:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
ScanCode right now looks like it's only scanning for explicit copyright text or license texts in the existing code base. I would like to also be able to pick up licenses of dependencies, and set up flags and where the flagged dependencies have been used in the code base.
Short Description
Detect licenses of dependencies too.
Possible Labels
dependencies improve-license-detection
Select Category
Describe the Update
ScanCode right now looks like it's only scanning for explicit copyright text or license texts in the existing code base. I would like to also be able to pick up licenses of dependencies, and set up flags and where the flagged dependencies have been used in the code base.
For example (this repo for inspiration: https://github.com/raimon49/pip-licenses):
How This Feature will help you/your organization
Identify GPL packages used and where in the code based it was used, so we can detect how we want to handle them, to avoid issues with GPLs.
Possible Solution/Implementation Details
Example/Links if Any
Can you help with this Feature