Getting Licenses Information on used third Party Libraries in Android or IOS Projects

[CleanHit]

I've scanned an Android, a Node.js and an IOS project with the command ./scancode --html my_result.html --licenes --package --copyright <path_to_project>. In the Android and Node.js projects it didn't find anything and in the IOS project it found some licenses and copyright stuff, but only from the given information in the local files.

I don't know if I'm doing something wrong or if the scancode-toolkit is capable to do what I need. Is it possible to get license information on used third party open source libraries in an Android or IOS project?

[pombredanne]

@CleanHit It sure should pick things up if the information is present.
Can you provide some details?

1. which version of Scancode do you use?
2. can you provide the links to these Android, a Node.js and IOS projects so that we can try them out?

[CleanHit]

@pombredanne Did I use the right flags for the execution or did I miss something?

@CleanHit It sure should pick things up if the information is present.

1. Where does scancode-toolkit look for the information?
2. Does it look in some local package license database or in an online one?
3. Can I add some license information if I have it?
4. Can I check scancode-toolkits search sources to see it if should have found it?

Can you provide some details?
1. which version of Scancode do you use?
2. can you provide the links to these Android, a Node.js and IOS projects so that we can try them out?

1. I've used the scancode-toolkit v3.1.1
2. Unfortunately I can't provide the source code of the projects.

[pombredanne]

@CleanHit please see my answers inline:

Where does scancode-toolkit look for the information?

In the source and binaries that you scan.

Does it look in some local package license database or in an online one?

It uses only it own local package license database that is builtin and stored in scancode as pairs of text/YAML files https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data

Can I add some license information if I have it?

Yes, this is quite easy: you can add a text file for a license and the description of the licenses as pair of files. See #1800 (comment) for an example.

Can I check scancode-toolkits search sources to see it if should have found it?

Yes. Note that scancode is NOT a matching engine. But if a license is not detected, its a bug

Unfortunately I can't provide the source code of the projects.

Fair enough. Do you have package manifests in there? Are you scanning the source code repos or the as-redistributed applications and recursively extracted (ipa or apk) app archives?

[pombredanne]

@CleanHit ping?

[CleanHit]

@CleanHit ping?

Pong next Wednesday 🙂, I'm not available until then.

[CleanHit]

Fair enough. Do you have package manifests in there? Are you scanning the source code repos or the as-redistributed applications and recursively extracted (ipa or apk) app archives?

I'm scanning the source code repo and there are some manifest files in it. But I'm using the oss-review-toolkit and the scancode-toolkit can be used there.

[pombredanne]

@CleanHit you need to help me help you: which type of manifests were not detected?
Please provide enough details so that we can act on it.

[pombredanne]

Closing for now. I do not have enough details to investigate.