Menu
We build our Java projects using Gradle, and push the resulting artifacts to Artifactory.
We're using the Gradle Artifactory plugin, and this means we see builds in the Artifactory interface, and we also see the Licenses tab with information about the licenses used in the build.
However, I cannot work out of it is possible to run the license checks using just the Gradle plugin. Are there settings to let me provide an e-mail address for license alerts? Or do I need to be using one of the CI integrations to get that feature?
704
Artifactory is a branded term to refer to a repository manager that organizes all of your binary resources. These resources can include remote artifacts, proprietary libraries, and other third-party resources. A repository manager pulls all of these resources into a single location.
JFrog Artifactory is a universal DevOps solution providing end-to-end automation and management of binaries and artifacts through the application delivery process that improves productivity across your development ecosystem.
JFrog Artifactory is a repository manager that supports all available software package types, enabling automated continous integration and delivery. Add Artifactory to your toolchain and store build artifacts in your Artifactory repository.
While integrations for GitHub are abundant, integrations for GitHub Packages are limited. Artifactory has a rich catalog of integrations for use with the most widely-used CI/CD servers, IDEs, issue trackers, and other DevOps tools and platforms, Even more integrations are available from our many technology partners.
Artifactory does include a Mail Server Configuration section:
Artifactory supports sending mail to notify administrators and other users for significant events that happen in your system.
Some examples are:
- Watch notifications
- Alerts for backup warnings and errors
- License violation notifications
But that is then used through CI plugin, not just the Gradle Artifactory Plugin (source code): see "Using Build Licenses"
You can also set a list of recipients to be notified about license violations as soon as they occur.
This way whenever a dependency with an unknown or unapproved license is added to the build recipients receive an immediate email notification and can tend to any potential license violation.Sending license violation notifications is performed through Artifactory and requires a valid mail server to be configured.
Check the Build Info json format (Artifactory's open integration layer for the CI servers and build tools. The build information is sent to Artifactory in json format.)
It does include:
"licenseControl" : { // Artifactory License Control information
"runChecks" : true, // Artifactory will run automatic license scanning after the build is complete (true/false)
"includePublishedArtifacts" : true, // Should Artifactory run license checks on the build artifacts, in addition to the build dependecies (true/false)
"autoDiscover" : true, // Should Artifactory auto discover licenses (true/false)
"scopesList" : "", // A space-separated list of dependency scopes/configurations to run license violation checks on. If left empty all dependencies from all scopes will be checked.
"licenseViolationsRecipientsList" : "" // Emails of recipients that should be notified of license violations in the build info (space-separated list)
},
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
