LicenseScout is configured as a Maven plugin. Below you can see a typical configuration.
<plugin>
<groupId>org.aposin.licensescout</groupId>
<artifactId>licensescout-maven-plugin</artifactId>
<version>1.4.0-SNAPSHOT</version>
<executions>
<execution>
<id>find-licenses</id>
<phase>verify</phase>
<goals>
<goal>scanJava</goal>
</goals>
<configuration>
<scanDirectory>${project.build.directory}/products/my.product/win32/win32/x86/plugins/</scanDirectory>
<outputDirectory>${licensescout.outputDirectory}</outputDirectory>
<outputs>
<output>
<type>HTML</type>
<filename>${licensescout.outputFilename.html}</filename>
</output>
<output>
<type>CSV</type>
<filename>${licensescout.outputFilename.csv}</filename>
</output>
<output>
<type>TXT</type>
<filename>${licensescout.outputFilename.txt}</filename>
</output>
</outputs>
<licensesFilename>${licensescout-configuration.dir}/licenses.xml</licensesFilename>
<providersFilename>${licensescout-configuration.dir}/providers.xml</providersFilename>
<noticesFilename>${licensescout-configuration.dir}/notices.xml</noticesFilename>
<checkedArchivesFilename>${licensescout-configuration.dir}/checkedarchives.csv</checkedArchivesFilename>
<licenseUrlMappingsFilename>${licensescout-configuration.dir}/urlmappings.csv</licenseUrlMappingsFilename>
<licenseNameMappingsFilename>${licensescout-configuration.dir}/namemappings.csv</licenseNameMappingsFilename>
<globalFiltersFilename>${licensescout-configuration.dir}/globalfilters.csv</globalFiltersFilename>
<filteredVendorNamesFilename>${licensescout-configuration.dir}/filteredvendornames.csv</filteredVendorNamesFilename>
</configuration>
</execution>
</executions>
</plugin>This section describes the configuration for the LicenseScout maven plugin that is done in the POM file where you want to execute the LicenseScout. For information on the format of configuration files see the next section.
In one execution, LicenseScout can either scan for Java artifacts or for Javascript/NPM artifacts.
-
For Java executions, the Maven goal
scanJavais used. -
For Javascript/NPM executions the Maven goal
scanNpmis used.
The location to be scanned can either be:
-
a base directory where archives are searched for (recursively and also inside JARs). This is configured by the parameter
scanDirectory. -
a list of Maven artifacts. The configured artifacts and their (transitive) dependencies are scanned. This is configured by the parameter
scanArtifacts. The parameterscanArtifactScopeoptionally allows to specify the scope for dependency resolution.
Output can be configured with the output directory (parameter outputDirectory) and output types.
The actual output files to generate are configured by the output types. the available output types are 'HTML', 'CSV' and 'TXT'. One or multiple output types can be configured. If no output type is configured, no output files will be written.
File names of the output files are the result of appending the filename given by parameters filename in the output section to the output directory.
filename is optional.
An additional parameter url can be used to specify the URL associated with the output that will be written to the database, if enabled.
<properties>
<licensescout.outputDirectory>...<licensescout.outputDirectory>
<licensescout.outputFilename.html> TODO
</properties>
...
<configuration>
...
<outputDirectory>${licensescout.outputDirectory}</outputDirectory>
<outputs>
<output>
<type>HTML</type>
<filename>${licensescout.outputFilename.html}</filename>
</output>
<output>
<type>CSV</type>
<filename>${licensescout.outputFilename.csv}</filename>
</output>
<output>
<type>TXT</type>
<filename>${licensescout.outputFilename.txt}</filename>
</output>
</outputs>
...
</configuration>If outputDirectory is not configured the value defaults to ${project.basedir}/target/licensescout.
If no output is configured no output files will be written.
If output.filename is not configured it defaults to licensereport.csv|txt|html.
There are additional optional parameters in the Output structure related to custom templates.
Custom templates are described in Report templates.
Vendor names that should be used to filter out archives from the result list can be configured either directly with the parameter filteredVendorNamesFilename or with a configuration file (see below).
<configuration>
...
<filteredVendorNames>
<filteredVendorName>My company</filteredVendorName>
<filteredVendorName>Another Company</filteredVendorName>
</filteredVendorNames>
...
</configuration>If no vendor names are configured, no filtering by vendor name takes place.
Directory names that should be ignored in scanning for NPM modules can be configured using the parameter npmExcludedDirectoryNames / npmExcludedDirectoryName.
<configuration>
...
<npmExcludedDirectoryNames>
<npmExcludedDirectoryName>.bin</npmExcludedDirectoryName>
<npmExcludedDirectoryName>@angular</npmExcludedDirectoryName>
<npmExcludedDirectoryName>@ngtools</npmExcludedDirectoryName>
<npmExcludedDirectoryName>@types</npmExcludedDirectoryName>
</npmExcludedDirectoryNames>
...
</configuration>If no excludes are given, no directories are excluded.
LicenseScout accesses an external Maven repository to download parent POM files if it is necessary to find out license information. The base URL used for this can be configured.
In an enterprise environment, this can be used to point to an artifact server like Nexus that mirrors the Maven central repository.
<configuration>
...
<nexusCentralBaseUrl>http://nexus.company.com:8081/nexus/content/repositories/central/</nexusCentralBaseUrl>
...
</configuration>|
Note
|
If no Maven central URL is given, the default is to access Maven Central directly (value https://repo.maven.apache.org/maven2/).
|
The resulting output list of archives can be filtered to remove archives with certain legal state or certain licenses. A list of
legal states to filter out can be given with cleanOutputLegalStates / cleanOutputLegalState. Any archive that has one of the states given will be filtered out from the result list. Also, a list of license identifiers can be given with cleanOutputLicenseSpdxIdentifiers / cleanOutputLicenseSpdxIdentifier. These values are matched against the SPDX identifiers given as spdxIdentifier in the license XML file (see below). Any archive that contains one of the licenses given will be filtered out.
The filtering can be activated and deactivated with a switch (cleanOutputActive) with values true or false.
<configuration>
...
<cleanOutputActive>true</cleanOutputActive>
<cleanOutputLegalStates>
<cleanOutputLegalState>NOT_ACCEPTED</cleanOutputLegalState>
<cleanOutputLegalState>CONFLICTING</cleanOutputLegalState>
</cleanOutputLegalStates>
<cleanOutputLicenseSpdxIdentifiers>
<cleanOutputLicenseSpdxIdentifier>WTFPL</cleanOutputLicenseSpdxIdentifier>
</cleanOutputLicenseSpdxIdentifiers>
...
</configuration>If cleanOutputActive is not configured or if no states or licenses to filter out are configured, no filtering takes place.
The resulting output files (HTML, CSV and TXT) can be configured to contain or not contain specific Information.
The documentation URL from the checked licenses list can be used in the output report. This can be activated with a switch (showDocumentationUrlColumn) with values true or false.
<configuration>
...
<showDocumentationUrlColumn>true</showDocumentationUrlColumn>
...
</configuration>If showDocumentationUrlColumn is not configured the documentation URL is not included into the output.
The provider of an archive from the checked licenses list can be used in the HTML output report. This can be activated with a switch (showProviderColumn) with values true or false.
<configuration>
...
<showProviderColumn>true</showProviderColumn>
...
</configuration>If showProviderColumn is not configured the provider column is not shown in the HTML output.
A list of files that has been checked for license detection strings can be used in the HTML output report. This can be activated with a switch (showLicenseCandidateFilesColumn) with values true or false.
<configuration>
...
<showLicenseCandidateFilesColumn>true</showLicenseCandidateFilesColumn>
...
</configuration>If showLicenseCandidateFilesColumn is not configured the candidate license files list column is not shown in the HTML output.
The The execution of the LicenseScout can be disabled completely by configuring the parameter skip to true.
In this case, no reading of configuration files or other processing takes place.
<configuration>
...
<skip>true</skip>
...
</configuration>If skip is not configured the execution takes place in the normal way.
LicenseScout can use a database to write core information of the report to.
With the parameter writeResultsToDatabase writing to the database can be enabled or disabled.
The parameter writeResultsToDatabaseForSnapshotBuilds determines if records should be written to the database also for snapshot versions. If the value is not true, version numbers (taken from the parameter buildVersion) that contain -SNAPSHOT are not processed further.
The record resultDatabaseConfiguration with the parameters jdbcUrl and serverId
is used to configure the target database.
The specified serverId is resolved against a server definition in settings.xml, where username and password can be specified (see example below).
If writing to the result database is enabled, further parameters are used to obtain information to write to the database. There are parameters for the build name, the build version, the build URL and (inside output) for the URLs of the output files.
<properties>
<licensescout.writeResultsToDatabase>true</licensescout.writeResultsToDatabase>
<licensescout.database.url>...</licensescout.database.url>
<licensescout.buildName>${project.artifactId}</licensescout.buildName>
<licensescout.buildVersion>${project.version}</licensescout.buildVersion>
<licensescout.buildUrl>...</licensescout.buildUrl>
</properties>
...
<configuration>
...
<writeResultsToDatabase>${licensescout.writeResultsToDatabase}</writeResultsToDatabase>
<writeResultsToDatabaseForSnapshotBuilds>false</writeResultsToDatabaseForSnapshotBuilds>
<resultDatabaseConfiguration>
<jdbcUrl>${licensescout.database.url}</jdbcUrl>
<serverId>dbserverid</serverId> (1)
</resultDatabaseConfiguration>
<buildName>${licensescout.buildName}</buildName>
<buildVersion>${licensescout.buildVersion}</buildVersion>
<buildUrl>${licensescout.buildUrl}</buildUrl>
...
</configuration>-
the server ID for the database server, has to match the
idof a server definition in thesettings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings>
<servers>
<server>
<id>dbserverid</id> (1)
<username>...</username> (2)
<password>...</password> (3)
</server>
</servers>
...
</settings>-
server ID for the database server, has to match the value given as
serverIdin the POM -
username for the database
-
password for the database
It is recommended to use encryption for the values for username and password in the settings.xml.
LicenseScout can use eight configuration files for
-
licenses
-
providers
-
notices
-
manually checked archives
-
mappings names to licenses
-
mappings of URLs to licenses
-
global filters on archives
-
vendor names to filter out (vendor names can be configured both via XML or via configuration file)
The following sections describe the file Format and the effect of the configurations. The filenames of the files are configured using the following Maven parameters:
-
licensesFilename -
providersFilename -
noticesFilename -
checkedArchivesFilename -
licenseUrlMappingsFilename -
licenseNameMappingsFilename -
globalFiltersFilename -
filteredVendorNamesFilename(for an example see above)
Known licenses, their URLs and associated detection strings are configured using an XML file. The filename is configured using the Maven Parameter licensesFilename.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<licenses>
<license id='AFL-1.1'>
<spdxIdentifier>AFL-1.1</spdxIdentifier>
<name>Academic Free License</name>
<legalStatus>ACCEPTED</legalStatus>
<author>Lawrence E. Rosen</author>
<version>1.1</version>
<publicUrl>https://spdx.org/licenses/AFL-1.1.html</publicUrl>
</license>
<license id='AFL-1.2'>
<spdxIdentifier>AFL-1.2</spdxIdentifier>
<name>Academic Free License</name>
<legalStatus>ACCEPTED</legalStatus>
<author>Lawrence E. Rosen</author>
<version>1.2</version>
<publicUrl>https://spdx.org/licenses/AFL-1.2.html</publicUrl>
</license>
<license id='AFL-2.0'>
<spdxIdentifier>AFL-2.0</spdxIdentifier>
<name>Academic Free License</name>
<legalStatus>ACCEPTED</legalStatus>
<author>Lawrence E. Rosen</author>
<version>2.0</version>
<publicUrl>https://spdx.org/licenses/AFL-2.0.html</publicUrl>
</license>
<license id='AFL-2.1'>
<spdxIdentifier>AFL-2.1</spdxIdentifier>
<name>Academic Free License</name>
<legalStatus>ACCEPTED</legalStatus>
<author>Lawrence E. Rosen</author>
<version>2.1</version>
<publicUrl>https://spdx.org/licenses/AFL-2.1.html</publicUrl>
</license>
<license id='AFL-3.0'>
<spdxIdentifier>AFL-3.0</spdxIdentifier>
<name>Academic Free License</name>
<legalStatus>ACCEPTED</legalStatus>
<author>Lawrence E. Rosen</author>
<version>3.0</version>
<publicUrl>https://spdx.org/licenses/AFL-3.0.html</publicUrl>
<notice>AFL-Notice-3.0</notice>
</license>
<licenseSet>
<license idref='AFL-1.1' />
<license idref='AFL-1.2' />
<license idref='AFL-2.0' />
<license idref='AFL-2.1' />
<license idref='AFL-3.0' />
<detectionString>ACADEMIC FREE LICENSE</detectionString>
</licenseSet>
...
</licenses>Each license should be given as a license element. Also different versions of a license should be given as separate license elements.
The id attribute of license is mandatory, it is used to refer to the license in licenseSet`s. Usually, the value of the `id attribute should be identical to the SPDX identifier of the license. However, the id attributes are only used for referencing in the XML file internally. So an id attribute can be used even if the license has no SPDX identifier.
-
The
spdxIdentifierelement is optional. However, it is recommended to assign a value even if the license has no actual SPDX identifier. The reason for this is that in CSV output the licenses are given by their SPDX identifier. If a license has no identifier a blank field will appear. The values are -
The value of the
nameelement is only used for displaying the license, not for automatic detection (for detectionlicenseSet/detectionStringis used). -
The value of
nameshould not be empty, as it is used to sort licenses in the output reports. -
The
legalStatusreflects if a license is acceptable for the given project. The value can beACCEPTED,NOT_ACCEPTEDorUNKNOWN(see enumerationorg.aposin.licensescout.license.LegalStatus). The value is mandatory. -
The
authorelement gives the name of the person or organisation that published the license. The value may be empty. -
The
versionelement gives the version of the license. The value may be empty. As the value ofversionis appended to the name in the report output, usually the name should not contain a version number. The version number is also used in automatic detection to distinguish different versions of a license. -
The
publicUrlshould be an URL that leads to a readable license text, as this URL is used in the HTML output for links underlying the license. On the other hand,secondaryUrlvalues are not required to be actually accessible. They are only used to associate licenses with that URL. -
A
noticeelement contains an ID of a notice from the notices XML file. This is optional.
|
Tip
|
For automatic detection, different versions of the same licenses can be grouped to license sets. A license set has one or more associated detection strings. If a detection string of a license set is found in a text file that may be a potential license file, the mechanism tries to detect a version number from the file. If a version number is found and matches the version string of one of the licenses of the set, the file is recognized as that dedicated version of the license. Otherwise the first license of the set is recognized. Note that for special detection behaviour a license can be member of multiple license sets with different detection strings (though this case is not very common). Detection strings are matched case-insensitive against potential license text. |
Providers with their name and URL are configured using an XML file. The filename is configured using the Maven Parameter providersFilename.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<providers>
<provider id='EclipseFoundation'>
<name>Eclipse Foundation</name>
<url>https://www.eclipse.org/</url>
</provider>
</providers>Notices are pieces that a license requires to be published with a software that uses a third-party software under this license.
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<notices>
<notice id='EPL-1.0'>
<text>Notice for EPL 1</text>
</notice>
<notice id='EPL-2.0'>
<text>Notice for EPL 2</text>
</notice>
<notice id='MIT-1'>
<text>Notice for MIT 1</text>
</notice>
...
</notices>Each notice should be given as a notice element. Also different versions of a license should be given as separate notice element.
The id attribute of notice is mandatory, it is used to refer to the notice from licenses (in the licenses XML file) and checked archives (in the checked archives CSV file).
Here, archives that have no license detected automatically can be assigned a licenses that has been checked manually.
It also can be used to decide between multiple detected licenses.
An archive can be identified by either:
-
an archive name (exact match) and a version number
-
an archive name (exact match) and a hash code
-
a regular expression that is matched against the archive name
-
a regular expression that is matched against the path of the archive
From the file, lines are split by the character ','.
First colum (type) - can be:
-
JAVAfor Java Jar archives (packed or unpacked) -
JAVASCRIPTfor JS/NPM packages
The second column is the name. The name is used as:
-
a regular expression on the archive’s path if it starts with
==(which are not part of the regular expression) -
a regular expression on the Archive Name if it starts with
=(which are not part of the regular expression) -
an archive name that is matched exactly otherwise
The third column is either a version number or a hash code. If the length of the field is exactly 64 characters, it is parsed as an SHA-256 hash value. Otherwise, it is taken as a version number.
The fourth column is string that is used as documentation URL in the output reports (if the Output configuration enables outputting this Information, see showDocumentationUrl Maven parameter). The value may be empty.
The fifth column is an identifier of a provider. This is optional. The value may be empty.
The sixth column is an identifier of a notive. This is optional. The value may be empty.
The seventh and any further column are license identifiers.
An archive can have one multiple or no license assigned. If no license is assigned, it will get the status MANUALLY_NOT_DETECTED.
A single license identifier "-" is interpreted as "no modify" (the detected licenses are taken over unmodified).
This can be used if only provider, notice or documentation URL should be configured.
Empty lines and lines starting with '#' are ignored.
JAVA, bcprov-ext-jdk15on-155.jar, 2FBFC48DA088C1223ADB84A928ABEA4083C2702F4C06CC9692736627DD50C59B,http://dummy,,, MIT
JAVA, xpp3_min.jar, 8D60778CD5018E7A130B3FB6C96A57DD9E1877B9EFBF76B4B63A8DD395128EAE,http://path/to/xpp3-license-documentation,, ExtremeLab-1.1.1, Apache-1.1,EclipseFoundation,EPL-Notice-1, PublicDomain
JAVA, jersey-core.jar, 2.27,http://path/to/jersey-license-documentation,, , ,EclipseFoundation,EPL-Notice-1, -
JAVASCRIPT, indexof, 0.0.1,,,, MITEmpty lines and lines starting with '#' are ignored.
|
Warning
|
Note that ',' is not an allowed character in regular expressions, since it is used as a separation character for the CSV parsing, and it cannot be quoted at the moment. |
In some places licenses are usually given by URL, not by license name (this can be the case in MANIFEST.MF, pom.xml and package.json files). The URL mapping maps these URLs (and, actually, other fancy names used) to internal license names (SPDX identifiers).
https://javaee.github.io/javamail/LICENSE, CDDL-1.1
http://www.h2database.com/html/license.html, MPL-2.0, EPL-1.0
https://glassfish.java.net/public/CDDL+GPL_1_1.html, CDDL-1.1, GPL-2.0
http://repository.jboss.org/licenses/cddl.txt, CDDL-1.0
http://repository.jboss.org/licenses/gpl-2.0-ce.txt, GPL-2.0
http://www.antlr.org/license.html, BSD-3-Clause
http://antlr.org/license.html, BSD-3-Clause
http://treelayout.googlecode.com/files/LICENSE.TXT, BSD-3-Clause
http://xstream.codehaus.com/license.html, BSD-3-ClauseEmpty lines and lines starting with '#' are ignored.
|
Note
|
From the file, lines are split by the character ','. The first column is the URL that should be mapped. The second and any further columns are license identifiers. Note that this way, an URL can be mapped to multiple licenses. |
In some places licenses are given by their name. This includes pom.xml files, NPM package.json files, and in some cases MANIFEST.MF files. The name mapping maps these names to internal license names (SPDX identifiers).
(MIT AND CC-BY-3.0), MIT, CC-BY-3.0
(MIT OR Apache-2.0), MIT, Apache-2.0
(WTFPL OR MIT), WTFPL, MIT
(BSD-2-Clause OR MIT OR Apache-2.0), BSD-2-Clause, MIT, Apache-2.0
(MIT AND Zlib), MIT, Zlib
AFLv2.1, AFL-2.1
Apache 2, Apache-2.0
Apache 2.0, Apache-2.0Empty lines and lines starting with '#' are ignored.
From the file, lines are split by the character ','. The first column is the name that should be mapped. The second and any further columns are license identifiers. Note that this way, a name can be mapped to multiple licenses.
Archives matching a global filter are removed from the output list completely.
This Feature can be used to filter out inner JARs that have no license information.
==/org\.eclipse\.[_\-a-z0-9\.]+jar!/ant_tasks/[_\-a-zA-Z0-9\.]+\.jarEach line from the file is taken as one expression. It can be:
-
a regular expression on the archive’s path if it starts with '==' (which are not part of the regular expression)
-
a regular axpression on the archive name if it starts with '=' (which are not part of the regular expression) Empty lines and lines starting with '#' are ignored.
|
Note
|
unlike the checked archives file, here ',' is an allowed character in regular expressions, since here not splitting by that character is done. |
If vendor names are given, archives are checked if their vendor name (retrieved from MANIFEST.MF Bundle-Vendor, POM file or NPM package.json Vendor) matches exactly. If yes, the archive is removed from the result list.
If a configuration file is used for vendor names, each line in the file is one vendor name. No split operations are done on the line. So a vendorname.csv can look like this:
Company Another company My fancy open source project
Empty lines and lines starting with # are ignored.
For the TXT and HTML license reports the Velocity template engine is used. Default report templates are included in the LicenseScout. If a different appearance is desired, custom templates can be created and configured.
Inside an output, the following opional parameters can be configured:
-
template: path to a template file -
templateEncoding: encoding of the template file. If not configured defaults toproject.build.sourceEncoding. If this is not configured, too, it defaults to the platform specific default encoding.
<configuration>
...
<outputs>
<output>
<type>HTML</type>
<template>src/licensescout/templates/template_html.vm</template>
<templateEncoding>UTF-8</templateEncoing>
</output>
<output>
<type>TXT</type>
<template>src/licensescout/templates/template_txt.vm</template>
<templateEncoding>ISO8859-1</templateEncoing>
</output>
</outputs>
...
</configuration>The tables below list the variables in the Velocity context that can be used in templates.
| Name | Type |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Name | Type |
|---|---|
|
|
|
|
|
|
|
|
See also Output types and files.
The recommended way of maintaining the configuration files of LicenseScout is to bundle them in a Maven artifact. This approach is described here.
For use as a sample (both Java and Javascript), a separate Maven project is used that contains only the configuration files. They are packaged as a ZIP file GAV Parameters:
-
groupId:
org.aposin.licensescout -
artifactId:
org.aposin.licensescout.configuration.sample -
classifier:
configuration -
type:
zip
It contains the following files:
-
checkedarchives.csv -
filteredvendornames.csv -
globalfilters.csv -
licenses.xml -
namemappings.csv -
notices.xml -
providers.xml -
urlmappings.csv
It is created and uploaded using mvn install or mvn deploy.
The recommended way of using the configuration bundle is to simply reference it by its Maven coordinates in a configBundle element.
LicenseScout can then reference the configuration files in the local file system like this:
<properties>
<org.aposin.licensescout.version>1.4.0</org.aposin.licensescout.version>
<org.aposin.licensescout.configuration.version>1.4.0</org.aposin.licensescout.configuration.version>
</properties>
<plugin>
<groupId>org.aposin.licensescout</groupId>
<artifactId>licensescout-maven-plugin</artifactId>
<version>${org.aposin.licensescout.version}</version>
<configuration>
...
<configurationBundle>
<groupId>org.aposin.licensescout</groupId>
<artifactId>org.aposin.licensescout.configuration.sample</artifactId>
<version>${org.aposin.licensescout.configuration.version}</version>
<classifier>configuration</classifier>
<type>zip</type>
</configurationBundle>
...
</configuration>
</plugin>Alternatively, it can be downloaded and unpacked to a local directory using the maven-dependency-plugin.
A typical configuration for downloading looks like this:
<properties>
<org.aposin.licensescout.version>1.4.0</org.aposin.licensescout.version>
<org.aposin.licensescout.configuration.version>1.4.0</org.aposin.licensescout.configuration.version>
<licensescout-configuration.dir>${project.build.directory}/licensescout-configuration</licensescout-configuration.dir>
</properties>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>unpack-licensescout-configuration</id>
<phase>process-resources</phase>
<goals>
<goal>unpack</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.aposin.licensescout</groupId>
<artifactId>org.aposin.licensescout.configuration.sample</artifactId>
<version>${org.aposin.licensescout.configuration.version}</version>
<classifier>configuration</classifier>
<type>zip</type>
<overWrite>true</overWrite>
<outputDirectory>${licensescout-configuration.dir}</outputDirectory>
</artifactItem>
</artifactItems>
<overWriteReleases>false</overWriteReleases>
<overWriteSnapshots>true</overWriteSnapshots>
</configuration>
</execution>
</executions>
</plugin>LicenseScout can then reference the configuration files in the local file system like this:
<plugin>
<groupId>org.aposin.licensescout</groupId>
<artifactId>licensescout-maven-plugin</artifactId>
<version>${org.aposin.licensescout.version}</version>
<configuration>
...
<licensesFilename>${licensescout-configuration.dir}/licenses.xml</licensesFilename>
<checkedArchivesFilename>${licensescout-configuration.dir}/checkedarchives.csv</checkedArchivesFilename>
<licenseUrlMappingsFilename>${licensescout-configuration.dir}/urlmappings.csv</licenseUrlMappingsFilename>
<licenseNameMappingsFilename>${licensescout-configuration.dir}/namemappings.csv</licenseNameMappingsFilename>
<noticesFilename>${licensescout-configuration.dir}/notices.xml</noticesFilename>
<providersFilename>${licensescout-configuration.dir}/providers.xml</providersFilename>
<globalFiltersFilename>${licensescout-configuration.dir}/globalfilters.csv</globalFiltersFilename>
<filteredVendorNamesFilename>${licensescout-configuration.dir}/filteredvendornames.csv</filteredVendorNamesFilename>
...
</configuration>
</plugin>