⚡ FAST and COMPREHENSIVE OSS license audit tool ⚡
OSS license auditor helps you track and validate licenses of all your dependencies in multiple programming languages. Thanks to the speed of Golang, this is one of the FASTEST tools you can use to audit licenses used by the dependencies used in your code. That means it will not be expensive to run it in your CI/CD pipelines.
Currently, this tool supports:
- JavaScript/TypeScript: NPM -
package-lock.json - JavaScript/TypeScript: PNPM -
pnpm-lock.yaml - JavaScript/TypeScript: Yarn -
yarn.lock(only from NPM) - Go: Go modules -
go.mod
Later, it will support:
- JavaScript/TypeScript: Yarn -
yarn.lock(from other sources) - Python: pip -
requirements.txt - Java: Maven -
pom.xml - PHP: Composer -
composer.json
If you like this project, remember to give us a star ⭐ on GitHub. (Spoiler: It motivates a lot!)
You can also support the creator of this project by buying me a coffee.
Project layout is based on Standard Go Project Layout.
- Docker image on Hub: TBD
- GitHub Action on Marketplace: TBD
To run this project, you need to have Go installed on your machine. Then, run the following command inside the root directory of this project
go run cmd/olaudit/olaudit.go --path /path/to/your/projectAlternatively, you can build the project and run the binary file:
go build -o olaudit cmd/olaudit/olaudit.go
./olaudit --path /path/to/your/projectThis project is also available as a GitHub Action. You can use it in your CI/CD pipelines.
Example usage:
name: OSS License Auditor
on:
pull_request:
branches: [ master ]
jobs:
oss-license-auditor:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: OSS License Auditor
uses: digi-wolk/olaudit@v1
with:
path: .To run unit test for this project, run the following command:
go test ./...To run code coverage tests and ensure coverage is above 70%, use the provided script:
./scripts/run-coverage.shThis script reads package exclusions from .codecov.yml and generates a coverage report. You can configure which packages to exclude from coverage calculations by editing the .codecov.yml file:
# Configuration file for code coverage settings
# Packages listed here will be excluded from coverage calculations
exclude_packages:
- cmd/olaudit
- internal/cli
- internal/print-dependencies
- test/fixturesTo view the detailed coverage report:
go tool cover -func=coverage.outOr to view the coverage report in HTML format:
go tool cover -html=coverage.out -o coverage.htmlPlease read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.
You can get the latest version number by:
- Checkin the CHANGELOG.md file
- Running this command:
git describe --abbrev=0 --tags --match "v*"You can create a release by tagging the version as follows:
# Update the version before running the command
RELEASE_VERSION="v0.2.0"
git tag "${RELEASE_VERSION}" -m "Release version ${RELEASE_VERSION}"
git push origin "${RELEASE_VERSION}"The GitHub Action release workflow triggers immediately after the tag is pushed upstream. It will build and publish the docker image into DockerHub.
Docker image is available on Docker Hub.
You can pull the latest version by running the following command:
docker pull prazian/oss-license-audit:latestYou can pull a specific version by running the following command:
docker pull prazian/oss-license-audit:v0.0.1- Pooyan Razian: github.com/prazian - pooyan.info
- < Become the first co-maintainer and add your name here! >
Support this project by becoming a sponsor. Your logo will show up here with a link to your website