Some Tycho dependencies missing from dash license check #424

merks · 2025-01-03T12:27:47Z

This morning I noticed this in my email Bump org.mockito:mockito-core from 5.14.2 to 5.15.2

So when I ran the Orbit updater tools and built Orbit maven-simrel

https://ci.eclipse.org/orbit/job/orbit-simrel-maven-osgi/

I just assumed that the mockito dependencies were reviewed/approved so I ran the build with strict dash checking, but the build failed:

The subsequent build without strict dash checking created the following to issues:

Then @laeubi ran the license check which recorded the summary files:

With the summary below, where indeed the mockito dependencies are missing.

Is this a bug?

maven/mavencentral/aopalliance/aopalliance/1.0, LicenseRef-Public-Domain, approved, CQ2918
maven/mavencentral/biz.aQute.bnd/biz.aQute.bnd.embedded-repo/7.1.0, Apache-2.0 OR EPL-2.0, approved, #17510
maven/mavencentral/biz.aQute.bnd/biz.aQute.bnd.maven/7.1.0, Apache-2.0 OR EPL-2.0, approved, #17524
maven/mavencentral/biz.aQute.bnd/biz.aQute.bnd.util/7.1.0, Apache-2.0, approved, #17512
maven/mavencentral/biz.aQute.bnd/biz.aQute.bndlib/7.1.0, Apache-2.0, approved, #17514
maven/mavencentral/biz.aQute.bnd/biz.aQute.repository/7.1.0, Apache-2.0, approved, #17515
maven/mavencentral/biz.aQute.bnd/biz.aQute.resolve/7.1.0, Apache-2.0, approved, #17513
maven/mavencentral/ch.digitalfondue.jfiveparse/jfiveparse/1.1.1, Apache-2.0, approved, #15452
maven/mavencentral/com.ethlo.time/itu/1.10.2, Apache-2.0, approved, #13168
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.2, Apache-2.0, approved, #13672
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.2, Apache-2.0 AND MIT, approved, #13665
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.2, Apache-2.0, approved, #13671
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.2, Apache-2.0, approved, #13666
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.1, Apache-2.0, approved, #13669
maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.7.0, Apache-2.0, approved, #15476
maven/mavencentral/com.fasterxml.woodstox/woodstox-core/7.1.0, Apache-2.0, approved, #17214
maven/mavencentral/com.github.package-url/packageurl-java/1.5.0, MIT, approved, #12447
maven/mavencentral/com.google.code.gson/gson/2.10, Apache-2.0, approved, #6159
maven/mavencentral/com.google.guava/failureaccess/1.0.2, Apache-2.0, approved, CQ22654
maven/mavencentral/com.google.guava/guava/33.2.1-jre, Apache-2.0 AND CC0-1.0 AND (Apache-2.0 AND CC-PDDC), approved, #14607
maven/mavencentral/com.google.inject/guice/5.1.0, Apache-2.0, approved, #6676
maven/mavencentral/com.googlecode.javaewah/JavaEWAH/1.2.3, Apache-2.0, approved, #17665
maven/mavencentral/com.ibm.icu/icu4j/76.1, LicenseRef-scancode-unicode, approved, #16869
maven/mavencentral/com.kohlschutter.junixsocket/junixsocket-common/2.10.1, Apache-2.0, approved, #17645
maven/mavencentral/com.kohlschutter.junixsocket/junixsocket-core/2.10.1, Apache-2.0, approved, #17020
maven/mavencentral/com.kohlschutter.junixsocket/junixsocket-native-common/2.10.1, Apache-2.0, approved, #17655
maven/mavencentral/com.konghq/unirest-java/3.14.5, MIT AND (Apache-2.0 AND MIT), approved, #5263
maven/mavencentral/com.networknt/json-schema-validator/1.5.1, Apache-2.0 AND Unicode-TOU, approved, #15630
maven/mavencentral/com.thoughtworks.qdox/qdox/2.1.0, Apache-2.0, approved, #17657
maven/mavencentral/commons-cli/commons-cli/1.8.0, Apache-2.0, approved, #14881
maven/mavencentral/commons-codec/commons-codec/1.17.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #14583
maven/mavencentral/commons-io/commons-io/2.18.0, Apache-2.0, approved, #17366
maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
maven/mavencentral/commons-net/commons-net/3.11.1, Apache-2.0, approved, #15057
maven/mavencentral/de.pdark/decentxml/1.4, BSD-2-Clause, approved, CQ10744
maven/mavencentral/de.vandermeer/ascii-utf-themes/0.0.1, Apache-2.0, approved, #5313
maven/mavencentral/de.vandermeer/asciitable/0.3.2, Apache-2.0, approved, #17640
maven/mavencentral/de.vandermeer/char-translation/0.0.2, Apache-2.0, approved, #5315
maven/mavencentral/de.vandermeer/skb-interfaces/0.0.1, Apache-2.0, approved, #5314
maven/mavencentral/io.airlift/aircompressor/0.27, Apache-2.0, approved, #15069
maven/mavencentral/io.github.java-diff-utils/java-diff-utils/4.15, Apache-2.0, approved, #17427
maven/mavencentral/io.takari.maven/takari-smart-builder/1.0.2, EPL-2.0, approved, #16105
maven/mavencentral/io.takari.polyglot/polyglot-common/0.7.2, EPL-1.0, approved, #11532
maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi
maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/2.3.3, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/javax.annotation/javax.annotation-api/1.3.2, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16910
maven/mavencentral/javax.inject/javax.inject/1, Apache-2.0, approved, CQ3555
maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
maven/mavencentral/net.java.dev.jna/jna-platform/5.14.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #11863
maven/mavencentral/net.java.dev.jna/jna-platform/5.15.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #16141
maven/mavencentral/net.java.dev.jna/jna/5.14.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #11861
maven/mavencentral/net.java.dev.jna/jna/5.15.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #16139
maven/mavencentral/org.antlr/ST4/4.0.8, BSD-3-Clause, approved, #2017
maven/mavencentral/org.antlr/antlr-runtime/3.5.2, BSD-3-Clause, approved, #8916
maven/mavencentral/org.antlr/antlr4/4.5.1, , approved, CQ15724
maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, #17660
maven/mavencentral/org.apache.commons/commons-compress/1.27.1, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #17651
maven/mavencentral/org.apache.commons/commons-exec/1.4.0, Apache-2.0, approved, #12607
maven/mavencentral/org.apache.commons/commons-lang3/3.17.0, Apache-2.0, approved, #16044
maven/mavencentral/org.apache.felix/org.apache.felix.scr/2.2.12, Apache-2.0, approved, #15367
maven/mavencentral/org.apache.httpcomponents/httpasyncclient/4.1.5, Apache-2.0, approved, CQ13506
maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0, approved, #15248
maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0, approved, #15248
maven/mavencentral/org.apache.httpcomponents/httpcore-nio/4.4.13, Apache-2.0, approved, CQ13509
maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.13, Apache-2.0, approved, CQ23528
maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528
maven/mavencentral/org.apache.httpcomponents/httpmime/4.5.13, Apache-2.0, approved, CQ11718
maven/mavencentral/org.apache.lucene/lucene-analysis-common/9.12.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause) AND BSD-2-Clause AND BSD-3-Clause AND NAIST-2003, approved, #16380
maven/mavencentral/org.apache.lucene/lucene-analysis-smartcn/9.12.0, Apache-2.0, approved, #16390
maven/mavencentral/org.apache.lucene/lucene-core/9.12.0, Apache-2.0 AND MIT AND (Apache-2.0 AND BSD-3-Clause AND NCSA) AND (Apache-2.0 AND LicenseRef-Python) AND (Apache-2.0 AND ISC) AND (Apache-2.0 AND SunPro) AND (Apache-2.0 AND ICU AND LicenseRef-scancode-unicode-mappings) AND (GPL-2.0-only OR LGPL-2.1-only OR MPL-1.1 OR CC-BY-4.0 OR Apache-2.0) AND BSD-3-Clause AND (Apache-2.0 AND LicenseRef-BSD-style) AND BSD-2-Clause AND NAIST-2003, approved, #16384
maven/mavencentral/org.apache.maven.plugin-testing/maven-plugin-testing-harness/3.3.0, Apache-2.0, approved, #17642
maven/mavencentral/org.apache.maven.plugin-tools/maven-plugin-annotations/3.15.1, Apache-2.0, approved, #16872
maven/mavencentral/org.apache.maven.plugins/maven-failsafe-plugin/3.5.2, Apache-2.0, approved, #16023
maven/mavencentral/org.apache.maven.plugins/maven-gpg-plugin/3.2.7, Apache-2.0, approved, #13662
maven/mavencentral/org.apache.maven.plugins/maven-source-plugin/3.3.1, Apache-2.0, approved, #8852
maven/mavencentral/org.apache.maven.resolver/maven-resolver-api/1.4.1, Apache-2.0, approved, #17669
maven/mavencentral/org.apache.maven.resolver/maven-resolver-api/1.9.20, Apache-2.0, approved, #4954
maven/mavencentral/org.apache.maven.resolver/maven-resolver-api/1.9.22, Apache-2.0, approved, #4954
maven/mavencentral/org.apache.maven.resolver/maven-resolver-connector-basic/1.9.22, Apache-2.0, approved, #7026
maven/mavencentral/org.apache.maven.resolver/maven-resolver-impl/1.9.22, Apache-2.0, approved, #5011
maven/mavencentral/org.apache.maven.resolver/maven-resolver-named-locks/1.9.22, Apache-2.0, approved, #5012
maven/mavencentral/org.apache.maven.resolver/maven-resolver-spi/1.9.22, Apache-2.0, approved, #5013
maven/mavencentral/org.apache.maven.resolver/maven-resolver-transport-file/1.9.22, Apache-2.0, approved, #7028
maven/mavencentral/org.apache.maven.resolver/maven-resolver-transport-http/1.9.22, Apache-2.0, approved, #7031
maven/mavencentral/org.apache.maven.resolver/maven-resolver-transport-wagon/1.9.22, Apache-2.0, approved, #7019
maven/mavencentral/org.apache.maven.resolver/maven-resolver-util/1.4.1, Apache-2.0, approved, #17656
maven/mavencentral/org.apache.maven.resolver/maven-resolver-util/1.9.20, Apache-2.0, approved, #4953
maven/mavencentral/org.apache.maven.resolver/maven-resolver-util/1.9.22, Apache-2.0, approved, #4953
maven/mavencentral/org.apache.maven.shared/maven-common-artifact-filters/3.4.0, Apache-2.0, approved, #15444
maven/mavencentral/org.apache.maven.shared/maven-dependency-analyzer/1.14.1, Apache-2.0, approved, #15833
maven/mavencentral/org.apache.maven.shared/maven-dependency-tree/3.3.0, Apache-2.0, approved, #15834
maven/mavencentral/org.apache.maven.shared/maven-shared-utils/3.3.4, Apache-2.0, approved, #17653
maven/mavencentral/org.apache.maven.shared/maven-shared-utils/3.4.2, Apache-2.0, approved, #13658
maven/mavencentral/org.apache.maven.shared/maven-verifier/1.8.0, Apache-2.0, approved, #2175
maven/mavencentral/org.apache.maven.surefire/maven-surefire-common/3.5.2, Apache-2.0, approved, #16022
maven/mavencentral/org.apache.maven.surefire/surefire-api/3.5.2, Apache-2.0, approved, #16477
maven/mavencentral/org.apache.maven.surefire/surefire-booter/3.5.2, Apache-2.0, approved, #16475
maven/mavencentral/org.apache.maven.surefire/surefire-extensions-api/3.5.2, Apache-2.0, approved, #16479
maven/mavencentral/org.apache.maven.surefire/surefire-extensions-spi/3.5.2, Apache-2.0, approved, #16476
maven/mavencentral/org.apache.maven.surefire/surefire-logger-api/3.5.2, Apache-2.0, approved, #16478
maven/mavencentral/org.apache.maven.surefire/surefire-shared-utils/3.5.2, Apache-2.0, approved, #16474
maven/mavencentral/org.apache.maven.wagon/wagon-file/3.5.3, Apache-2.0, approved, #6006
maven/mavencentral/org.apache.maven.wagon/wagon-http-shared/3.5.3, Apache-2.0, approved, #3758
maven/mavencentral/org.apache.maven.wagon/wagon-http/3.5.3, Apache-2.0, approved, #6005
maven/mavencentral/org.apache.maven.wagon/wagon-provider-api/3.5.3, Apache-2.0, approved, #6017
maven/mavencentral/org.apache.maven/apache-maven/3.9.9, Apache-2.0, approved, #7025
maven/mavencentral/org.apache.maven/maven-archiver/3.6.3, Apache-2.0, approved, #2746
maven/mavencentral/org.apache.maven/maven-artifact/3.9.9, Apache-2.0, approved, #7015
maven/mavencentral/org.apache.maven/maven-builder-support/3.9.9, Apache-2.0, approved, #7027
maven/mavencentral/org.apache.maven/maven-compat/3.9.9, Apache-2.0, approved, #7021
maven/mavencentral/org.apache.maven/maven-core/3.9.9, Apache-2.0, approved, #7017
maven/mavencentral/org.apache.maven/maven-embedder/3.9.9, Apache-2.0, approved, #7029
maven/mavencentral/org.apache.maven/maven-model-builder/3.9.9, Apache-2.0, approved, #7022
maven/mavencentral/org.apache.maven/maven-model/3.9.9, Apache-2.0, approved, #7014
maven/mavencentral/org.apache.maven/maven-plugin-api/3.9.9, Apache-2.0, approved, #7016
maven/mavencentral/org.apache.maven/maven-repository-metadata/3.9.9, Apache-2.0, approved, #7023
maven/mavencentral/org.apache.maven/maven-resolver-provider/3.9.9, Apache-2.0, approved, #7030
maven/mavencentral/org.apache.maven/maven-settings-builder/3.9.9, Apache-2.0, approved, #7020
maven/mavencentral/org.apache.maven/maven-settings/3.9.9, Apache-2.0, approved, #7024
maven/mavencentral/org.apache.maven/maven-slf4j-provider/3.9.9, Apache-2.0 AND MIT, approved, #7018
maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, #17641
maven/mavencentral/org.bndtools/bndtools.api/7.0.0, Apache-2.0 OR EPL-2.0, approved, #13287
maven/mavencentral/org.bndtools/org.bndtools.versioncontrol.ignores.manager/7.0.0, Apache-2.0 OR EPL-2.0, approved, #13285
maven/mavencentral/org.bouncycastle/bcpg-jdk18on/1.79, Apache-2.0, approved, #16963
maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.79, MIT AND CC0-1.0, approved, #16964
maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.79, MIT, approved, #16965
maven/mavencentral/org.codehaus.mojo.versions/versions-api/2.18.0, Apache-2.0, approved, #17215
maven/mavencentral/org.codehaus.mojo.versions/versions-common/2.18.0, Apache-2.0, approved, #17213
maven/mavencentral/org.codehaus.mojo.versions/versions-model/2.18.0, Apache-2.0, approved, #17212
maven/mavencentral/org.codehaus.mojo/animal-sniffer-annotations/1.9, MIT, approved, #17663
maven/mavencentral/org.codehaus.plexus/plexus-archiver/4.10.0, Apache-2.0, approved, #17648
maven/mavencentral/org.codehaus.plexus/plexus-cipher/2.0, Apache-2.0, approved, #17666
maven/mavencentral/org.codehaus.plexus/plexus-classworlds/2.6.0, Apache-2.0 AND Plexus, approved, CQ22821
maven/mavencentral/org.codehaus.plexus/plexus-classworlds/2.8.0, Apache-2.0 AND Plexus, approved, #17667
maven/mavencentral/org.codehaus.plexus/plexus-compiler-api/2.15.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #13654
maven/mavencentral/org.codehaus.plexus/plexus-compiler-javac/2.15.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #13655
maven/mavencentral/org.codehaus.plexus/plexus-compiler-manager/2.15.0, MIT, approved, #13652
maven/mavencentral/org.codehaus.plexus/plexus-component-annotations/2.2.0, Apache-2.0, approved, #12549
maven/mavencentral/org.codehaus.plexus/plexus-interpolation/1.27, Apache-2.0 AND Apache-1.1 AND MIT, approved, #12548
maven/mavencentral/org.codehaus.plexus/plexus-io/3.5.0, Apache-2.0, approved, #17639
maven/mavencentral/org.codehaus.plexus/plexus-java/1.3.0, Apache-2.0, approved, #16473
maven/mavencentral/org.codehaus.plexus/plexus-sec-dispatcher/2.0, Apache-2.0, approved, #17647
maven/mavencentral/org.codehaus.plexus/plexus-utils/3.5.1, Apache-2.0 AND BSD-3-Clause AND BSD-2-Clause and LicenseRef-BSD-Style AND LicenseRef-Public-Domain, approved, #4119
maven/mavencentral/org.codehaus.plexus/plexus-xml/3.0.0, BSD-2-Clause AND BSD-3-Clause AND Apache-2.0 AND Apache-1.1 AND LicenseRef-BSD-style AND LicenseRef-Public-domain, approved, #13653
maven/mavencentral/org.codehaus.plexus/plexus-xml/3.0.1, BSD-2-Clause AND BSD-3-Clause AND Apache-2.0 AND Apache-1.1 AND LicenseRef-BSD-style AND LicenseRef-Public-domain, approved, #13653
maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670
maven/mavencentral/org.cyclonedx/cyclonedx-core-java/9.0.5, Apache-2.0, approved, #16546
maven/mavencentral/org.cyclonedx/cyclonedx-maven-plugin/2.9.1, Apache-2.0, approved, #16547
maven/mavencentral/org.eclipse.jdt/ecj/3.40.0, EPL-2.0, approved, eclipse.jdt
maven/mavencentral/org.eclipse.jdt/org.eclipse.jdt.core/3.40.0, EPL-2.0, approved, eclipse.jdt
maven/mavencentral/org.eclipse.jdt/org.eclipse.jdt.debug/3.21.600, EPL-2.0, approved, eclipse.jdt
maven/mavencentral/org.eclipse.jdt/org.eclipse.jdt.launching.macosx/3.6.300, EPL-2.0, approved, eclipse.jdt
maven/mavencentral/org.eclipse.jdt/org.eclipse.jdt.launching/3.23.100, EPL-2.0, approved, eclipse.jdt
maven/mavencentral/org.eclipse.jgit/org.eclipse.jgit/7.1.0.202411261347-r, BSD-3-Clause, approved, technology.jgit
maven/mavencentral/org.eclipse.pde/org.eclipse.pde.api.tools/1.3.600, EPL-2.0, approved, eclipse.pde
maven/mavencentral/org.eclipse.pde/org.eclipse.pde.build/3.12.600, EPL-2.0, approved, eclipse.pde
maven/mavencentral/org.eclipse.pde/org.eclipse.pde.core/3.20.0, EPL-2.0, approved, eclipse.pde
maven/mavencentral/org.eclipse.platform/org.eclipse.ant.core/3.7.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.compare.core/3.8.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.commands/3.12.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.contenttype/3.9.600, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.expressions/3.9.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.filebuffers/3.8.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.filesystem/1.11.100, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.jobs/3.15.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.net/1.5.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.resources/3.22.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.runtime/3.32.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.core.variables/3.6.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.debug.core/3.22.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.e4.core.contexts/1.13.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.e4.core.di.annotations/1.8.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.e4.core.di/1.9.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.e4.core.services/2.5.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.e4.ui.workbench3/0.17.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.app/1.7.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.common/3.19.100, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.common/3.19.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.concurrent/1.3.100, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.frameworkadmin.equinox/1.3.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.frameworkadmin/2.3.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.artifact.repository/1.5.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.core/2.12.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.director.app/1.3.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.director/2.6.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.engine/2.10.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.garbagecollector/1.3.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.jarprocessor/1.3.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.metadata.repository/1.5.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.metadata/2.9.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.publisher.eclipse/1.6.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.publisher/1.9.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.repository.tools/2.4.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.repository/2.9.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.touchpoint.eclipse/2.4.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.touchpoint.natives/1.5.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.p2.updatesite/1.3.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.preferences/3.11.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.registry/3.12.100, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.registry/3.12.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.security/1.4.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.simpleconfigurator.manipulator/2.3.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.equinox.simpleconfigurator/1.5.300, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.help.base/4.4.600, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.help/3.10.400, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.osgi.compatibility.state/1.2.1000, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.osgi/3.22.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.team.core/3.10.500, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.text/3.14.200, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.platform/org.eclipse.ui.workbench/3.134.0, EPL-2.0, approved, eclipse.platform
maven/mavencentral/org.eclipse.sisu/org.eclipse.sisu.inject/0.9.0.M3, EPL-1.0, approved, technology.sisu
maven/mavencentral/org.eclipse.sisu/org.eclipse.sisu.plexus/0.9.0.M3, EPL-1.0, approved, technology.sisu
maven/mavencentral/org.eclipse.tycho.extras/tycho-pomless/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/p2-maven-plugin/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/sisu-equinox-launching/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/sisu-osgi-api/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/sisu-osgi-connect/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-api/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-artifactcomparator/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-buildtimestamp-jgit/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-bundles-external/2.7.5, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-compiler-jdt/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-core/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-lib-detector/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-metadata-model/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-p2-plugin/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-p2/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-packaging-plugin/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-spi/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.eclipse.tycho/tycho-targetplatform/5.0.0-SNAPSHOT, EPL-2.0, approved, technology.tycho
maven/mavencentral/org.fusesource.jansi/jansi/2.4.1, Apache-2.0, approved, #17658
maven/mavencentral/org.hamcrest/hamcrest/3.0, BSD-3-Clause, approved, #17661
maven/mavencentral/org.junit.platform/junit-platform-commons/1.11.4, EPL-2.0, approved, #15936
maven/mavencentral/org.junit.platform/junit-platform-engine/1.11.4, EPL-2.0, approved, #15932
maven/mavencentral/org.junit.platform/junit-platform-launcher/1.11.4, EPL-2.0, approved, #15934
maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713
maven/mavencentral/org.osgi/org.osgi.dto/1.0.0, Apache-1.1 AND Apache-2.0, approved, #17659
maven/mavencentral/org.osgi/org.osgi.framework/1.8.0, Apache-1.1 AND Apache-2.0, approved, #17646
maven/mavencentral/org.osgi/org.osgi.namespace.extender/1.0.1, Apache-1.1 AND Apache-2.0, approved, #17638
maven/mavencentral/org.osgi/org.osgi.namespace.implementation/1.0.0, Apache-1.1 AND Apache-2.0, approved, #17650
maven/mavencentral/org.osgi/org.osgi.resource/1.0.0, Apache-2.0, approved, #258
maven/mavencentral/org.osgi/org.osgi.resource/1.0.1, Apache-2.0, approved, #258
maven/mavencentral/org.osgi/org.osgi.service.component.annotations/1.5.1, Apache-2.0, approved, #5388
maven/mavencentral/org.osgi/org.osgi.service.component/1.5.1, Apache-2.0, approved, #5389
maven/mavencentral/org.osgi/org.osgi.service.coordinator/1.0.2, Apache-1.1 AND Apache-2.0, approved, #17662
maven/mavencentral/org.osgi/org.osgi.service.event/1.4.1, Apache-2.0, approved, #15500
maven/mavencentral/org.osgi/org.osgi.service.log/1.3.0, Apache-1.1 AND Apache-2.0, approved, #17644
maven/mavencentral/org.osgi/org.osgi.service.prefs/1.1.2, Apache-2.0, approved, #15379
maven/mavencentral/org.osgi/org.osgi.service.repository/1.1.0, Apache-1.1 AND Apache-2.0, approved, #17654
maven/mavencentral/org.osgi/org.osgi.service.resolver/1.1.1, Apache-2.0, approved, #17652
maven/mavencentral/org.osgi/org.osgi.util.function/1.0.0, Apache-1.1 AND Apache-2.0, approved, #17664
maven/mavencentral/org.osgi/org.osgi.util.function/1.1.0, Apache-2.0, approved, #17643
maven/mavencentral/org.osgi/org.osgi.util.function/1.2.0, Apache-2.0, approved, #15222
maven/mavencentral/org.osgi/org.osgi.util.promise/1.0.0, Apache-1.1 AND Apache-2.0, approved, #17649
maven/mavencentral/org.osgi/org.osgi.util.promise/1.2.0, Apache-2.0, approved, #15682
maven/mavencentral/org.osgi/org.osgi.util.promise/1.3.0, Apache-2.0, approved, #5266
maven/mavencentral/org.osgi/osgi.annotation/8.0.1, Apache-2.0, approved, #6909
maven/mavencentral/org.osgi/osgi.annotation/8.1.0, Apache-2.0, approved, #15270
maven/mavencentral/org.osgi/osgi.core/8.0.0, Apache-2.0, approved, #17668
maven/mavencentral/org.ow2.asm/asm-analysis/9.7.1, BSD-3-Clause, approved, #16463
maven/mavencentral/org.ow2.asm/asm-tree/9.7.1, BSD-3-Clause, approved, #16466
maven/mavencentral/org.ow2.asm/asm-util/9.7.1, BSD-3-Clause, approved, #16467
maven/mavencentral/org.ow2.asm/asm/9.7, BSD-3-Clause, approved, #16464
maven/mavencentral/org.ow2.asm/asm/9.7.1, BSD-3-Clause, approved, #16464
maven/mavencentral/org.ow2.sat4j/org.ow2.sat4j.core/2.3.6, (EPL-1.0 OR LGPL-2.0-or-later) AND MIT, approved, #1929
maven/mavencentral/org.ow2.sat4j/org.ow2.sat4j.pb/2.3.6, (EPL-1.0 OR LGPL-2.1-or-later) AND MIT, approved, #1928
maven/mavencentral/org.slf4j/jcl-over-slf4j/1.7.36, Apache-2.0, approved, CQ12843
maven/mavencentral/org.slf4j/slf4j-api/1.7.25, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/1.7.36, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/2.0.16, MIT, approved, #5915
maven/mavencentral/org.sonatype.plexus/plexus-build-api/0.0.7, Apache-2.0, approved, CQ21748
maven/mavencentral/org.tukaani/xz/1.10, 0BSD, approved, #15823
maven/mavencentral/org.tukaani/xz/1.9, LicenseRef-Public-Domain, approved, #15225
maven/mavencentral/org.xmlunit/xmlunit-core/2.10.0, Apache-2.0, approved, #14590
maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232

The text was updated successfully, but these errors were encountered:

waynebeaton · 2025-01-03T21:55:56Z

The Eclipse Dash License Tool's Maven plugin uses the standard Maven mechanism to resolve dependencies; the tool sees what Maven gives it. The only mechanisms that exist to skip content require that you actually configure it to do so. I see no such configuration in your build.

Note that the "strict dash checking" only adds a conditional that throws an exception when it finds a dependency that is not approved; it does not impact the dependency resolution itself.

The mockito libraries appear when I run locally using the latest snapshot build (which is what the GitHub action uses).

$ mvn  org.eclipse.dash:license-tool-plugin:license-check -Ddash.summary=DEPENDENCIES \
-Dorg.slf4j.simpleLogger.defaultLogLevel=debug -Dtycho.target.eager=true \
-Dbuild.type=nightly -Ddash.projectId=tools.orbit -Ddash.fail=true
...
[INFO] Querying Eclipse Foundation for license data for 312 items.
...
$ grep mockito DEPENDENCIES 
maven/mavencentral/org.mockito/mockito-core/5.15.2, Apache-2.0 AND MIT, approved, #18189
maven/mavencentral/org.mockito/mockito-junit-jupiter/5.15.2, MIT, approved, #18190

It looks like the GitHub action is only finding 278 dependencies (vs. 312 when I run locally). I don't know how to account for this difference based on what I observe in the log.

The TL;DR: I'm pretty sure that that it's not a bug in the Eclipse Dash License Tool itself. I don't see anything that's out of place in the GitHub action.

laeubi · 2025-01-04T07:10:41Z

@waynebeaton I think the intention is not that it does not work for orbit (what you seem to have used in your "working" example) but that for Tycho it is not detecting the mockito-core (for orbit it does!).

Here is what I get for Tycho (that is not using Tycho but only "plain" maven):

~/git/..../tycho$ mvn -v
Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937)
Maven home: /.../maven/3.9.9
Java version: 17.0.6, vendor: Oracle Corporation, runtime: /.../java-17-oracle
Default locale: de_DE, platform encoding: UTF-8
OS name: "linux", version: "6.1.0-26-amd64", arch: "amd64", family: "unix"

mvn dependency:list | grep mockito-core
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]
[INFO]    org.mockito:mockito-core:jar:5.15.2:test -- module org.mockito [auto]

mvn -U -B -ntp org.eclipse.dash:license-tool-plugin:license-check -Ddash.fail=true -Dtycho.target.eager=true --settings licenseCheckMavenSettings.xml -Ddash.summary=DEPENDENCIES
...
[INFO] Querying Eclipse Foundation for license data for 278 items.
...

Then grep mockito DEPENDENCIES returns empty results. Maybe it is because test dependencies are not considered?

laeubi · 2025-01-04T07:24:20Z

Maybe it is because test dependencies are not considered?

If my assumption is correct, I think it would be nice to have such a line in the summary for the Tycho case:

$ grep mockito DEPENDENCIES 
maven/mavencentral/org.mockito/mockito-core/5.15.2, ignored because of test scope
maven/mavencentral/org.mockito/mockito-junit-jupiter/5.15.2, ignored because of test scope

waynebeaton · 2025-01-06T19:10:13Z

By default, the Maven plugin only includes those dependencies that are in the compile scope. You can override this with -DincludeScope=test. There's more information here.

I think it would be nice to have such a line in the summary for the Tycho case:

The Eclipse Dash License Tool provides licence information for the list of dependencies that are provided. Making an assessment that certain dependencies are considered separately/differently is not in scope.

merks · 2025-01-07T11:34:07Z

I see that explains everything. So if Tycho wants those reviewed, that's their option if they wish.

laeubi · 2025-01-11T10:25:32Z

I made an experiment and with that option it seem to find one not vetted license now:

Include all scopes for dependency analysis eclipse-tycho/tycho#4593

so at least this seem to make a difference

merks · 2025-01-11T10:41:08Z

Can you check the summary files.

merks closed this as completed Jan 7, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Some Tycho dependencies missing from dash license check #424

Some Tycho dependencies missing from dash license check #424

merks commented Jan 3, 2025

waynebeaton commented Jan 3, 2025

laeubi commented Jan 4, 2025 •

edited

Loading

laeubi commented Jan 4, 2025

waynebeaton commented Jan 6, 2025

merks commented Jan 7, 2025

laeubi commented Jan 11, 2025

merks commented Jan 11, 2025

Some Tycho dependencies missing from dash license check #424

Some Tycho dependencies missing from dash license check #424

Comments

merks commented Jan 3, 2025

waynebeaton commented Jan 3, 2025

laeubi commented Jan 4, 2025 • edited Loading

laeubi commented Jan 4, 2025

waynebeaton commented Jan 6, 2025

merks commented Jan 7, 2025

laeubi commented Jan 11, 2025

merks commented Jan 11, 2025

laeubi commented Jan 4, 2025 •

edited

Loading