jeremylong
commented
1 month ago ODC will report a license if it sees one - but I would not rely on this feature.
Closed sametr35 closed 2 weeks ago
jeremylong
commented
1 month ago ODC will report a license if it sees one - but I would not rely on this feature.
mirabilos
commented
2 weeks ago Speaking as someone who audits the licences of all dependencies: the licence metadata in the POMs is often wrong or at the very least incomplete anyway. If you want to ensure full compliance, you will have to inspect every single dependency (including transitive dependencies) manually, and yes, that often includes looking at every single file…
jeremylong
commented
2 weeks ago I completely agree with @mirabilos - researching licensing can be a complicated, tedious task.
Hi,
Does OWASP Dependency-Check scan for open-source license compliance? Typically, SCA tools verify the licenses of the open-source components in your codebase to ensure compliance with their terms. Additionally, if you have documentation or a webpage about it, could you please share the link?