https://romanoroth.com/en/tags/license-compliance/Recent content in License Compliance on Romano RothHugo -- gohugo.ioenRomano RothWed, 25 Jan 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-license-compliance/Wed, 25 Jan 2023 00:00:00 +0000https://romanoroth.com/en/blogs/github-devsecops-license-compliance/<p>GitHub does not ship a license scanner out of the box, and when we went looking in the marketplace, none of the existing actions did what we needed. So we built our own with a colleague from Microsoft and published it. In Part 4 of our GitHub DevSecOps series, Patrick Steger and I plug that License Finder action into our Spring Boot pipeline, configure which licenses are acceptable, and show how to surface the results inside GitHub.</p>https://romanoroth.com/en/blogs/gitlab-devsecops-license-compliance/Wed, 24 Aug 2022 00:00:00 +0000https://romanoroth.com/en/blogs/gitlab-devsecops-license-compliance/<p>You ship a Java application that depends on Spring Boot, which depends on dozens of other libraries, each with its own license — and most teams cannot tell you what those licenses actually are. In Part 4 of our GitLab DevSecOps series, Patrick Steger and I add license compliance to the pipeline so the question is answered automatically on every commit. The good news: with GitLab Ultimate, this is one template line away.</p>