Warning messages of the maven plugin are not providing enough details to enable efficient investigation

[rmlekus]

When applying a scan for licenses using the maven LicenseScout plugin by starting of with the sample configuration a typical maven output contains numerous warning and info messages like:

[WARNING] No license text for license ID: 'NLIL'

Comment: NLIL seems to be a place holder license identifier for "no license information found" in licenses.xml#L6235

[WARNING] Cannot find provider with ID: ''

[WARNING] License not found by URL: https://www.eclipse.org/legal/epl-2.0/, http://www.gnu.org/copyleft/gpl.html, http://www.gnu.org/licenses/lgpl.html

[WARNING] Neither license name nor license URL mapping found for name/URL: Eclipse Public License - v 2.0 / https://www.eclipse.org/legal/epl-2.0/

[WARNING] Parameter buildUrl not configured
[WARNING] Parameter licenseReportHtmlUrl not configured
[WARNING] Parameter licenseReportCsvUrl not configured
[WARNING] Parameter licenseReportTxtUrl not configured

[INFO] No license mapping found for URL: http://www.jooq.org/inc/LICENSE.txt

Bug report

Expected Behavior - What where you expecting to happen?

1. Warning and Info Levels should be used consistently (see above example 1-5 vs. 6)
2. Warnings should be classified into
   • Problems in configuration of the project to be scanned by LicenseScout (missing properties, configurations in the pom.xml)
   • Problems or inconsistencies in existing configuration files (e.g. NLIL license text not configured)
   • Missing entries into specific license configuration files, e.g. name or URL mappgins
     (including the file name + maven coordinates configured for the specific license scan
3. Warnings should always refer to the location in the analysed project (dependencies)

Current Behavior - What happens?

Warnings are generated, but in order to identify the next steps to clarify the problems the source code of the plugin or even java debugging of the maven build process is required to identify the affected project and license scout artifacts.

Possible Solution

• Check for Log Level to be used: Info/Warning/Error
• Check for common Warning format: e.g.
  : ; Configuration File

[d-gs]

Thanks for the report @rmlekus - as this is just an issue with the logging and not with the core functionality of the plug-in, I'd flag the issue as a feature request. Anyway, it is a good point and we will work on standardize the logging that LiceseScout outputs. Of course, PR are welcome for this issue if you have a solution in place!

[pfistererm]

What we really need is a use case based documentation, to explain (not only) the mysteries of URL mapping. First point is of course that for a specific project a specific configuratin is required that needs to be maintained by that project. However, for instance 'https://www.eclipse.org/legal/epl-2.0/' can be safely mapped to a license identifier, while 'http://www.gnu.org/licenses/lgpl.html' can not, because the link does not include a version number and there are multiple versions of the LGPL.
Mapping 'http://www.jooq.org/inc/LICENSE.txt' to a dedicated license is risky, because the project may change its licence by changing the contents of the file the link points to, and then the mapping becomes wrong.
These are the issues that should be explained in such an extended documentation.

[pfistererm]

Another note: to research why licenses are not detected, it is also possible to run the LicenseScout with logging set to level DEBUG. This will give extensive information on what is going on during the license scan. You will get output like this:

[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/org/apache/velocity/shaded/commons/io/IOCase.class
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/LICENSE.txt
[DEBUG] Checking file for licenses: META-INF/LICENSE.txt
[DEBUG] Result licenses: [Apache License]
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/NOTICE.txt
[DEBUG] Checking file for licenses: META-INF/NOTICE.txt
[DEBUG] Result licenses: []
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/pom.xml
[DEBUG] Checking POM file: /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/pom.xml
[DEBUG] Checking POM file: /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/pom.xml
[DEBUG] Checking POM file: /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/pom.xml
[DEBUG] License name: Apache License, Version 2.0
[DEBUG] License URL: http://www.apache.org/licenses/LICENSE-2.0.txt
[DEBUG] parsePackedJarArchive(): processing /velocity-engine-core-2.0.jar!/META-INF/maven/commons-io/commons-io/pom.properties