Hi there, FOSSA is usually used for a couple of things. One is the one you already assumed (check for problematic licenses). The other is to generate an SBOM. AFAIR, Akka was using an sbt plugin to generate the SBOM. So the license checker would be the feature we are interested in.
Best, > On 2023/02/08 16:04 CET PJ Fanning <[email protected]> wrote: > > > Hi everyone, > > Is anyone familiar with the Fossa checks in the Akka CI builds? We've > disabled them in Pekko builds because we don't have API keys setup as > repository secrets. > > ASF requires us to check for problematic licenses in our dependencies [1]. > I'm making assumptions but I presume that this is what the Fossa check is > doing. If there is anyone who can correct me, that would be great. > > If this check does indeed make useful checks for annoying licenses, then I'll > see about getting the INFRA team to get an API key from Fossa and set it up > as a Repository secret for us. > > Regards, > PJ > > [1] https://www.apache.org/legal/resolved.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
