License checker repository
https://github.com/SarahAlidoost/Licenses_Dependencies
Gist from Bouwe
https://gist.github.com/bouweandela/13ab56bee8778a1eb5b82091e4fdd443
LicenseFinder
This is a software that supports many language
https://github.com/pivotal/LicenseFinder
- It does not support Julia and R yet.
- Conda support was add 1 Dec 2020, but slow
- Does not parse setup.py, needs requirements.txt See https://github.com/pivotal/LicenseFinder#activation
- Need to sign Contributor License Agreement to get PR merged
Test software: https://github.com/fair-software/howfairis
# Start the Docker container. The current path will be mounted to /scan
dlflicense_finder --help
Commands:
license_finder action_items # List unapproved dependencies (the default action for `license_finder`)
license_finder approvals [add|remove] # Manually approve dependencies, even if their licenses are not permitted - see `license_finder approvals h...
license_finder dependencies [add|remove|list] # Add or remove dependencies that your package managers are not aware of - see `license_finder dependencies...
license_finder diff OLDFILE NEWFILE # Command to view the differences between two generated reports (csv).
license_finder help [COMMAND] # Describe available commands or one specific command
license_finder ignored_dependencies [list|add|remove] # Exclude individual dependencies from action items and reports - see `license_finder ignored_dependencies ...
license_finder ignored_groups [list|add|remove] # Exclude test and development dependencies from action items and reports - see `license_finder ignored_gro...
license_finder inherited_decisions [list|add|add_with_auth|remove|remove_with_auth] # Add or remove decision files you want to inherit from - see `license_finder inherited_decisions help` for...
license_finder licenses [add|remove] # Set a dependency's licenses, if the licenses found by license_finder are missing or wrong - see `license_...
license_finder permitted_licenses [list|add|remove] # Automatically approve any dependency that has a permitted license - see `license_finder permitted_license...
license_finder project_name [show|add|remove] # Set the project name, for display in reports - see `license_finder project_name help` for more information
license_finder project_roots # List project directories to be scanned
license_finder report # Print a report of the project's dependencies to stdout
license_finder restricted_licenses [list|add|remove] # Forbid approval of any dependency whose licenses are all restricted - see `license_finder restricted_lice...
license_finder version # Print the version of LicenseFinder
Options:
[--project-path=PROJECT_PATH] # Path to the project. Defaults to current working directory.
[--decisions-file=DECISIONS_FILE] # Where decisions are saved. Defaults to doc/dependency_decisions.yml.
[--log-directory=LOG_DIRECTORY] # Where logs are saved. Defaults to ./lf_logs/$PROJECT/prepare_$PACKAGE_MANAGER.log
[--enabled-package-managers=one two three] # List of package managers to be enabled. Defaults to all supported package managers.
# Possible values: gomodules, godep, goworkspace, go15vendorexperiment, glide, gvt, govendor, trash, dep, bundler, npm, pip, yarn, bower, maven, gradle, cocoapods, rebar, erlangmk, nuget, carthage, mix, conan, sbt, cargo, dotnet, composer, pipenv, conda
[--go-full-version=GO_FULL_VERSION] # Whether dependency version should include full version. Only meaningful if used with a Go project. Defaults to false.
[--gradle-include-groups=GRADLE_INCLUDE_GROUPS] # Whether dependency name should include group id. Only meaningful if used with a Java/gradle project. Defaults to false.
[--gradle-command=GRADLE_COMMAND] # Command to use when fetching gradle packages. Only meaningful if used with a Java/gradle project.
Defaults to 'gradlew' / 'gradlew.bat' if the wrapper is present, otherwise to 'gradle'.
[--maven-include-groups=MAVEN_INCLUDE_GROUPS] # Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.
[--maven-options=MAVEN_OPTIONS] # Maven options to append to command. Defaults to empty.
[--pip-requirements-path=PIP_REQUIREMENTS_PATH] # Path to python requirements file. Defaults to requirements.txt.
[--python-version=PYTHON_VERSION] # Python version to invoke pip with. Valid versions: 2 or 3. Default: 2
[--rebar-command=REBAR_COMMAND] # Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'.
[--rebar-deps-dir=REBAR_DEPS_DIR] # Path to rebar dependencies directory. Only meaningful if used with a Erlang/rebar project. Defaults to 'deps'.
[--elixir-command=ELIXIR_COMMAND] # Command to use when parsing package metadata for Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'elixir'.
[--mix-command=MIX_COMMAND] # Command to use when fetching packages through Mix. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'mix'.
[--mix-deps-dir=MIX_DEPS_DIR] # Path to Mix dependencies directory. Only meaningful if used with a Mix project (i.e., Elixir or Erlang). Defaults to 'deps'.
[--sbt-include-groups=SBT_INCLUDE_GROUPS] # Whether dependency name should include group id. Only meaningful if used with a Scala/sbt project. Defaults to false.
[--conda-bash-setup-script=CONDA_BASH_SETUP_SCRIPT] # Path to conda.sh script. Only meaningful if used with a Conda project. Defaults to '~/miniconda3/etc/profile.d/conda.sh'.Install deps:
# Show package requirements
cat requirements.txt
beautifulsoup4>=4
click>=7
colorama>=0
ruamel.yaml>=0.16
requests>=2
voluptuous>=0.11
pip3 install -r requirements.txtFind licenses
license_finder permitted_licenses add MIT
# ... repeat to configure
license_finder --python-version=3
LicenseFinder::Pip: is active
All dependencies are approved for useStores config in `doc/dependency_decisions.yml`
---
- - :permit
- MIT
- :who:
:why:
:versions: []
:when: 2020-11-19 14:37:16.846975737 Z
- - :permit
- Apache 2.0
- :who:
:why:
:versions: []
:when: 2020-11-19 14:45:32.086963154 Z
- - :permit
- BSD
- :who:
:why:
:versions: []
:when: 2020-11-19 14:45:37.440463406 Z
- - :restrict
- GPLv2
- :who:
:why:
:versions: []
:when: 2020-11-19 14:46:18.584271964 Z
- - :permit
- New BSD
- :who:
:why:
:versions: []
:when: 2020-11-19 14:46:41.323655008 Z
- - :permit
- Mozilla Public License 2.0
- :who:
:why:
:versions: []
:when: 2020-11-19 14:46:51.201843123 Z
- - :permit
- Simplified BSD
- :who:
:why:
:versions: []
:when: 2020-11-19 14:47:03.562573155 Z
- - :restrict
- LGPL
- :who:
:why:
:versions: []
:when: 2020-11-19 14:47:54.196600120 Z
- - :restrict
- GNU General Public License (GPL)
- :who:
:why:
:versions: []
:when: 2020-11-19 14:48:06.301746887 Zgit clone git@github.com:ESMValGroup/ESMValTool.git
docker run -v $PWD:/scan -it licensefinder/license_finder:edge
# Use mamba for much faster installation
conda install mamba -c conda-forge
mamba env create -f environment.yml
license_finder permitted_licenses add MIT "BSD 3-Clause" "Apache 2.0" "New BSD" "Simplified BSD"
license_finder ignored_dependencies add --why 'MIT like' --who 'Stefan' curl
license_finder
# takes about 25min to checkOutput `license_finder`
LicenseFinder::Conda: is active
Dependencies that need approval:
_libgcc_mutex, 0.1, None
_r-mutex, 1.0.1, BSD
binutils_impl_linux-64, 2.35.1, GPL-3.0-only
boost-cpp, 1.72.0, BSL-1.0
bwidget, 1.9.14, Tcl/Tk
bzip2, 1.0.8, bzip2
ca-certificates, 2020.11.8, ISC
cairo, 1.16.0, "LGPL 2.1 or MPL 1.1"
cartopy, 0.17.0, LGPL
cdo, 1.9.8, GPL-2.0
certifi, 2020.11.8, ISC
cf-units, 2.1.4, LGPL
cfitsio, 3.470, fitsio
cftime, 1.3.0, "MIT and GPL-3.0-only"
chardet, 3.0.4, LGPL2
cryptography, 3.2.1, "Apache-2.0 AND BSD-3-Clause AND PSF-2.0"
curl, 7.71.1, "MIT/X derivate (http://curl.haxx.se/docs/copyright.html)"
cycler, 0.10.0, BSD
esmf, 8.0.0, "University of Illinois/NCSA (NCSA)"
esmpy, 8.0.0, "The University of Illinois/NCSA"
fftw, 3.3.8, "GPL 2"
fire, 0.3.1, Apache-2
font-ttf-inconsolata, 2.001, "SIL OPEN FONT LICENSE Version 1.1"
font-ttf-source-code-pro, 2.030, "SIL Open Font License, Version 1.1"
font-ttf-ubuntu, 0.83, "Ubuntu Font Licence Version 1.0"
freetype, 2.10.4, "GPL-2.0-only and LicenseRef-FreeType"
freexl, 1.0.5, LGPL-2.1
fribidi, 1.0.10, LGPL-2.1
g2clib, 1.6.0, "Public Domain"
gcc_impl_linux-64, 7.5.0, "GPL-3.0-only WITH GCC-exception-3.1"
gdk-pixbuf, 2.42.0, LGPL-2.1-or-later
geos, 3.8.1, LGPL-2.1
gettext, 0.19.8.1, GPLv2
gfortran_impl_linux-64, 7.5.0, GPL-3.0-with-GCC-exception
ghostscript, 9.53.3, AGPL-3.0-only
glib, 2.66.3, LGPL-2.1-or-later
graphite2, 1.3.14, LGPLv2
graphviz, 2.42.3, "Eclipse Public License 1.0"
gsl, 2.6, GPL-3.0
gxx_impl_linux-64, 7.5.0, GPL-3.0-with-GCC-exception
hdf5, 1.10.5, HDF5
hdfeos2, 2.20, "Public Domain"
hdfeos5, 5.1.16, "Public Domain"
idna, 2.10, "BSD Like"
imagemagick, 7.0.10_28, ImageMagick
iris, 2.4.0, LGPL
jasper, 1.900.1, http://www.ece.uvic.ca/~frodo/jasper/LICENSE
jbig, 2.1, GPL-2.0
jpeg, 9d, IJG
keepalive, 0.5, LGPL-2.1
kernel-headers_linux-64, 2.6.32, "LGPL-2.0-or-later AND LGPL-2.0-or-later WITH exceptions AND GPL-2.0-or-later"
ld_impl_linux-64, 2.35.1, GPL-3.0-only
libcurl, 7.71.1, "MIT/X derivate (http://curl.haxx.se/docs/copyright.html)"
libdap4, 3.20.6, "GNU LGPL"
libgcc-devel_linux-64, 7.5.0, GPL-3.0-with-GCC-exception
libgcc-ng, 9.3.0, GPL
libgdal, 3.0.4, unknown
libgfortran-ng, 7.5.0, "GPL-3.0-only WITH GCC-exception-3.1"
libgfortran4, 7.5.0, "GPL-3.0-only WITH GCC-exception-3.1"
libglib, 2.66.3, LGPL-2.1-or-later
libgomp, 9.3.0, GPL
libiconv, 1.16, "GPL and LGPL"
libllvm10, 10.0.1, "Apache-2.0 WITH LLVM-exception"
libpng, 1.6.37, zlib/libpng
libpq, 12.3, unknown
librsvg, 2.50.2, LGPL-2.1-or-later
libspatialite, 4.3.0a, LGPL-2.1
libstdcxx-devel_linux-64, 7.5.0, GPL-3.0-with-GCC-exception
libstdcxx-ng, 9.3.0, "GPL-3.0-only WITH GCC-exception-3.1"
libtiff, 4.1.0, HPND
libtool, 2.4.6, "GPL 3"
libwebp, 1.1.0, Google
libxcb, 1.14, unknown
lxml, 4.6.2, "BSD-3-Clause and GPL-2.0-only and ZPL-2.0 and LicenseRef-ElementTree"
make, 4.3, GPLv3
matplotlib-base, 3.3.3, LicenseRef-PSF-based
mpi, 1.0, "BSD 3-clause"
mpich, 3.3.2, MPICH
ncurses, 6.2, "X11 AND BSD-3-Clause"
netcdf-fortran, 4.5.2, http://www.unidata.ucar.edu/software/netcdf/copyright.html
netcdf4, 1.5.3, "OSI Approved and MIT"
openssl, 1.1.1h, OpenSSL
ossuuid, 1.6.2, GPL
packaging, 20.7, "Apache 2.0 or BSD 2-Clause"
pango, 1.42.4, LGPL-2.1
perl, 5.26.2, "Perl Artistic"
pillow, 8.0.1, LicenseRef-PIL
pkg-config, 0.29.2, "GPL 2"
poppler, 0.67.0, GPL-2.0
poppler-data, 0.4.10, Adobe+GPLv2
postgresql, 12.3, unknown
pycparser, 2.20, "BSD 3-clause"
pyepsg, 0.4.0, LGPL
pykdtree, 1.3.4, LGPL-3.0-only
pynio, 1.5.5, "BSD 3-clause"
python, 3.8.6, Python-2.0
python-dateutil, 2.8.1, "BSD 3 Clause"
r-base, 4.0.2, GPL-2.0-or-later
r-udunits2, 0.13, GPL-2
readline, 8.0, GPL-3.0
sed, 4.8, GPL-3
sparqlwrapper, 1.8.5, W3C
sqlite, 3.34.0, "Public-Domain (http://www.sqlite.org/copyright.html)"
sysroot_linux-64, 2.12, "LGPL-2.0-or-later AND LGPL-2.0-or-later WITH exceptions AND GPL-2.0-or-later AND MPL-2.0"
tk, 8.6.10, Tcl/Tk
tktable, 2.10, Tcl/Tk
typing_extensions, 3.7.4.3, PSF-2.0
udunits2, 2.2.27.6, "UCAR OSI approved"
xz, 5.2.5, "LGPL-2.1 and GPL-2.0"
zlib, 1.2.11, zlib