You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Does OWASP Dependency-Check scan for open-source license compliance? Typically, SCA tools verify the licenses of the open-source components in your codebase to ensure compliance with their terms. Additionally, if you have documentation or a webpage about it, could you please share the link?
The text was updated successfully, but these errors were encountered:
Speaking as someone who audits the licences of all dependencies: the licence metadata in the POMs is often wrong or at the very least incomplete anyway. If you want to ensure full compliance, you will have to inspect every single dependency (including transitive dependencies) manually, and yes, that often includes looking at every single file…
Hi,
Does OWASP Dependency-Check scan for open-source license compliance? Typically, SCA tools verify the licenses of the open-source components in your codebase to ensure compliance with their terms. Additionally, if you have documentation or a webpage about it, could you please share the link?
The text was updated successfully, but these errors were encountered: