Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPL license is mentioned #4

Open
phkrief opened this issue Jun 27, 2022 · 4 comments
Open

GPL license is mentioned #4

phkrief opened this issue Jun 27, 2022 · 4 comments
Assignees
@phkrief @nikosnikolaidis
Labels
IP Review

Comments

@phkrief
Copy link
Contributor

phkrief commented Jun 27, 2022

Dear @nikosnikolaidis,
The folder sonar-scanner-4.6.2.2472-linux is mentioning the GPL.
Obviously, you copy/paste this folder. Are you still using this folder? It seems to be used only for some tests in the class AnalysisService.
Thx
@nikosnikolaidis
Copy link
Contributor

Dear @phkrief,
We are using this folder since it contains the tool that is necessary in order to make code analysis, and it is located here.
Is there a problem with its license?
If yes, I am probably able to add it on the docker image as an external tool, in order to not appear in the code at all since we don't extent it and we use only the execution file of the folder.

@phkrief
Copy link
Contributor Author

phkrief commented Oct 9, 2022

Dear @nikosnikolaidis

How are you doing? It was great chatting with you and your friends the other day... I'm today in Athens (and I was only 20km from the earthquake last night. Indeed I was sleeping in Delphi ;-) ).

In my point of view, it might not be an issue but I will prefer to ask our IP team to check that point.

I will comeback to you...

@waynebeaton
Copy link

It's certainly weird to include an entire executable in a Git repository. I would recommend against doing this just in principle. If for no other reason than you're going to run out of LFS space after you've upgraded a couple of times. Referencing a container is just a better technical solution (IMHO).

AFAICT, you've included binaries for SonarQube and what appears to be AdoptOpenJDK version 11. It's not clear to me whether or not the SonarQube binaries are the open source version. Can you confirm that it's the open source version of SonarQube?

What is this used for? Is this used at build time or is it delivered by the project as part of a product/solution? Based on quick look of the code, I'm thinking that it's the latter. Please confirm.

@nikosnikolaidis
Copy link
Contributor

Dear @waynebeaton,
Thank you for looking into this!

I totally agree with your first point! The only reason that the folder "sonar-scanner-4.6.2.2472-linux" is in the repo is that it could be added to the Docker image that the GitHub actions create. And that was the easiest route at the time.

Yes to my knowledge this is the open source version of SonarScanner and SonarQube.

This folder basically contains the executable file of SonarScanner that I could run from my code in order to initiate a new analysis for SonarQube. So its part of our final product, as SonarQube provides it.
For this reason, is clear that this folder shouldn't exist in the repo at all. I could probably remove it from here, and add it either in the docker image directly or use the docker image of SonarScanner. But will this fix the underline problem of the GPL license?

nikosnikolaidis pushed a commit to nikosnikolaidis/smartclide-TD-Principal that referenced this issue Nov 28, 2022
Sonar Scanner folder removed and added in dockerfile eclipse-opensmar…
364fa84 
…tclide#4
@nikosnikolaidis nikosnikolaidis mentioned this issue Nov 28, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phkrief phkrief

@nikosnikolaidis nikosnikolaidis

Labels
IP Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@waynebeaton @phkrief @nikosnikolaidis