The fossa-cli based scan or what we call a provided build will create a dependency graph from your built project, upload the information to FOSSA and then FOSSA will determine the licensing of those dependent components. We do not currently check the files and headers within the project for licensing directly during the fossa-cli analyze step. This includes licensing in comments and header files as well as LICENSE files in the project.
If you need the scan to pull in the licenses located in local files, you can use the automated builds capability to insure that the project itself is fully scanned for licenses. You can also manually add the license for the project in the project "Licenses" tab and selecting the "Add" button in the "Directly In Code" section.
Future versions of the fossa-cli may include scanning for licenses within project files however at this time we don't have a specific timeframe for implementation of this feature.
Comments
0 comments
Please sign in to leave a comment.