Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: how to exclude maven provided dependencies #947

Open
NielsDoucet opened this issue May 30, 2022 · 4 comments
Open

Question: how to exclude maven provided dependencies #947

NielsDoucet opened this issue May 30, 2022 · 4 comments

Comments

@NielsDoucet
Copy link

Dependencies marked as scope "provided" are supplied by the runtime: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope

In our case this means we're not packaging these dependencies as part of our deliverables, so we don't have any legal obligations to comply with. As such, any licensing policy violations are just noise to us. Is there any way to exclude these from a scan? I envision a mechanism similar to how gradle can be filtered by configurations: https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/gradle/gradle.md#experimental-only-selecting-set-of-configurations-for-analysis

@francescomedina
Copy link

Hi @NielsDoucet I've noticed that you still haven't received any response for your question so far. Did you find a solution for this issue? I'm interested too. Thank you so much

@NielsDoucet
Copy link
Author

I haven't. So far, we've just been excluding specific dependencies from our reports, if there's any policy violations related to them.

@francescomedina
Copy link

I haven't. So far, we've just been excluding specific dependencies from our reports, if there's any policy violations related to them.

Thank you all the same

@francescomedina
Copy link

@elldritch Is there any way to be able to exclude provided dependencies from the fosssa-cli scan? Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants