License risks in blackduck scans

[yashmeet29]

Hi colleagues, I was checking blackduck scan for SDM plugin & I see below mentioned License risks coming from libraries being used in cds-feature-attachments. All of these being Transitive dependencies.

Blackduck dashboard URL: dashboard

• 3 medium severity License risks in "cds4j:jdbc-spi", "CDS Services Implementation" & "CDS Services Utils" libraries.
• 1 low severity License risks in jms library.

Attaching the screenshots from scan dashboard below:

[mofterdinger]

3 medium severity License risks in "cds4j:jdbc-spi", "CDS Services Implementation" & "CDS Services Utils" libraries.

This library is provided by CAP Java (SAP itself), so I don't see a license issue here. Looks like blackduck is not aware of this.

1 low severity License risks in jms library.

What is the issue with this library ? I don't find any information in the provided screenshot. Can you provide more details about the license issue you got from blackjack.

[yashmeet29]

Hi Markus, I have added you to the blackduck dashboard portal. You can check here

[yashmeet29]

@mofterdinger Any update on this?

[mofterdinger]

Still waiting for your answer to my question:

What is the issue with this library ? I don't find any information in the provided screenshot. Can you provide more details about the license issue you got from blackjack.

I'm not an expert for license issues. If you think there is something wrong I need to know how it can be fixed.

Thanks, Markus

[yashmeet29]

I added you onto the dashboard here. You can check there as well. Also, I am attaching the screenshots from the portal. Looks like there is some issue with the license of these libraries.

[mofterdinger]

@michael-hellenschmidt Hi Michael, can you please have a look at these blackduck issues from the SDM colleagues ?

Thanks, Markus