[didymospl]

Great idea! My company requires external libraries licenses to be revieved every half a year and it usually takes a couple of days to do so. Your project could be a real time-saver. Unfortunately the integration with Maven does not seem to work in most cases, if it did I would already have sent the link to our CTO.

[reiz]

You could use the VersionEye Maven Plugin for that: https://github.com/versioneye/versioneye_maven_plugin. It checks your dependencies against a license whitelist on the VersionEye server and if there is a violation it breaks your build on your CI server. That way you can enforce a license policy continuously. It's much better than just checking licenses once a year ;-)

I'm working on VersionEye since a couple years, it's a similar project and I open sourced it last week: https://blog.versioneye.com/2016/06/28/versioneye-goes-open-.... I'm following Andrews activities since a while and like what he did with libraries.io. Great job! As both projects have a big overlap and are open source now I'm open for collaboration :)

[jacques_chester]

Pivotal Labs have a similar problem -- ensuring that only whitelisted licenses are represented in a codebase -- and developed License Finder for this kind of auditing: https://github.com/pivotal/LicenseFinder

We also use it for Cloud Foundry. It's fairly robust.

I work for Pivotal, but not on LF.