Showing results for 
Show  only  | Search instead for 
Did you mean: 
Active participant

Open Source Frameworks Identification

The automated component detection only identifies sub-components of a larger development framework. For example, our developers may be using Spring Boot framework, Angular 7 framework, etc. and CodeInsight will find 100+ sub-components and provide no hierarchy information for which components belong to the larger framework. This causes our analysts to waste a lot of effort researching the license of the sub-component.


The product should provide a method for establishing a license component hierarchy (see examples below) for complex open source frameworks so that we don’t have to waste a lot of effort researching obscure sub-component licenses.


Apache CXF (Apache 2.0)

                Component 1 (MIT)

                WSDL4J (CPL) à Weak Copyleft but follows ASF policy guidelines to only include binary file


Spring Boot (Apache 2.0)

                Component 1 (MIT)


                Component 100 (CPPL)


Angular 7 JavaScript Framework (MIT)

                Node package 1 (MIT)


Node package 1000 (???)

0 Kudos