How to Use Continuous Integration to Protect Your Projects from Open-Source License Violations

Every software project experiences the complexity of incorporating open-source and proprietary components that use a wide range of licenses. The BIG question is what can be done to avoid license violations in the face of countless dependencies. This blog post will show you how you can extend your continuous integration builds to automatically track license usage in artifact dependencies and notify you about any license violations as they occur. This allows you to easily identify the problematic dependencies and deal with them early on, during the development process. The problems and the approach taken to solve them apply globally, while the techinique decsribed here leverages the features of the Artifactory artifacts repository. nbsp; Tracking Artifact Licenses - Why is this Hard? Tracking licenses of third-party artifacts is not one of those tasks that get developers excited. With more interesting problems to solve than legal issues, it is not usually high on the priority list for most teams to deal with licenses during active development, so more often than not, this is left as one of the final steps before preparing a release. Even when you do try to take due diligence and track those third party licenses, making sure that all developers verify each dependency and its transitive dependencies for compatibility with your companyrsquo;s license usage policy is not a trivial thing to do. Eventually this results in manually digging...

Date: December, 16 2010
Url: http://www.java.net/blog/yoavl/archive/2010/12/15/how-use-continuous-integration-protect-y

Others News