Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-05T14:30:20.613734764Z.

Project

Scanned revision c8d9bd7d763eab0058aa656343863f8237169cdf of Git repository https://github.com/eclipse-ee4j/beanvalidation-api.git

Index

Rule Violation Summary (0 errors, 26 warnings, 4 hints to resolve)

# Rule Package License Message
1 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DECLARED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
2 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
3 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DECLARED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
4 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
5 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DECLARED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
6 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
7 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: MIT

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
8 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: MIT

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
9 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.beust:jcommander:1.64 DETECTED: MIT

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:com.beust:jcommander:1.64'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
10 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DECLARED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
11 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
12 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DECLARED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
13 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
14 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DECLARED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
15 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
16 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

It is unknown whether the outbound license Apache-2.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-proprietary-license of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
17 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

It is unknown whether the outbound license EPL-2.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-proprietary-license of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
18 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-proprietary-license of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
19 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-proprietary-license of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
20 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-proprietary-license of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
21 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: MIT

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
22 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: MIT

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
23 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.testng:testng:6.11 DETECTED: MIT

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license MIT of its dependency 'Maven:org.testng:testng:6.11'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
24 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.yaml:snakeyaml:1.17 CONCLUDED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.yaml:snakeyaml:1.17'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
25 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.yaml:snakeyaml:1.17 CONCLUDED: Apache-2.0

It is unknown whether the outbound license LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.yaml:snakeyaml:1.17'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
26 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.yaml:snakeyaml:1.17 CONCLUDED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is compatible with the inbound license Apache-2.0 of its dependency 'Maven:org.yaml:snakeyaml:1.17'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
27 DEPENDENCY_LICENSE_CHECK Maven:org.testng:testng:6.11 DETECTED: LicenseRef-scancode-proprietary-license

License LicenseRef-scancode-proprietary-license of dependency 'Maven:org.testng:testng:6.11' is unclassified.

How to fix

Classify LicenseRef-scancode-proprietary-license as either approved or restricted.
28 PROJECT_LICENSE_CHECK Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT DETECTED: LicenseRef-scancode-efsl-1.0

License LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-efsl-1.0 as either approved or restricted.
29 PROJECT_LICENSE_CHECK Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT DETECTED: LicenseRef-scancode-proprietary-license

License LicenseRef-scancode-proprietary-license of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-proprietary-license as either approved or restricted.
30 PROJECT_LICENSE_CHECK Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT DETECTED: NOASSERTION

License NOASSERTION of project 'Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.

Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT (pom.xml)

VCS Information

Type Git
URL https://github.com/eclipse-ee4j/beanvalidation-api.git
Path
Revision c8d9bd7d763eab0058aa656343863f8237169cdf

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 Maven:jakarta.validation:jakarta.validation-api:3.0.2-SNAPSHOT Declared Licenses:
Detected Licenses (from VCS):
Apache-2.0 (exemplary link to the first of 233 locations)
EPL-2.0 (link to the location)
LicenseRef-scancode-efsl-1.0 (link to the location)
LicenseRef-scancode-proprietary-license (link to the location)
NOASSERTION (link to the location)
Effective License:
Apache-2.0 AND EPL-2.0 AND LicenseRef-scancode-efsl-1.0 AND LicenseRef-scancode-proprietary-license AND NOASSERTION OR Apache-2.0 AND LicenseRef-scancode-efsl-1.0 AND LicenseRef-scancode-proprietary-license AND NOASSERTION
      2 Maven:com.beust:jcommander:1.64
      • test
      		 Declared Licenses:
      Detected Licenses (from VCS):
      Apache-2.0 (exemplary link to the first of 98 locations)
      MIT (exemplary link to the first of 3 locations)
      Effective License:
          3 Maven:org.testng:testng:6.11
          • test
          		 Declared Licenses:
          Detected Licenses (from VCS):
          Apache-2.0 (exemplary link to the first of 7 locations)
          LicenseRef-scancode-proprietary-license (link to the location)
          MIT (link to the location)
          Effective License:
          Apache-2.0 AND LicenseRef-scancode-proprietary-license AND MIT
              4 Maven:org.yaml:snakeyaml:1.17
              • test
              		 Concluded License:
              Declared Licenses:
              Detected Licenses (from artifact):
              Apache-2.0 (exemplary link to the first of 108 locations)
              BSD-3-Clause (exemplary link to the first of 2 locations)
              EPL-1.0 (exemplary link to the first of 2 locations)
              GPL-2.0-or-later (exemplary link to the first of 2 locations)
              LGPL-2.1-or-later (exemplary link to the first of 2 locations)
              Effective License:

                  Repository Configuration

                  
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."