Question: how to exclude maven provided dependencies #947
Comments
|
Hi @NielsDoucet I've noticed that you still haven't received any response for your question so far. Did you find a solution for this issue? I'm interested too. Thank you so much |
|
I haven't. So far, we've just been excluding specific dependencies from our reports, if there's any policy violations related to them. |
Thank you all the same |
|
@elldritch Is there any way to be able to exclude provided dependencies from the fosssa-cli scan? Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dependencies marked as scope "provided" are supplied by the runtime: https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope
In our case this means we're not packaging these dependencies as part of our deliverables, so we don't have any legal obligations to comply with. As such, any licensing policy violations are just noise to us. Is there any way to exclude these from a scan? I envision a mechanism similar to how gradle can be filtered by configurations: https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/gradle/gradle.md#experimental-only-selecting-set-of-configurations-for-analysis
The text was updated successfully, but these errors were encountered: