Skip to main content

Find licenses in use in third-party dependencies

org.openrewrite.java.dependencies.DependencyLicenseCheck

Locates and reports on all licenses in use.

Recipe source

This recipe is only available to users of Moderne.

This recipe is available under the Moderne Proprietary License.

Options

TypeNameDescriptionExample
StringscopeMatch dependencies with the specified scope Valid options: compile, test, runtime, providedcompile
BooleanaddMarkersOptional. Report each license transitively used by a dependency in search results.

Usage

This recipe has required configuration parameters and can only be run by users of Moderne. To run this recipe, you will need to provide the Moderne CLI run command with the required options. Or, if you'd like to create a declarative recipe, please see the below example of a rewrite.yml file:

rewrite.yml
---
type: specs.openrewrite.org/v1beta/recipe
name: com.yourorg.DependencyLicenseCheckExample
displayName: Find licenses in use in third-party dependencies example
recipeList:
- org.openrewrite.java.dependencies.DependencyLicenseCheck:
scope: compile

You will need to have configured the Moderne CLI on your machine before you can run the following command.

shell
mod run . --recipe DependencyLicenseCheck --recipe-option "scope=compile"

If the recipe is not available locally, then you can install it using:

mod config recipes jar install org.openrewrite.recipe:rewrite-java-security:3.8.0

See how this recipe works across multiple open-source repositories

Run this recipe on OSS repos at scale with the Moderne SaaS.

The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.

Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.

Data Tables

License report

org.openrewrite.java.dependencies.table.LicenseReport

Contains a license report of third-party dependencies.

Column NameDescription
GroupThe first part of a dependency coordinate com.google.guava:guava:VERSION.
ArtifactThe second part of a dependency coordinate com.google.guava:guava:VERSION.
VersionThe resolved version.
License nameThe actual name of the license as written in the third-party dependency.
License typeThe license in use, based on the category of license inferred from the name.