Repository Management with Nexus

12.4. Example: Resolving a License Issue

The following example details how you can analyze a license issue of an artifact found in your repository health check and determine a solution with the help of information available in Nexus.

Your repository health check detail report indicated that Hibernate might have issues due to its Threat Level declared as Non-Standard. Looking at your software artifacts you found that you are indeed using this version of Hibernate. Searching for the artifact in Nexus provides you with the search results list and the Component Info tab for the specific version displayed in Figure 12.9, “Viewing License Analysis Results for Hibernate”.


Figure 12.9. Viewing License Analysis Results for Hibernate

The Component Info tab displays the declared license of Hibernate is the LGPL-3.0 license. Contrary to that, the licenses observed in the source code include Apache-1.1, Apache-2.0, LGPL-2.1, LGPL and Non-Standard.

Looking at newer versions of Hibernate you find that the observed license in the source code changed to Not-Provided. Given this change you can conclude that the license headers in the individual source code files were removed or otherwise altered and the declared license was modified to LGPL-2.1.

With this information in hand you determine that you will need to contact your lawyers to figure out if you are okay to upgrade to a newer version of Hibernate to remedy the uncertainty of the license. In addition, you will need to decide if the LGPL-2.0 is compatible with the distribution mechanism of your software and approved by your lawyers.

In the above steps you learned how Nexus provides a lot of information allowing you to effectively carry out our component lifecycle management with a minimum amount of effort.