Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-24T10:04:53.500721077Z.

Project

Scanned revision c18a21efba2a2763efef1efebd3959848a898abf of Git repository https://github.com/jakartaee/enterprise-beans.git

Index

Rule Violation Summary (3 errors, 8 warnings, 18 hints to resolve)

# Rule Package License Message
1 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

The outbound license CDDL-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is incompatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. Software under a copyleft license such as the EPL-2.0 license normally cannot be redistributed under another copyleft license such as the CDDL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' or put 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' under a different license.
2 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

The outbound license CDDL-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is incompatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. Software under a copyleft license such as the GPL-2.0-only license normally cannot be redistributed under another copyleft license such as the CDDL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' or put 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' under a different license.
3 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

The outbound license EPL-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is incompatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. Software under a copyleft license such as the GPL-2.0-only license normally cannot be redistributed under another copyleft license such as the EPL-2.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' or put 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' under a different license.
4 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
5 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

It is unknown whether the outbound license LicenseRef-scancode-public-domain of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
6 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

It is unknown whether the outbound license NOASSERTION (simplified from 'NOASSERTION WITH Classpath-exception-2.0') of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
7 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

Whether the outbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' depends on the context. Depending compatibility of the EPL-2.0 license with the GPL-2.0-only license is explicitly stated in the GPL-2.0-only license checklist.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
8 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: EPL-2.0

Whether the outbound license GPL-2.0-only of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license EPL-2.0 of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' depends on the context. Depending compatibility of the EPL-2.0 license with the GPL-2.0-only license is explicitly stated in the GPL-2.0-only license checklist.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
9 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

It is unknown whether the outbound license LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
10 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

It is unknown whether the outbound license LicenseRef-scancode-public-domain of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
11 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

It is unknown whether the outbound license NOASSERTION (simplified from 'NOASSERTION WITH Classpath-exception-2.0') of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is compatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
12 DEPENDENCY_LICENSE_CHECK Maven:jakarta.transaction:jakarta.transaction-api:2.0.0 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of dependency 'Maven:jakarta.transaction:jakarta.transaction-api:2.0.0' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
13 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DETECTED: GPL-2.0-only

License GPL-2.0-only of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only as either approved or restricted.
14 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
15 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DETECTED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
16 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DETECTED: LicenseRef-scancode-efsl-1.0

License LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-efsl-1.0 as either approved or restricted.
17 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.
18 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT DETECTED: NOASSERTION WITH Classpath-exception-2.0

License NOASSERTION WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT' is unclassified.

How to fix

Classify NOASSERTION WITH Classpath-exception-2.0 as either approved or restricted.
19 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: GPL-2.0-only

License GPL-2.0-only of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only as either approved or restricted.
20 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
21 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
22 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: LicenseRef-scancode-efsl-1.0

License LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-efsl-1.0 as either approved or restricted.
23 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.
24 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: NOASSERTION

License NOASSERTION of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
25 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT DETECTED: NOASSERTION WITH Classpath-exception-2.0

License NOASSERTION WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT' is unclassified.

How to fix

Classify NOASSERTION WITH Classpath-exception-2.0 as either approved or restricted.
26 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT DETECTED: GPL-2.0-only

License GPL-2.0-only of project 'Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only as either approved or restricted.
27 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT DETECTED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of project 'Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
28 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT DETECTED: LicenseRef-scancode-efsl-1.0

License LicenseRef-scancode-efsl-1.0 of project 'Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-efsl-1.0 as either approved or restricted.
29 PROJECT_LICENSE_CHECK Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of project 'Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.

Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT (api/pom.xml)

VCS Information

Type Git
URL https://github.com/jakartaee/enterprise-beans.git
Path api
Revision c18a21efba2a2763efef1efebd3959848a898abf

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 Maven:jakarta.ejb:jakarta.ejb-api:4.0.1-SNAPSHOT Declared Licenses:
Detected Licenses (from VCS):
CDDL-1.0 (link to the location)
EPL-2.0 (exemplary link to the first of 89 locations)
GPL-2.0-only (link to the location)
GPL-2.0-only WITH Classpath-exception-2.0 (exemplary link to the first of 88 locations)
LicenseRef-scancode-efsl-1.0 (link to the location)
LicenseRef-scancode-public-domain (link to the location)
NOASSERTION WITH Classpath-exception-2.0 (link to the location)
Effective License:
CDDL-1.0 AND EPL-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Classpath-exception-2.0 AND LicenseRef-scancode-efsl-1.0 AND LicenseRef-scancode-public-domain AND NOASSERTION WITH Classpath-exception-2.0
      2 Maven:jakarta.transaction:jakarta.transaction-api:2.0.0
      • compile
      		 Declared Licenses:
      Effective License:

          Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT (pom.xml)

          VCS Information

          Type Git
          URL https://github.com/jakartaee/enterprise-beans.git
          Path
          Revision c18a21efba2a2763efef1efebd3959848a898abf

          Packages

          # Package Scopes Licenses Analyzer Issues Scanner Issues
          1 Maven:jakarta.ejb:jakarta.ejb-parent:4.0.0-SNAPSHOT Declared Licenses:
          Detected Licenses (from VCS):
          CDDL-1.0 (exemplary link to the first of 2 locations)
          EPL-2.0 (exemplary link to the first of 98 locations)
          GPL-2.0-only (link to the location)
          GPL-2.0-only WITH Classpath-exception-2.0 (exemplary link to the first of 97 locations)
          LicenseRef-scancode-efsl-1.0 (exemplary link to the first of 2 locations)
          LicenseRef-scancode-public-domain (exemplary link to the first of 3 locations)
          NOASSERTION (link to the location)
          NOASSERTION WITH Classpath-exception-2.0 (exemplary link to the first of 2 locations)
          Effective License:
          CDDL-1.0 AND EPL-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Classpath-exception-2.0 AND LicenseRef-scancode-efsl-1.0 AND LicenseRef-scancode-public-domain AND NOASSERTION AND NOASSERTION WITH Classpath-exception-2.0

              Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT (spec/pom.xml)

              VCS Information

              Type Git
              URL https://github.com/jakartaee/enterprise-beans.git
              Path spec
              Revision c18a21efba2a2763efef1efebd3959848a898abf

              Packages

              # Package Scopes Licenses Analyzer Issues Scanner Issues
              1 Maven:jakarta.ejb:jakarta.ejb-spec:4.0-SNAPSHOT Detected Licenses (from VCS):
              EPL-2.0 (exemplary link to the first of 4 locations)
              GPL-2.0-only (link to the location)
              GPL-2.0-only WITH Classpath-exception-2.0 (exemplary link to the first of 4 locations)
              LicenseRef-scancode-efsl-1.0 (link to the location)
              LicenseRef-scancode-public-domain (exemplary link to the first of 2 locations)
              Effective License:
              EPL-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Classpath-exception-2.0 AND LicenseRef-scancode-efsl-1.0 AND LicenseRef-scancode-public-domain

                  Repository Configuration

                  
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."