-
Notifications
You must be signed in to change notification settings - Fork 13
/
dependency-licenses.sh
executable file
·65 lines (47 loc) · 1.93 KB
/
dependency-licenses.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/bin/zsh
# # use go-licenses for Go dependency scanning
export GO111MODULE="on"
export GOPROXY=direct
rm -rf go-licenses
git clone [email protected]:google/go-licenses.git
cd go-licenses
go mod download
go install github.com/google/go-licenses@latest
cd ../functions/source/soci-index-generator-lambda
# license scanning
go_modules=$(go-licenses report github.com/aws-ia/cfn-aws-soci-index-builder/soci-index-generator-lambda)
PROJECT_MODULE="github.com/aws-ia/cfn-aws-soci-index-builder/soci-index-generator-lambda"
# use pip-licenses with pipreqs for Python dependency scanning
pip3 install -U pip-licenses
# install pipreqs that generates requirements.txt which incude all Python packages the project uses
pip3 install -U pipreqs
# Generate requirements.txt
cd ../../../ && rm requirements.txt
pipreqs .
# Print scanning results
echo "+=========================================================================================+"
echo " Go Dependencies"
echo "+=========================================================================================+"
echo "| Package License"
echo "+-------------------------------------------------------------------+---------------------+"
while IFS=',' read -r go_module _ license; do
# skip project modules
if [[ "$go_module" == "$PROJECT_MODULE"* ]]; then
continue
fi
printf "| %60s %20s \n" $go_module $license
echo "+-------------------------------------------------------------------+---------------------+"
done <<< "$go_modules"
echo "+====================================+"
echo " Python Dependencies"
echo "+====================================+"
while read line
do
# extract package names
packages=$(echo $line | cut -d "=" -f 1)
# license scanning
pip-licenses -p $packages --format=rst
done < requirements.txt
# clean up
rm -rf go-licenses
rm requirements.txt