godepreport

command module

v0.0.0-...-6572a02 Latest Latest Go to latest Published: Jan 7, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

README ¶

godepreport

godepreport examines the Go module in the current working directory and prints out a CSV report containing all dependencies, whether the module is coming from a replace directive, the version being used, whether it is an direct or indirect dependency, and the licenses found for the module.

Example usage

Using godepreport to generate a report for itself:

$ go install .
$ godepreport report > godepreport.csv
$ cat godepreport.csv
Dependency,Upstream,Version,Dependency,Licenses
github.com/google/go-cmp,,v0.5.6,Direct,BSD-3-Clause
github.com/google/licensecheck,,v0.3.1,Direct,BSD-3-Clause
golang.org/x/mod,,v0.5.1,Direct,BSD-3-Clause
golang.org/x/xerrors,,v0.0.0-20200804184101-5ec99f83aff1,Transitive,BSD-3-Clause
github.com/grafana/deployment_tools/scripts/godepreport,,,Direct,BSD-3-Clause
golang.org/x/sys,,v0.0.0-20211019181941-9d821ace8654,Transitive,BSD-3-Clause
golang.org/x/tools,,v0.1.8,Direct,BSD-3-Clause

To check approvals:

$ godepreport check

The input to this is a file stored in the repository such as:

$ cat .godepreport.decisions.yaml
license_overrides:
    "github.com/grafana/metrictank":
        who: Some One
        why: Metrictank's license was misdetected
        licenses:
        - AGPL-3
    "github.com/jmespath/go-jmespath":
        who: Some One
        why: Was not detected correctly
        licenses:
        - Apache-2.0
    "github.com/spf13/afero":
        who: Some One
        why: Was not detected correctly
        licenses:
        - Apache-2.0
    "github.com/beevik/ntp":
        who: Some One
        why: Was not detected correctly
        licenses:
        - BSD-2-Clause
allowed_licenses:
    MIT:
        who: Some One
        why: Compatible License
    Apache-2.0:
        who: Some One
        why: Compatible License
    BSD-3-Clause:
        who: Some One
        why: Compatible License
    BSD-2-Clause:
        who: Some One
        why: Compatible License
    MPL-2.0:
        who: Some One
        why: Compatible License
    ISC:
        who: Some One
        why: Compatible License
allowed_modules:
    "github.com/grafana/mimir":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/loki":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/metrictank":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/grafana/globalconf":
        who: Some One
        why: Owned by Grafana Labs
    "github.com/raintank/dur":
        who: Some One
        why: Owned by Grafana Labs

Documentation ¶

Overview ¶

Command godepreport generates a CSV of direct and transient Go module dependencies that are used for a compilation.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
internal
licenses Package licenses detects licenses and determines whether they are redistributable.	Package licenses detects licenses and determines whether they are redistributable.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL