While on the openwhisk-dev list, a thread there mentions some tools that may be of interest to us. Of course we are already using Apache RAT.
----- Apache Creadur includes three projects: - Apache Rat audits license headers. It will check if files have Apache License or not, and generate a report. - Apache Tentacles helps to audit in bulk components uploaded to a staging repository. It will check if there is a LICENSE and NOTICE files under each archived source package and compiled package. A HTML report will be generated. - Apache Whisker will generate a correct legal documentation if a package bundles code under several licenses. --- Apache Tentacles is kinda like our "coho check-license" but will not handle the package.json license field like our tool does. Apache Whisker is relevant since we do package non-Apache licensed code (but is Apache compatible)