cancel
Showing results for 
Search instead for 
Did you mean: 
sewechad
Active participant

Open Source Frameworks Identification

The automated component detection only identifies sub-components of a larger development framework. For example, our developers may be using Spring Boot framework, Angular 7 framework, etc. and CodeInsight will find 100+ sub-components and provide no hierarchy information for which components belong to the larger framework. This causes our analysts to waste a lot of effort researching the license of the sub-component.

 

The product should provide a method for establishing a license component hierarchy (see examples below) for complex open source frameworks so that we don’t have to waste a lot of effort researching obscure sub-component licenses.

 

Apache CXF (Apache 2.0)

                Component 1 (MIT)

                WSDL4J (CPL) à Weak Copyleft but follows ASF policy guidelines to only include binary file

 

Spring Boot (Apache 2.0)

                Component 1 (MIT)

                …

                Component 100 (CPPL)

 

Angular 7 JavaScript Framework (MIT)

                Node package 1 (MIT)

                …

Node package 1000 (???)

0 Kudos