commit | 8911797bff57c61902458102643cc81481cc2b1d | [log] [tgz] |
---|---|---|
author | He Gao <hegao@google.com> | Fri Feb 17 18:30:06 2023 +0000 |
committer | He Gao <hegao@google.com> | Thu Mar 30 17:28:35 2023 +0000 |
tree | 2dddc52bd715b67a4033d3782a088c4477013bc1 | |
parent | 13e82e7cccf57a93ea2e056433c7ac7885476751 [diff] |
hooks/install: Use go-licenses to get go dependencies for SBOM In order to find licenses for each Go dependency, https://github.com/google/go-licenses is used. go-licenses is able to fetch collection of libraries used by the package, directly or transitively. So we only need to find which directory contains a main function (not necessarily main.go) and then run the rool on it to get dependencies and their licenses of all executables. This will give us more dependencies than needed because we sometimes don't compile all the executables. But more is better than less. BUG=b/254334533 TEST=presubmite RELEASE_NOTE=None Change-Id: I84510ef2ff7b2511b33ca2140b953859f1ea89cc Reviewed-on: https://cos-review.googlesource.com/c/third_party/platform/crosutils/+/42887 Tested-by: Cusky Presubmit Bot <presubmit@cos-infra-prod.iam.gserviceaccount.com> Reviewed-on: https://cos-review.googlesource.com/c/third_party/platform/crosutils/+/44367 Reviewed-by: Robert Kolchmeyer <rkolchmeyer@google.com>