Since last week VersionEye is offering a component whitelist for software dependencies. The component whitelist is an extension for the license whitelist. Dependencies which usually would violate a license whitelist can be whitelisted through a component whitelist.
After using the component whitelist for a couple days the question was coming up wich dependencies are whitelisted through the license whitelist and which through the component whitelist. In the current version the dependencies who are whitelisted through the component whitelist are marked with a thumbs up icon. Like in this example.
In the screenshot above the 2 dependencies “junit” and “mail” usually would be marked red, because their licences is not on the selected license whitelist. But they are “green” anyway because they are on the component whitelist.
Contact me if you have more suggestions for improvements, either here in the comments or on Twitter.
Open Source License Compliance & Security 