Comments (7)
guenhter
commented on July 16, 2024
1
Yesterday I exactly had the same "issue" to find out where a dependency comes from. It would not only be interesting which project, but also in which configurations this dependency is included.
Maybe a first step is to improve the data model to hold the information. From there, the renderer can then respect or ignore that information.
from gradle-license-report.
jk1
commented on July 16, 2024
This could get even more complicated with a dependency tree of arbitrary length.
The described feature is actually quite close to the built-in Gradle dependency task and/or build scan features.
from gradle-license-report.
guenhter
commented on July 16, 2024
Showing the full dependency tree with gradle for the whole multi-module-project is quite simple:
https://solidsoft.wordpress.com/2014/11/13/gradle-tricks-display-dependencies-for-all-subprojects-in-multi-project-build/
I usually pipe the output to a file and then do my investigations.
from gradle-license-report.
amimas
commented on July 16, 2024
I think showing the full dependency tree became even simpler now with Gradle's built in project-report plugin.
https://docs.gradle.org/current/userguide/project_report_plugin.html
I just thought it might be easier for the end user if the license report could point out which subproject each dependency belongs to; maybe a comma separated list of project names. That way the end user doesn't have to go through another report and perform manual analysis. But I do understand the implementation may not be as simple.
from gradle-license-report.
amimas
commented on July 16, 2024
This feature would be very helpful indeed.
Maybe one way to handle it would be to apply gradle's project-report if it's not applied already. And then parse the report generated by that plugin and incoroporate that into this plugin's report.
Or, maybe there's more easier/better way.
from gradle-license-report.
guenhter
commented on July 16, 2024
@jk1 what do you think of this? Would it improve the data model to have the information where a dependency comes from (which project and which configuration)?
from gradle-license-report.
jk1
commented on July 16, 2024
@guenhter I guess we can add it to the model. Several things to keep in mind:
- There may be multiple sources for each dependency
- Dependency resolution strategy may get in our way. Since we examine the project when everything is already resolved we may see something quite different from what's written in dependencies block
- Imported modules provide no information on where the dependency comes from
from gradle-license-report.
Related Issues (20)
- Installation from jcenter.bintray.com croaks with status code 403 from server: Forbidden
- ExcludeTransitiveDependenciesFilter fails with error: 'developmentOnly' not found. HOT 1
- Configuration cache support HOT 1
- Improve support for checkLicense to allow license black listing HOT 2
- Implementation of configuration property `excludeBoms` is fragile
- Custom `DependencyDataImporter` implementations should be able to contribute to inputs of `ReportTask`
- Contents of a custom bundle passed to `LicenseBundleNormalizer` should be treated as an input
- Contents of `CheckLicenseTask.allowedLicenseFile` rather than the absolute path should be treated as an input
- Add support for exporting/importing dependency information for multi-licensed modules HOT 2
- Ignore external Jars (ext:"jar")
- No way to Normalize a missing license
- Parent Pom licenses are included even if child pom defines a different license HOT 6
- Release 2.0 missing on releases page HOT 3
- Please make comptible with java 8 again HOT 5
- Root dependency unknowen for Kotlin multiplatform dependencies HOT 3
- `CacheableReportTask` is always up to date after dependency changes when plugin is configured to analyse all configurations
- No license detected for `org.jetbrains.kotlinx:kotlinx-coroutines-core` HOT 4
- Kotlin multiplatform module resolving exceptions HOT 7
- Output dir uses different base pathes
- Multiple reports in the same build script
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gradle-license-report.