We use the licenseFinder to analyze Maven projects which also contain many of our own dependencies.
The dependency_decisions.yml seems to only allow maven dependencies defined by their ArtifactId, which is not a unique identifier and therefore leads to wrong reporting of assigned licenses.
See the following very simple example with two artifacts with same artifactId (and different groupIds - so maven build itself works fine):
- - :license
- calculation-api
- some Other license
- :who: me
:why: the license is misspelled in the library
:versions: []
- - :license
- calculation-api
- ourOwnLicense
- :who: me
:why: its our own internal artifact
:versions: []
There should be a way to add the groupId to the dependency_decision.yml for unique identification.
We use the licenseFinder to analyze Maven projects which also contain many of our own dependencies.
The dependency_decisions.yml seems to only allow maven dependencies defined by their ArtifactId, which is not a unique identifier and therefore leads to wrong reporting of assigned licenses.
See the following very simple example with two artifacts with same artifactId (and different groupIds - so maven build itself works fine):
There should be a way to add the groupId to the dependency_decision.yml for unique identification.