-
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
license determination fails for dependency with version-embedding package import path #79
Comments
Versions being part of the import path is indeed not an issue. It's that I reduced the threshold to I also added a log message in
I'm not pushing a new release for this, but if you want, you can try it with
|
Using the beta 2 of cyclonedx-gomod on my public lxkns Github project seems to show a problem with license determination when the package import path contains version information. Of course, I might be mistaken here and this might not be a problem of cyclonedx-gomod but instead of the license checking dependency.
When running
cyclonedx-gomod app -json -output ../lxkns-bom.json -main cmd/lxkns/ -licenses -std -verbose .
on the checked-out lxkns repository, the bom entry for cenkalti's backoff module catches my eye:A check with the repository shows a LICENSE file for branch v4: MIT license.
Is this just a detection problem or instead a versioned import path issue?
The text was updated successfully, but these errors were encountered: