Skip to content

fix: Handle incompatible license in dependencies #889

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 12, 2025
Merged

fix: Handle incompatible license in dependencies #889

merged 2 commits into from
Aug 12, 2025

Conversation

rpanackal
Copy link
Member

Context

SAP/cloud-sdk-java-backlog#ISSUENUMBER.

Blackduck scan failed because of dependencies under namespace com.sap.cloud.security had (an unintended) license update.
As per maven central, the licenses changed from The Apache Software License (v3.6.0) -> SAP DEVELOPER LICENSE AGREEMENT (v3.6.1) (check here)

BlackDuck does not recognise the new license and categorizes it as Basic Proprietary Commercial License.

The following 4 dependencies are affected.

  1. com.sap.cloud.security:java-security:3.6.1
  2. com.sap.cloud.security.xsuaa:token-client:3.6.1
  3. com.sap.cloud.security:java-api:3.6.1
  4. com.sap.cloud.security:env:3.6.1

Additionally, v3.6.2 is also affected.

Feature scope:

  • Pin the version to 3.6.0
  • Ignore dependabot action for affected version 3.6.1 and 3.6.2

Definition of Done

  • Functionality scope stated & covered
  • Tests cover the scope above
  • Error handling created / updated & covered by the tests above
  • Documentation updated
  • Release notes updated

@rpanackal rpanackal added the please review Request to review a pull request label Aug 12, 2025
@rpanackal
Merge branch 'main' into fix/blackduck-cloud-security-intergration
f2eaedc 
# Conflicts:
#	dependency-bundles/bom/pom.xml
@MatKuhr MatKuhr enabled auto-merge (squash) August 12, 2025 11:33
@rpanackal rpanackal self-assigned this Aug 12, 2025
@MatKuhr MatKuhr merged commit 40045bf into main Aug 12, 2025
14 checks passed
@MatKuhr MatKuhr deleted the fix/blackduck-cloud-security-intergration branch August 12, 2025 11:48
@CharlesDuboisSAP CharlesDuboisSAP mentioned this pull request Aug 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MatKuhr MatKuhr MatKuhr approved these changes

Assignees

@rpanackal rpanackal

Labels
please review Request to review a pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rpanackal @MatKuhr