Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check maven central as well for licenses in parents poms for nested jars #2302

Merged
merged 1 commit into from
Nov 8, 2023

Conversation

coheigea
Copy link
Contributor

@coheigea coheigea commented Nov 8, 2023

The code currently only checks Maven Central for a license in a parent pom for the topmost package, and not for any embedded jars.

With this PR it detects a license correctly for xbean-spring which is embedded inside activemq-osgi: https://repo1.maven.org/maven2/org/apache/activemq/activemq-osgi/5.18.2/

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
@coheigea coheigea force-pushed the coheigea/license-nested branch from a6213ec to 30e29b3 Compare November 8, 2023 10:09
@spiffcs spiffcs merged commit bae5a2e into anchore:main Nov 8, 2023
10 checks passed
@coheigea coheigea deleted the coheigea/license-nested branch November 9, 2023 04:47
@willmurphyscode willmurphyscode added the enhancement New feature or request label Nov 9, 2023
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
…ars (anchore#2302)

Signed-off-by: Colm O hEigeartaigh <coheigea@apache.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants