License Audit output formats
Basic output
Full License Audit results are available in the file report.json located in the results-dir folder.
Command-line output summary
An example of the License Audit command-line summary output:
UI-compatible output
In addition to programmatic output, you can generate a human-readable report in the HTML format by using the --save-report argument. See Open an HTML Report for details.
License Audit extends the Qodana UI features to make license analysis more helpful and convenient.
A sunburst diagram offers a quick overview of the problems detected.
From the diagram, you can navigate to a complete list of detected problems.
The Project audit window provides a view of the project license, dependency licenses, and the current allowed/prohibited licenses configuration.
All detected problems are tagged with license SPDX identifiers, so you can aggregate all issues related to a certain third-party license.
Analyze detected problems
To make an informed decision, view all details about the reported problem in one place. Each problem contains the following information:
Dependency name.
License SPDX identifier.
Type of problem.
Advice for each type of problem.
Follow up on detection results
Find below a recommended course of action for each inspection type.
No dependency licenses
Try to find the dependency license, get legal advice, and
Manually assign an SPDX license ID to this dependency in the configuration, for example:
Ignore: hide this warning by ignoring the dependency licenses in the configuration
Take action: remove the dependency
Disable the check: do it in the Checks window
Report: License Audit has not found an existing dependency license
Unrecognized dependency license
Try to find the dependency license, get legal advice, and
Manually assign an SPDX license ID to this dependency in the configuration, for example:
Ignore: hide this warning by ignoring the dependency licenses in the configuration, for example:
Take action: remove the dependency
Disable the check: do it in the Checks window
Report: License Audit has not recognized a valid dependency license
Uncategorized dependency license
Check the dependency license, get legal advice, and
Manually add the SPDX license ID to the allowed list, for example:
Ignore: hide this warning by ignoring the dependency licenses in the configuration, for example:
Take action: remove the dependency
Disable the check: do it in the Checks window
Report: License Audit should list the reported dependency license as compatible with the given project license (reasons why)
Unrecognized project license
Do any of the following:
Specify in your project files explicitly which licenses you want to use – add a LICENSE file.
Disable the check: do it in the Checks window
Report: License Audit has not recognized an existing and valid project license
No project licenses
Specify in your project files explicitly which licenses you want to use – add a LICENSE file.
Disable the check: do it in the Checks window
Report: License Audit has not recognized an existing and valid project license
Prohibited dependency license
Check the dependency license, get legal advice, and
Manually add the license to the allowed list, for example:
Ignore: hide this warning by ignoring the dependency licenses in the configuration, for example:
Take action: remove the dependency
Disable the check: do it in the Checks window
Report: License Audit is mistaken that the reported dependency license is not compatible with the given project license
Save and share the results
In your report, open the Project audit window and go to the Third-party licenses tab.
Click the downward arrow to the right of the search field and select the necessary output format:
HTML
CSV
JSON
Learn more
How to open a generated report in your browser: Open an HTML Report
Basic structure and configuration of Qodana HTML reports: UI Overview
More information on command-line arguments for License Audit: Docker Image Paths and Configuration Options