License informations from dotNet Assemblies
63 views
Skip to first unread message
Carlo Reggiani
Apr 12, 2018, 6:21:21 AM4/12/18
to Dependency Check
Hi
We are using depcheck with jar/war/ear/js obtaing security and license information for our internal DevOps processes: all works fine!
Now we are starting to use devcheck also on dotNet project, but no license information from the assembly in the reports.
The only info extracted by depcheck regarding the license il the VENDOR.
Looking inside the .dll files, in the .rsrc folder I found version.txt file with more tags:
(from IBatisNet.Common.dll)
Could be a new feature to add LegalCopyright and LegalTrademarks info in the devcheck reports?
Thanks
Carlo
We are using depcheck with jar/war/ear/js obtaing security and license information for our internal DevOps processes: all works fine!
Now we are starting to use devcheck also on dotNet project, but no license information from the assembly in the reports.
The only info extracted by depcheck regarding the license il the VENDOR.
Looking inside the .dll files, in the .rsrc folder I found version.txt file with more tags:
(from IBatisNet.Common.dll)
FILEVERSION 1,6,2,0
PRODUCTVERSION 1,6,2,0
FILEFLAGSMASK 0x3F
FILEFLAGS 0x0
FILEOS VOS_UNKNOWN | VOS__WINDOWS32
FILETYPE VFT_DLL
FILESUBTYPE 0x0
{
BLOCK "VarFileInfo"
{
VALUE "Translation", 0x0, 1200
}
BLOCK "StringFileInfo"
{
BLOCK "000004b0"
{
VALUE "Comments", "Common object used by DataAccess and DataMapper component in iBATIS.Net"
VALUE "CompanyName", "http://ibatis.apache.org/"
VALUE "FileDescription", "iBATIS.Common"
VALUE "FileVersion", "1.6.2.0"
VALUE "InternalName", "IBatisNet.Common.dll"
VALUE "LegalCopyright", "Copyright 2007,2005 The Apache Software Foundation"
VALUE "LegalTrademarks", "Licensed under the Apache License, Version 2.0"
VALUE "OriginalFilename", "IBatisNet.Common.dll"
VALUE "ProductName", "iBATIS.NET"
VALUE "ProductVersion", "1.6.2.0"
VALUE "Assembly Version", "1.6.2.0"
}
}
}
PRODUCTVERSION 1,6,2,0
FILEFLAGSMASK 0x3F
FILEFLAGS 0x0
FILEOS VOS_UNKNOWN | VOS__WINDOWS32
FILETYPE VFT_DLL
FILESUBTYPE 0x0
{
BLOCK "VarFileInfo"
{
VALUE "Translation", 0x0, 1200
}
BLOCK "StringFileInfo"
{
BLOCK "000004b0"
{
VALUE "Comments", "Common object used by DataAccess and DataMapper component in iBATIS.Net"
VALUE "CompanyName", "http://ibatis.apache.org/"
VALUE "FileDescription", "iBATIS.Common"
VALUE "FileVersion", "1.6.2.0"
VALUE "InternalName", "IBatisNet.Common.dll"
VALUE "LegalCopyright", "Copyright 2007,2005 The Apache Software Foundation"
VALUE "LegalTrademarks", "Licensed under the Apache License, Version 2.0"
VALUE "OriginalFilename", "IBatisNet.Common.dll"
VALUE "ProductName", "iBATIS.NET"
VALUE "ProductVersion", "1.6.2.0"
VALUE "Assembly Version", "1.6.2.0"
}
}
}
Could be a new feature to add LegalCopyright and LegalTrademarks info in the devcheck reports?
Thanks
Carlo
Jeremy Long
May 23, 2018, 7:08:39 AM5/23/18
to Dependency Check
Thanks for pointing this out. Yes, we can likely look for that file if it appears to be a consistent file across multiple DLLs. I just opened a tickdet on the github repo for this: https://github.com/jeremylong/DependencyCheck/issues/1292
--Jeremy
Jeremy Long
May 29, 2018, 6:50:14 AM5/29/18
to Dependency Check
Carlo,
Just out of curiosity - what are you using to look inside the DLLs to the .rsrc folder?
--Jeremy
Reply all
Reply to author
Forward
0 new messages