Improve the license message for NuGet PECOFF matches

jkruger · January 4, 2021, 3:13pm

Currently, NuGet PECOFF (Enhancements to Nuget (.NET) Scanning in Nexus Lifecycle) matches will report “Not Provided”, because

“…pecoff does not provide license information”.

However, Understanding License Type states “Not Provided” corresponds to:

“Will appear when the license is actually null, this is unique to claimed components; in addition this may also apply as new components are being processed by Sonatype.”

A better option would be to provide a clearer license status for NuGet PECOFF matches.

jwilcox · January 4, 2021, 6:01pm

Hi John,
Thank you for the suggestion. I am not sure if there is a better option for PeCoff. PeCoff doesn’t have any license data. It is null. Looking at all the license descriptions nothing else seems to fit besides “Not Provided”. Do you see one that is a better fit? Again thank you for the suggestion.

ctolo · January 8, 2021, 12:18am

The customer who was requesting this mentioned that the PECOFF dll should inherit the license from the component that it is built into. Similar to a js file in an npm component.