Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-06T10:13:12.991504275Z.

Project

Scanned revision ba5139e5f8562a22644ef5bd6b772d00baa9c880 of Git repository https://github.com/eclipse/sisu.plexus.git

Index

Rule Violation Summary (7 errors, 12 warnings, 13 hints to resolve)

# Rule Package License Message
1 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:ch.qos.logback:logback-classic:1.1.11 DETECTED: LGPL-2.1-only

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license LGPL-2.1-only of its dependency 'Maven:ch.qos.logback:logback-classic:1.1.11'. Software under a copyleft license such as the LGPL-2.1-only license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:ch.qos.logback:logback-classic:1.1.11' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
2 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:ch.qos.logback:logback-classic:1.1.11 DECLARED: LGPL-2.1-or-later

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license LGPL-2.1-or-later of its dependency 'Maven:ch.qos.logback:logback-classic:1.1.11'. Software under a copyleft license such as the LGPL-2.1-or-later license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:ch.qos.logback:logback-classic:1.1.11' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
3 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:ch.qos.logback:logback-core:1.1.11 DETECTED: LGPL-2.1-only

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license LGPL-2.1-only of its dependency 'Maven:ch.qos.logback:logback-core:1.1.11'. Software under a copyleft license such as the LGPL-2.1-only license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:ch.qos.logback:logback-core:1.1.11' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
4 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:ch.qos.logback:logback-core:1.1.11 DECLARED: LGPL-2.1-or-later

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license LGPL-2.1-or-later of its dependency 'Maven:ch.qos.logback:logback-core:1.1.11'. Software under a copyleft license such as the LGPL-2.1-or-later license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:ch.qos.logback:logback-core:1.1.11' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
5 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:javax.annotation:javax.annotation-api:1.2 DECLARED: CDDL-1.0

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license CDDL-1.0 of its dependency 'Maven:javax.annotation:javax.annotation-api:1.2'. Software under a copyleft license such as the CDDL-1.0 license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:javax.annotation:javax.annotation-api:1.2' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
6 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:javax.annotation:javax.annotation-api:1.2 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license GPL-2.0-only (simplified from 'GPL-2.0-only WITH Classpath-exception-2.0') of its dependency 'Maven:javax.annotation:javax.annotation-api:1.2'. Software under a copyleft license such as the GPL-2.0-only license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:javax.annotation:javax.annotation-api:1.2' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
7 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:junit:junit:4.13.2 CONCLUDED: EPL-2.0

The outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is incompatible with the inbound license EPL-2.0 of its dependency 'Maven:junit:junit:4.13.2'. Software under a copyleft license such as the EPL-2.0 license normally cannot be redistributed under another copyleft license such as the EPL-1.0 license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'Maven:junit:junit:4.13.2' or put 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' under a different license.
8 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:aopalliance:aopalliance:1.0 CONCLUDED: LicenseRef-Public-Domain

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license LicenseRef-Public-Domain of its dependency 'Maven:aopalliance:aopalliance:1.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
9 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.google.guava:guava:16.0.1 DETECTED: CC-PDDC

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license CC-PDDC of its dependency 'Maven:com.google.guava:guava:16.0.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
10 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:com.google.guava:guava:16.0.1 DETECTED: LicenseRef-scancode-public-domain

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-public-domain of its dependency 'Maven:com.google.guava:guava:16.0.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
11 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-classworlds:2.6.0 DETECTED: Plexus

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license Plexus of its dependency 'Maven:org.codehaus.plexus:plexus-classworlds:2.6.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
12 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: Apache-1.1

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license Apache-1.1 of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. There is insufficient information or knowledge whether the Apache-1.1 license is compatible with the EPL-1.0 license or not. Therefore, a general recommendation on the compatibility of the Apache-1.1 license with the EPL-1.0 license cannot be given.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
13 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: LicenseRef-scancode-indiana-extreme

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-indiana-extreme of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
14 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: LicenseRef-scancode-public-domain

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license LicenseRef-scancode-public-domain of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
15 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: NOASSERTION

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license NOASSERTION of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
16 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: SAX-PD

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license SAX-PD of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
17 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: xpp

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license xpp of its dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
18 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.osgi:osgi.core:5.0.0 DETECTED: Apache-1.1

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license Apache-1.1 of its dependency 'Maven:org.osgi:osgi.core:5.0.0'. There is insufficient information or knowledge whether the Apache-1.1 license is compatible with the EPL-1.0 license or not. Therefore, a general recommendation on the compatibility of the Apache-1.1 license with the EPL-1.0 license cannot be given.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
19 OSADL_PROJECT_LICENSE_COMPATIBILITY Maven:org.osgi:osgi.core:5.0.0 DETECTED: NOASSERTION

It is unknown whether the outbound license EPL-1.0 of project 'Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT' is compatible with the inbound license NOASSERTION of its dependency 'Maven:org.osgi:osgi.core:5.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
20 DEPENDENCY_LICENSE_CHECK Maven:aopalliance:aopalliance:1.0 CONCLUDED: LicenseRef-Public-Domain

License LicenseRef-Public-Domain of dependency 'Maven:aopalliance:aopalliance:1.0' is unclassified.

How to fix

Classify LicenseRef-Public-Domain as either approved or restricted.
21 DEPENDENCY_LICENSE_CHECK Maven:com.google.guava:guava:16.0.1 DETECTED: CC-PDDC

License CC-PDDC of dependency 'Maven:com.google.guava:guava:16.0.1' is unclassified.

How to fix

Classify CC-PDDC as either approved or restricted.
22 DEPENDENCY_LICENSE_CHECK Maven:com.google.guava:guava:16.0.1 DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of dependency 'Maven:com.google.guava:guava:16.0.1' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.
23 DEPENDENCY_LICENSE_CHECK Maven:javax.annotation:javax.annotation-api:1.2 DECLARED: GPL-2.0-only WITH Classpath-exception-2.0

License GPL-2.0-only WITH Classpath-exception-2.0 of dependency 'Maven:javax.annotation:javax.annotation-api:1.2' is unclassified.

How to fix

Classify GPL-2.0-only WITH Classpath-exception-2.0 as either approved or restricted.
24 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-classworlds:2.6.0 DETECTED: Plexus

License Plexus of dependency 'Maven:org.codehaus.plexus:plexus-classworlds:2.6.0' is unclassified.

How to fix

Classify Plexus as either approved or restricted.
25 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: LicenseRef-scancode-indiana-extreme

License LicenseRef-scancode-indiana-extreme of dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0' is unclassified.

How to fix

Classify LicenseRef-scancode-indiana-extreme as either approved or restricted.
26 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: LicenseRef-scancode-public-domain

License LicenseRef-scancode-public-domain of dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0' is unclassified.

How to fix

Classify LicenseRef-scancode-public-domain as either approved or restricted.
27 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: NOASSERTION

License NOASSERTION of dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
28 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: SAX-PD

License SAX-PD of dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0' is unclassified.

How to fix

Classify SAX-PD as either approved or restricted.
29 DEPENDENCY_LICENSE_CHECK Maven:org.codehaus.plexus:plexus-utils:3.3.0 DETECTED: xpp

License xpp of dependency 'Maven:org.codehaus.plexus:plexus-utils:3.3.0' is unclassified.

How to fix

Classify xpp as either approved or restricted.
30 DEPENDENCY_LICENSE_CHECK Maven:org.osgi:osgi.core:5.0.0 DETECTED: NOASSERTION

License NOASSERTION of dependency 'Maven:org.osgi:osgi.core:5.0.0' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
31 PROJECT_LICENSE_CHECK Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT DETECTED: GPL-1.0-or-later

License GPL-1.0-or-later of project 'Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-1.0-or-later as either approved or restricted.
32 PROJECT_LICENSE_CHECK Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT DETECTED: GPL-2.0-only

License GPL-2.0-only of project 'Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT' is unclassified.

How to fix

Classify GPL-2.0-only as either approved or restricted.

Issue Summary (1 errors, 0 warnings, 0 hints to resolve)

Issues from excluded components are not shown in this summary.

Packages

# Package Analyzer Issues Scanner Issues
1 Maven:javax.annotation:javax.annotation-api:1.2 Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT

  • 2023-04-06T10:12:43.052916049Z [ERROR]: Downloader - Could not create file archive for 'Maven:javax.annotation:javax.annotation-api:1.2': DownloadException: Unable to initialize a Subversion working tree in '/tmp/ort-DefaultWorkingTreeCache1491407247843513823' from https://svn.java.net/svn/glassfish~svn.
    Caused by: SVNException: svn: E175011: Repository moved temporarily to 'http://www.oracle.com/splash/java.net/maintenance/index.html'; please relocate

Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT (org.eclipse.sisu.plexus/pom.xml)

VCS Information

Type Git
URL https://github.com/eclipse/sisu.plexus.git
Path org.eclipse.sisu.plexus
Revision ba5139e5f8562a22644ef5bd6b772d00baa9c880

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 Maven:org.eclipse.sisu:org.eclipse.sisu.plexus:0.9.0-SNAPSHOT Declared Licenses:
Detected Licenses (from VCS):
EPL-1.0 (exemplary link to the first of 172 locations)
Effective License:
      2 Maven:aopalliance:aopalliance:1.0
      • provided
      		 Concluded License:
      LicenseRef-Public-Domain
      Declared Licenses:
      LicenseRef-scancode-public-domain-disclaimer
      Effective License:
      LicenseRef-Public-Domain
          3 Maven:ch.qos.logback:logback-classic:1.1.11
          • test
          		 Declared Licenses:
          Detected Licenses (from artifact):
          EPL-1.0 (exemplary link to the first of 166 locations)
          LGPL-2.1-only (exemplary link to the first of 166 locations)
          Effective License:
              4 Maven:ch.qos.logback:logback-core:1.1.11
              • test
              		 Declared Licenses:
              Detected Licenses (from artifact):
              EPL-1.0 (exemplary link to the first of 320 locations)
              LGPL-2.1-only (exemplary link to the first of 320 locations)
              Effective License:
                  5 Maven:com.google.guava:guava:16.0.1
                  • provided
                  		 Declared Licenses:
                  Detected Licenses (from artifact):
                  Apache-2.0 (exemplary link to the first of 459 locations)
                  CC-PDDC (link to the location)
                  CC0-1.0 (exemplary link to the first of 5 locations)
                  LicenseRef-scancode-public-domain (exemplary link to the first of 4 locations)
                  Effective License:
                  Apache-2.0 AND CC-PDDC AND CC0-1.0 AND LicenseRef-scancode-public-domain
                      6 Maven:com.google.inject:guice:4.0
                      • provided
                      		 Concluded License:
                      Declared Licenses:
                      Detected Licenses (from VCS):
                      Apache-2.0 (exemplary link to the first of 521 locations)
                      NOASSERTION (link to the location)
                      Effective License:
                          7 Maven:javax.annotation:javax.annotation-api:1.2
                          • compile
                          		 Declared Licenses:
                          Effective License:

                            • 2023-04-06T10:12:43.052916049Z [ERROR]: Downloader - Could not create file archive for 'Maven:javax.annotation:javax.annotation-api:1.2': DownloadException: Unable to initialize a Subversion working tree in '/tmp/ort-DefaultWorkingTreeCache1491407247843513823' from https://svn.java.net/svn/glassfish~svn.
                              Caused by: SVNException: svn: E175011: Repository moved temporarily to 'http://www.oracle.com/splash/java.net/maintenance/index.html'; please relocate
                            8 Maven:javax.enterprise:cdi-api:1.2
                            • compile
                            		 Concluded License:
                            Declared Licenses:
                            Detected Licenses (from artifact):
                            Effective License:
                                9 Maven:javax.inject:javax.inject:1
                                • provided
                                		 Concluded License:
                                Declared Licenses:
                                Detected Licenses (from artifact):
                                Apache-2.0 (exemplary link to the first of 7 locations)
                                Effective License:
                                    10 Maven:junit:junit:4.13.2
                                    • compile
                                    		 Concluded License:
                                    Declared Licenses:
                                    Detected Licenses (from VCS):
                                    Apache-2.0 (exemplary link to the first of 4 locations)
                                    EPL-1.0 (exemplary link to the first of 5 locations)
                                    EPL-2.0 (link to the location)
                                    NOASSERTION (link to the location)
                                    Effective License:
                                        11 Maven:org.codehaus.plexus:plexus-classworlds:2.6.0
                                        • compile
                                        		 Declared Licenses:
                                        Detected Licenses (from artifact):
                                        Apache-2.0 (exemplary link to the first of 31 locations)
                                        Plexus (exemplary link to the first of 5 locations)
                                        Effective License:
                                            12 Maven:org.codehaus.plexus:plexus-component-annotations:2.1.0
                                            • compile
                                            		 Concluded License:
                                            Declared Licenses:
                                            Detected Licenses (from VCS):
                                            Apache-2.0 (exemplary link to the first of 290 locations)
                                            LGPL-2.0-or-later (link to the location)
                                            MIT (exemplary link to the first of 147 locations)
                                            NOASSERTION (link to the location)
                                            SAX-PD (link to the location)
                                            xpp (link to the location)
                                            Effective License:
                                                13 Maven:org.codehaus.plexus:plexus-utils:3.3.0
                                                • compile
                                                		 Declared Licenses:
                                                Detected Licenses (from artifact):
                                                Apache-1.1 (exemplary link to the first of 10 locations)
                                                Apache-2.0 (exemplary link to the first of 69 locations)
                                                BSD-2-Clause (link to the location)
                                                BSD-3-Clause (exemplary link to the first of 4 locations)
                                                LicenseRef-scancode-indiana-extreme (link to the location)
                                                LicenseRef-scancode-public-domain (exemplary link to the first of 6 locations)
                                                NOASSERTION (link to the location)
                                                SAX-PD (exemplary link to the first of 4 locations)
                                                xpp (link to the location)
                                                Effective License:
                                                Apache-1.1 AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-indiana-extreme AND LicenseRef-scancode-public-domain AND NOASSERTION AND SAX-PD AND xpp
                                                    14 Maven:org.eclipse.sisu:org.eclipse.sisu.inject:0.9.0-20211026.154805-10
                                                    • compile
                                                        15 Maven:org.hamcrest:hamcrest-core:1.3
                                                        • compile
                                                        		 Concluded License:
                                                        Declared Licenses:
                                                        Effective License:
                                                            16 Maven:org.osgi:osgi.core:5.0.0
                                                            • compile
                                                            		 Declared Licenses:
                                                            Detected Licenses (from artifact):
                                                            Apache-1.1 (link to the location)
                                                            Apache-2.0 (exemplary link to the first of 110 locations)
                                                            NOASSERTION (link to the location)
                                                            Effective License:
                                                            Apache-1.1 AND Apache-2.0 AND NOASSERTION
                                                                17 Maven:org.slf4j:slf4j-api:1.7.36
                                                                • compile
                                                                		 Declared Licenses:
                                                                Detected Licenses (from artifact):
                                                                MIT (exemplary link to the first of 27 locations)
                                                                Effective License:

                                                                    Maven:org.eclipse.sisu:org.eclipse.sisu.plexus.extender:0.9.0-SNAPSHOT (org.eclipse.sisu.plexus.extender/pom.xml)

                                                                    VCS Information

                                                                    Type Git
                                                                    URL https://github.com/eclipse/sisu.plexus.git
                                                                    Path org.eclipse.sisu.plexus.extender
                                                                    Revision ba5139e5f8562a22644ef5bd6b772d00baa9c880

                                                                    Packages

                                                                    # Package Scopes Licenses Analyzer Issues Scanner Issues
                                                                    1 Maven:org.eclipse.sisu:org.eclipse.sisu.plexus.extender:0.9.0-SNAPSHOT Declared Licenses:
                                                                    Detected Licenses (from VCS):
                                                                    EPL-1.0 (exemplary link to the first of 4 locations)
                                                                    Effective License:

                                                                        Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT (pom.xml)

                                                                        VCS Information

                                                                        Type Git
                                                                        URL https://github.com/eclipse/sisu.plexus.git
                                                                        Path
                                                                        Revision ba5139e5f8562a22644ef5bd6b772d00baa9c880

                                                                        Packages

                                                                        # Package Scopes Licenses Analyzer Issues Scanner Issues
                                                                        1 Maven:org.eclipse.sisu:sisu-plexus:0.9.0-SNAPSHOT Declared Licenses:
                                                                        Detected Licenses (from VCS):
                                                                        Apache-2.0 (exemplary link to the first of 6 locations)
                                                                        BSD-3-Clause (exemplary link to the first of 2 locations)
                                                                        CC-BY-3.0 (exemplary link to the first of 2 locations)
                                                                        EPL-1.0 (exemplary link to the first of 180 locations)
                                                                        GPL-1.0-or-later (link to the location)
                                                                        GPL-2.0-only (exemplary link to the first of 4 locations)
                                                                        MIT (exemplary link to the first of 5 locations)
                                                                        Effective License:

                                                                            Repository Configuration

                                                                            
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."