Finding the right license
Usually most tools scanning third parties for vulnerabilities also identifies licenses but without telling you explicitly which license belong to which packages.
Dotnet delice
dotnet delice is a tool made by Aaron Powell that will identify for each package transitively the license and group them.
The tool is easy to install, but is only compatible with SDK project:
dotnet tool install -g dotnet-delice
The output is simple. As example, here is the output from the sample project based on angular template:
License Expression: Apache-2.0
├── There are 18 occurances of Apache-2.0
├─┬ Conformance:
│ ├── Is OSI Approved: true
│ ├── Is FSF Free/Libre: true
│ └── Included deprecated IDs: false
└─┬ Packages:
├── Microsoft.AspNetCore.NodeServices@3.1.2
├── Microsoft.AspNetCore.SpaServices@3.1.2
├── Microsoft.AspNetCore.SpaServices.Extensions@3.1.2
├── Microsoft.Extensions.Configuration@3.1.2
├── Microsoft.Extensions.Configuration.Abstractions@3.1.2
├── Microsoft.Extensions.Configuration.Binder@3.1.2
├── Microsoft.Extensions.DependencyInjection@3.1.2
├── Microsoft.Extensions.DependencyInjection.Abstractions@3.1.2
├── Microsoft.Extensions.FileProviders.Abstractions@3.1.2
├── Microsoft.Extensions.FileProviders.Physical@3.1.2
├── Microsoft.Extensions.FileSystemGlobbing@3.1.2
├── Microsoft.Extensions.Logging@3.1.2
├── Microsoft.Extensions.Logging.Abstractions@3.1.2
├── Microsoft.Extensions.Logging.Configuration@3.1.2
├── Microsoft.Extensions.Logging.Console@3.1.2
├── Microsoft.Extensions.Options@3.1.2
├── Microsoft.Extensions.Options.ConfigurationExtensions@3.1.2
└── Microsoft.Extensions.Primitives@3.1.2
License Expression: MIT
├── There are 1 occurances of MIT
├─┬ Conformance:
│ ├── Is OSI Approved: true
│ ├── Is FSF Free/Libre: true
│ └── Included deprecated IDs: false
└─┬ Packages:
└── Newtonsoft.Json@12.0.2
Top comments (0)