⚡ FAST and COMPREHENSIVE OSS license audit tool ⚡
OSS license auditor helps you track and validate licenses of all your dependencies in multiple programming languages. Thanks to the speed of Golang, this is one of the FASTEST tools you can use to audit licenses used by the dependencies used in your code. That means it will not be expensive to run it in your CI/CD pipelines.
Currently, this tool supports:
package-lock.json
pnpm-lock.yaml
yarn.lock
(only from NPM)go.mod
Later, it will support:
yarn.lock
(from other sources)requirements.txt
pom.xml
composer.json
If you like this project, remember to give us a star ⭐ on GitHub. (Spoiler: It motivates a lot!)
You can also support the creator of this project by buying me a coffee.
Project layout is based on Standard Go Project Layout.
To run this project, you need to have Go installed on your machine. Then, run the following command inside the root directory of this project
go run cmd/olaudit/olaudit.go --path /path/to/your/project
Alternatively, you can build the project and run the binary file:
go build -o olaudit cmd/olaudit/olaudit.go
./olaudit --path /path/to/your/project
This project is also available as a GitHub Action. You can use it in your CI/CD pipelines.
Example usage:
name: OSS License Auditor
on:
pull_request:
branches: [ master ]
jobs:
oss-license-auditor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: OSS License Auditor
uses: digi-wolk/olaudit@v1
with:
path: .
To run unit test for this project, run the following command:
go test ./...
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
You can get the latest version number by:
git describe --abbrev=0 --tags --match "v*"
You can create a release by tagging the version as follows:
# Update the version before running the command
RELEASE_VERSION="v0.2.0"
git tag "${RELEASE_VERSION}" -m "Release version ${RELEASE_VERSION}"
git push origin "${RELEASE_VERSION}"
The GitHub Action release workflow triggers immediately after the tag is pushed upstream. It will build and publish the docker image into DockerHub.
Docker image is available on Docker Hub.
You can pull the latest version by running the following command:
docker pull prazian/oss-license-audit:latest
You can pull a specific version by running the following command:
docker pull prazian/oss-license-audit:v0.0.1
Support this project by becoming a sponsor. Your logo will show up here with a link to your website