Occurrences of GPL boiled down to:
* libs that supports GPL and something else, as in "MIT and GPL"
* "GPL" strings in repo as in "... this license is 100% compatible with GPL
...", in other instances, it could catch a copy/pasted function with a GPL
annotation in the code/docstring
* dev dependenc
License scans like this are great, particularly for software that will
eventually be scanned by some commercial user anyway. Hopefully most
projects are simpler than Superset, though.
Looking at the scan results, however, immediately raises the question about
all the GPL licenses turned up in the
> See it in action here:
> https://app.fossa.com/projects/git%2Bgithub.com%2Fmistercrunch%2Fsuperset/refs/branch/master/396a655de13ced6e25f4e793b0eb281bf4f4cd79/issues/licensing?status=resolved
Endless loading spinners for me unfortunately.
J
Am Di., 9. Juli 2019 um 08:30 Uhr schrieb Maxime Beau
Hi,
There's also https://www.fossology.org that free and open source and some other
commercial tools (e.g from Black Duck software)
In my experience most of these tools require some work to setup for a project
and don’t catch everything, but I’ve not used the fossa service.
Dependancies genera
Hi all,
[this is not a promotional email in any way, I'm not affiliated with the
service/company discussed here]
I just discovered fossa.com, self described as "Realtime license and
vulnerability management
for open source dependencies".
For context, Apache Superset has a dependency tree rich of
