Hello Raj,
The license check process relies on the actual real dependencies used at
build time. To know these dependencies it is required to intercept the
build as it runs and record this information. This is extremely importnat
with Maven builds, since pom files include dynamic information (such as
profiles, properties, version ranges, etc.) that makes it impossible to
reliably extract this information from deployed poms only.
The Artifactory plugins for CI servers (currently Jenkins, Bamboo and
TeamCity) provide a convient way to register this integration and record
the dependencies at the time of build. Moreover, since your final
distribution will come from a CI build (rather from a dev machine run) the
process of discovering and notifying about potential license violation is
tied to the dev-to-build cycle: when a commit triggers a new direct or
transitive dependency the CI will pick that up and will notify you almost
instantly. You can then view this information via the UI or query it via
REST<http://wiki.jfrog.org/confluence/display/RTF/Artifactory%27s+REST+API#ArtifactorysRESTAPI-LicenseSearch>to
get a license report.
That being said, it is quite easy to replicate the Maven integration
offered by the Artifactory CI plugins in a standalone build, and we there
are users who are doing it. So, if you prefer to go this way we can provide
you the instructions for how achieve this.
Thanks,
Yoav
On Tue, Apr 10, 2012 at 7:43 AM, Rajwinder Makkar
<[email protected]>wrote:
> So we are using artifactory to store artifacts produced by maven.
>
> We are using artifactory pro version. ( eval ) with 3rd party license
> control activated.
>
> Now i want to run a manual license check on the artifacts present in our
> repo.
>
> The only i can see is if i run the build from one of the supported build
> servers.
>
> Why artifactory cannot run a manual check on the artifacts in a repo
> wihout a need for first running a build from a supported build server ? How
> it has any thing to do with build server ? As i can upload artifacts from
> so many sources and if 3rd party license plugin is installed i just need to
> run what all artifacts got valid license?
>
> Please suggest.
>
> -Raj
>
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> Artifactory-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/artifactory-users
>
>
------------------------------------------------------------------------------
Better than sec? Nothing is better than sec when it comes to
monitoring Big Data applications. Try Boundary one-second
resolution app monitoring today. Free.
http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________
Artifactory-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/artifactory-users
