Ask HN: Automated way to check open source licenses?
Is there a way to be alerted when you introduce an open source component with a dangerous license (GPL) into your codebase? Ideally it would integrate into GitHub like TravisCI, to alert me when a Pull Request introduces a component, or if a license changed on a component that was upgraded.
I know of a few products that are related: - DavidDM (https://david-dm.org/) does dependency checking - Snyk (https://snyk.io/) does vulnerability checking - Blackduck (https://www.blackducksoftware.com/) does everything, but it's heavy, not hosted, and expensive.
I was thinking about building one myself if I can't find something out there. Would anyone else use it? Node.js and Bower support first, others later.
0 comments
[ 4.8 ms ] story [ 13.5 ms ] threadNo comments yet.