I guess those two plugin can help: 1. mvn project-info-reports:dependencies it will generate a html file in target/site folder, and list all dependencies license
2.mvn project-info-reports:licenses it will generate a license report (plain text) in src/license and allow you to fill license info if some library can't receive license info by default. I suggest we use second one to generate license info with travis ci and throw exception when some license is not allow by project Regards, Yunkun On 2019/04/01 10:14:57, Huxing Zhang <[email protected]> wrote: > Hi, > > When I am looking at this issue[1], I realized that Dubbo may have the > same issue. > From Dubbo 2.7.1 and 2.6.6 onwards the Nacos support has been added, > where the following dependency has been added: > > <dependency> > <groupId>com.alibaba.nacos</groupId> > <artifactId>nacos-client</artifactId> > <version>${nacos.version}</version> > <optional>true</optional> > </dependency> > > which depend on the following dependencies: > > <dependency> > <groupId>org.codehaus.jackson</groupId> > <artifactId>jackson-mapper-lgpl</artifactId> > </dependency> > > <dependency> > <groupId>com.github.spotbugs</groupId> > <artifactId>spotbugs-annotations</artifactId> > <optional>true</optional> > </dependency> > > which is LGPL v2.1 licensed. > > This means nacos-client should not be Apache Licensed as claimed, and > Dubbo could not depend on nacos-client. > > I have contacted the Nacos team they are addressing this issue. > > My question is how to avoid this kind of issue? > Should we check every newly added dependency for license compatibility? > Is there any tools which can do automatic scanning? > > [1] https://github.com/apache/incubator-skywalking/pull/2422 > > -- > Best Regards! > Huxing >
