Java Virtal Machine.net

[ News ] rss

February 01, 2011

Mark Wielaard: New GPG key. Finally created a new GPG key using gnupg. The old one was a DSA/1024 bits one and 8 years old. The new one is a RSA/2048 bits one. I will use the new one in the future to sign any release tarballs I might create. pub 2048R/57816A6A 2011-01-29 Key f...

More »

February 01, 2011

Andrew Hughes: [SECURITY] IcedTea6 1.7.8, 1.8.5, 1.9.5 Released!. We are pleased to announce a new set of security releases, IcedTea6 1.7.8, IcedTea6 1.8.5 and IcedTea6 1.9.5. This update contains the following security updates: The IcedTea project provides a harness to build the source code from OpenJDK6 u...

More »

December/2024
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22 232425262728
293031    

[ Archives News
for 'Java Technology' ]

home > news > java technology > how to use continuous integration to protect your projects from open-source license violations

How to Use Continuous Integration to Protect Your Projects from Open-Source License Violations

Every software project experiences the complexity of incorporating open-source and proprietary components that use a wide range of licenses. The BIG question is what can be done to avoid license violations in the face of countless dependencies. This blog post will show you how you can extend your continuous integration builds to automatically track license usage in artifact dependencies and notify you about any license violations as they occur. This allows you to easily identify the problematic dependencies and deal with them early on, during the development process. The problems and the approach taken to solve them apply globally, while the techinique decsribed here leverages the features of the Artifactory artifacts repository. nbsp; Tracking Artifact Licenses - Why is this Hard? Tracking licenses of third-party artifacts is not one of those tasks that get developers excited. With more interesting problems to solve than legal issues, it is not usually high on the priority list for most teams to deal with licenses during active development, so more often than not, this is left as one of the final steps before preparing a release. Even when you do try to take due diligence and track those third party licenses, making sure that all developers verify each dependency and its transitive dependencies for compatibility with your companyrsquo;s license usage policy is not a trivial thing to do. Eventually this results in manually digging...


Date: December, 16 2010
Url: http://www.java.net/blog/yoavl/archive/2010/12/15/how-use-continuous-integration-protect-y


Others News

©2002-2019Java-Virtual-Machine.net pt | it | Free Templates | free website generator | bootstrap image slider