Hi everyone, Apache CouchDB is about to make their big 2.0 release. As part of final due diligence we're double-checking all of our dependencies for licenses. Based on prior experiences, I recommended our team leverage FOSSology (https://www.fossology.org/), an open source tool I've used before for scouring source code archives for licenses and allowing them to be tagged as "clear" after a combination of automated and manual analysis.
I'm curious if any other teams out there use FOSSology to help with this ASF-mandatory activity, and if so, would you be willing to share your experiences? Do you have any recommendations for the settings within the automated scanner? We're presently using a combination of Nomos and Monk scanning and finding the results quite satisfactory on a relatively large codebase with complex JavaScript dependencies. Looking forward to your stories! -Joan --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
