godepreport

command module
v0.0.0-...-6572a02 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

README

godepreport

godepreport examines the Go module in the current working directory and prints out a CSV report containing all dependencies, whether the module is coming from a replace directive, the version being used, whether it is an direct or indirect dependency, and the licenses found for the module.

Example usage

Using godepreport to generate a report for itself:

$ go install .
$ godepreport report > godepreport.csv
$ cat godepreport.csv
Dependency,Upstream,Version,Dependency,Licenses
github.com/google/go-cmp,,v0.5.6,Direct,BSD-3-Clause
github.com/google/licensecheck,,v0.3.1,Direct,BSD-3-Clause
golang.org/x/mod,,v0.5.1,Direct,BSD-3-Clause
golang.org/x/xerrors,,v0.0.0-20200804184101-5ec99f83aff1,Transitive,BSD-3-Clause
github.com/grafana/deployment_tools/scripts/godepreport,,,Direct,BSD-3-Clause
golang.org/x/sys,,v0.0.0-20211019181941-9d821ace8654,Transitive,BSD-3-Clause
golang.org/x/tools,,v0.1.8,Direct,BSD-3-Clause

To check approvals:

$ godepreport check

The input to this is a file stored in the repository such as:

$ cat .godepreport.decisions.yaml
license_overrides:
    "github.com/grafana/metrictank":
        who: Some One
        why: Metrictank's license was misdetected
        licenses:
        - AGPL-3
    "github.com/jmespath/go-jmespath":
        who: Some One
        why: Was not detected correctly
        licenses:
        - Apache-2.0
    "github.com/spf13/afero":
        who: Some One
        why: Was not detected correctly
        licenses:
        - Apache-2.0
    "github.com/beevik/ntp":
        who: Some One
        why: Was not detected correctly
        licenses:
        - BSD-2-Clause
allowed_licenses:
    MIT:
        who: Some One
        why: Compatible License
    Apache-2.0:
        who: Some One
        why: Compatible License
    BSD-3-Clause:
        who: Some One
        why: Compatible License
    BSD-2-Clause:
        who: Some One
        why: Compatible License
    MPL-2.0:
        who: Some One
        why: Compatible License
    ISC:
        who: Some One
        why: Compatible License
allowed_modules:
    "github.com/grafana/mimir":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/loki":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/metrictank":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/globalconf":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/raintank/dur":
        who: Some One
        why: Owned by Grafana Labs

Documentation

Overview

Command godepreport generates a CSV of direct and transient Go module dependencies that are used for a compilation.

Source Files

View all Source files

Directories

Path Synopsis
internal
licenses
Package licenses detects licenses and determines whether they are redistributable.
 Package licenses detects licenses and determines whether they are redistributable.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.