Evaluate the project package sources (such as NuGet/NPM) and analyse the used licenses

sander · February 28, 2019, 10:56am

A good rule suggestion:

I would like to have insights in the external libraries used and to know if there might be a risk in using these libraries because there are requirements to open source the code using the library (such as GNU GPL with their Copyleft license)
snippet of Noncompliant Code: n/a
snippet of Compilant Code (fixing the above noncompliant code): n/a
external references and/or language specifications: https://opensource.org/licenses/
type : Code Smell
tags: package sources / nuget / npm

Topic		Replies	Views
Evaluate the project package sources (such as NuGet/NPM) and analyse vulnerabilities New rules / language support sonarqube-cloud	0	441	February 28, 2019
How to do license check for C# project SonarQube Server / Community Build	6	45	March 18, 2025
External Package Scanning for open vulnerabilities SonarQube Cloud	2	1705	August 19, 2022
Rule for avoiding pre-release packages in C#? New rules / language support sonarqube , dotnet	5	519	September 3, 2024
Third-party software scanning SonarQube Server / Community Build sonarqube	2	1279	July 13, 2022