a SPDX Code (which is recommended, by the way) to a string like "Apache license" (which probably means apache 2.0, but who knows?).

    We would rather not guess what the author might have intended, so ProGet only detects licenses with SPDX codes and then lets you decide how assign which codes to other license types as you come across packages that don't follow SPDX.

    However, once you start associating those strings with licenses, it will work for future packages.

    Thanks,
    Alana


Log in to reply
 

Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation