license_finder 6.1.0 → 6.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4322a68abdac0f37598d3a7e9329592a6aadc106d26dddab5228df56947161b4
-  data.tar.gz: 9cdde6b3fe4f113c7877a0bbb56ff74127155a4e00c1919dc2f40ea717fa2dc0
+  metadata.gz: 6cb023a2297b083354287a99cd5fb5cb5640fb6fe8e4c449f9407f9198f14dfe
+  data.tar.gz: 7af5d367b73cb9447a78d83e49db2ca810a2d7a6315b313941acb99251bc11ed
 SHA512:
-  metadata.gz: '09ed394388a18eeb7e60d6f8d685c77a00b3769a933b48f4a75a8bbdd224b9534696de6c8bec9db9bd7c8a8f3ac0176805123c2c36f445ca8cdb0cf3ae473144'
-  data.tar.gz: b8acbb67e9cb67facb22ba808e592fb8b14384aac588040fbe00524ad25d86cd958fbc001c8b8b069dc40de014ac9455017c302f04faf022f92d4f16eca78739
+  metadata.gz: c6530566a1e99b1a8b5bdf36d7b9486c2cb95c112e856e7d69525ce139d0d14a1eab1d2ea538009338ce94a822cbe5faf99ae1d4ff5674f417abd25ba0845497
+  data.tar.gz: b6fdc169ec59d8b84ae96a8ab5bbb25a7ce8ee2cc7de6d96acfc63347d00bfc5009a24cf743d39add5de78e21b3c56c52856baa76d05ba6a81996c974ad8074d

data/.rubocop.yml

@@ -48,6 +48,12 @@ Style/MissingRespondToMissing:
   Enabled: false
 Style/FormatStringToken:
   EnforcedStyle: unannotated
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true
 Layout/MultilineMethodCallIndentation:
     Enabled: false
 DoubleNegation:

data/CHANGELOG.md

@@ -1,3 +1,62 @@
+# [6.5.0] / 2020-06-01
+
+### Added
+* Support legacy nuget projects [#172950097] - [0cccbcf9](https://github.com/pivotal/LicenseFinder/commit/0cccbcf9aa92f4297ef0174242bdb19da1babc65) 
+
+### Changed
+* Upgrade to golang 1.14.3. Update dotnet-sdk to 3.1 - [0969e98f](https://github.com/pivotal/LicenseFinder/commit/0969e98fde4a82f8931601baa4dd96dc01300a14) 
+
+# [6.4.0] / 2020-05-22
+
+Big shout out to @forelabs for introducing many new features and improvements for this release. Thanks again!!
+
+### Added
+* Introducing new inherited_decisions command - [3453feb](https://github.com/pivotal/LicenseFinder/commit/3453feb659a6c3c6e5aa444e3755ddd5d32f3664) - Sven Dunemann
+* Decision Applier: Merge manual and system packages - [c690532](https://github.com/pivotal/LicenseFinder/commit/c690532ec8addab16bef4edd390f05ceb353435f) - Sven Dunemann
+* Introduce package_url to packages - [18972f7](https://github.com/pivotal/LicenseFinder/commit/18972f7b3a04340e1b7bb560780130b68696b8a2) - Sven Dunemann
+* Add --write-headers option for csv exports - [18e01f8](https://github.com/pivotal/LicenseFinder/commit/18e01f8728a9dc525d7567292cc1e2f390ec854d) - Sven Dunemann
+* Yarn: Add authors & install_path - [08a0f67](https://github.com/pivotal/LicenseFinder/commit/08a0f67837a218231217767561f2282c1b3a890a) - Sven Dunemann
+* install path for nuget dependencies [#172251374] - [ad73c946](https://github.com/pivotal/LicenseFinder/commit/ad73c946113846f8f548adfc73542aebb3763175) - Jeff Jun
+* new Rubocop cops - [c4cc6b8b](https://github.com/pivotal/LicenseFinder/commit/c4cc6b8b13273db17b65cecaf24c9053e4989ea1) - Jeff Jun
+
+### Fixed
+* Separate lines in license text with LF when exported to JSON - [baddb976](https://github.com/pivotal/LicenseFinder/commit/baddb976e7a8683c5cc320eddc8c2712dfb16c15) - Robert Huitl
+
+### Changed
+* Go15VendorExperiment: Detect go only if vendor includes go files - [0f8e609](https://github.com/pivotal/LicenseFinder/commit/0f8e609f0921937c6187deccd80e4bc4b7d67ee4) - Sven Dunemann
+* Bump PHP version to 7.4 - [cbe45c5](https://github.com/pivotal/LicenseFinder/commit/cbe45c5cdb3ec200ea215086a3b3eb879e83222a) - Yivan
+* Significantly improve the license text matching file to be more dynamic - [acf5705](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e)
+* Update Ruby version to 2.7.1 [#172295831] - [475e2948](https://github.com/pivotal/LicenseFinder/commit/475e2948ec1ad859aee59e77aa9ce2a51e1a5029) 
+
+# [6.3.0] / 2020-05-06
+
+### Added
+* OFL License - [d475bbb1](https://github.com/pivotal/LicenseFinder/commit/d475bbb1380e217f154f262caaa73c12f5b9792b) - Sven Dunemann
+* WTFPL License - [ec629170](https://github.com/pivotal/LicenseFinder/commit/ec6291702c28789a33478041dbf6524d603c12ff) - Sven Dunemann
+
+* Find the install path for sbt, cargo and composer [#171649609] - [0d525cbf](https://github.com/pivotal/LicenseFinder/commit/0d525cbf5208db5a977f2f3d922d07b5ea6a8b16) 
+
+### Changed
+* Bump PHP version to 7.3 - [1c3c3271](https://github.com/pivotal/LicenseFinder/commit/1c3c3271b977a6c8d24e4159a6b8098a51086522) 
+* Remove +compatible in Go package versions [#171754392] - [5cba5801](https://github.com/pivotal/LicenseFinder/commit/5cba5801f4f276482f01bfeea46fde0dbbcce7b1) 
+
+### Fixed
+* Fixed Maven Package manager Groups check - [5058d90](https://github.com/pivotal/LicenseFinder/commit/5058d90246a25ca15c72e0eed8e19ebbf7e39998) - Ravi Soni 
+* GoModules: fix compute with vendor mod - [067eb19](https://github.com/pivotal/LicenseFinder/commit/067eb1916ce024039631bdbd4114ababa6c02c3a) - forelabs
+* Do not set Bundle path. Bundler will figure it out. - [6319a7a](https://github.com/pivotal/LicenseFinder/commit/6319a7a281bd9cc997c08c903674ab51fcc6545e) - mvz
+
+# [6.2.0] / 2020-04-07
+
+### Fixed
+* Break dependency of specs on released license_finder gem - [ef69fa00](https://github.com/pivotal/LicenseFinder/commit/ef69fa00deb7a8f8ebd74312afa9f130be2d9fda) - Matijs van Zuijlen
+* Replace toml parser with tomlrb - [8b9b34b4](https://github.com/pivotal/LicenseFinder/commit/8b9b34b48d5bdadc679c0d072117b092d080fb81) - Matijs van Zuijlen
+
+### Changed
+* Run glide install in folder containing glide.lock - [cec3ff47](https://github.com/pivotal/LicenseFinder/commit/cec3ff4759f1c06df2cd0c39ac8004fcd156a6e6) - Jeff Jun
+* specify path for bundle install [#168042947] - [431355dc](https://github.com/pivotal/LicenseFinder/commit/431355dc1d0172c65444d2f4bcb5b4416fc52af7) 
+
+# [6.1.2] / 2020-03-16
+
 # [6.1.0] / 2020-02-21
 
 ### Fixed
@@ -810,3 +869,8 @@ Bugfixes:
 [5.11.1]: https://github.com/pivotal/LicenseFinder/compare/v5.11.0...v5.11.1
 [6.0.0]: https://github.com/pivotal/LicenseFinder/compare/v5.11.1...v6.0.0
 [6.1.0]: https://github.com/pivotal/LicenseFinder/compare/v6.0.0...v6.1.0
+[6.1.2]: https://github.com/pivotal/LicenseFinder/compare/v6.1.0...v6.1.2
+[6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
+[6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0
+[6.4.0]: https://github.com/pivotal/LicenseFinder/compare/v6.3.0...v6.4.0
+[6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0

data/Dockerfile

@@ -3,11 +3,11 @@ FROM ubuntu:xenial
 # Versioning
 ENV PIP_INSTALL_VERSION 19.0.2
 ENV PIP3_INSTALL_VERSION 8.1.1
-ENV GO_LANG_VERSION 1.13.3
+ENV GO_LANG_VERSION 1.14.3
 ENV MAVEN_VERSION 3.6.0
 ENV SBT_VERSION 1.3.3
 ENV GRADLE_VERSION 5.6.4
-ENV RUBY_VERSION 2.6.5
+ENV RUBY_VERSION 2.7.1
 ENV MIX_VERSION 1.0
 ENV COMPOSER_ALLOW_SUPERUSER 1
 
@@ -38,10 +38,12 @@ RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - && \
 RUN npm install -g bower && \
     echo '{ "allow_root": true }' > /root/.bowerrc
 
-# install jdk 11
+# install jdk 12
 RUN curl -L -o openjdk12.tar.gz https://download.java.net/java/GA/jdk12.0.2/e482c34c86bd4bf8b56c0b35558996b9/10/GPL/openjdk-12.0.2_linux-x64_bin.tar.gz && \
     tar xvf openjdk12.tar.gz && \
-    sudo mv jdk-12.0.2 /opt/
+    rm openjdk12.tar.gz && \
+    sudo mv jdk-12.0.2 /opt/ && \
+    sudo rm /opt/jdk-12.0.2/lib/src.zip
 ENV JAVA_HOME=/opt/jdk-12.0.2
 ENV PATH=$PATH:$JAVA_HOME/bin
 RUN java -version
@@ -51,8 +53,8 @@ RUN apt-get install -y python rebar
 
 # install and update python-pip
 RUN apt-get install -y python-pip python3-pip && \
-    pip2 install --upgrade pip==$PIP_INSTALL_VERSION  && \
-    pip3 install --upgrade pip==$PIP3_INSTALL_VERSION
+    pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION  && \
+    pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
 
 # install maven
 RUN curl -O https://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz && \
@@ -95,7 +97,8 @@ RUN mkdir /gopath && \
   go get github.com/Masterminds/glide && \
   go get github.com/kardianos/govendor && \
   go get github.com/golang/dep/cmd/dep && \
-  go get -u github.com/rancher/trash
+  go get -u github.com/rancher/trash && \
+  go clean -cache
 
 # Fix the locale
 RUN apt-get install -y locales
@@ -123,11 +126,14 @@ RUN bash -lc "gem update --system && gem install bundler"
 
 # install conan
 RUN apt-get install -y python-dev && \
-	pip install --ignore-installed six --ignore-installed colorama --ignore-installed requests --ignore-installed chardet --ignore-installed urllib3 --upgrade setuptools && \
-    pip install -Iv conan==1.11.2
+	pip install --no-cache-dir --ignore-installed six --ignore-installed colorama \
+	    --ignore-installed requests --ignore-installed chardet \
+	    --ignore-installed urllib3 \
+	    --upgrade setuptools && \
+    pip install --no-cache-dir -Iv conan==1.11.2
 
 # install Cargo
-RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
+RUN curl https://sh.rustup.rs -sSf | bash -s -- -y --profile minimal
 
 # install NuGet (w. mono)
 # https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools#macoslinux
@@ -135,19 +141,21 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
   echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
   apt-get update &&\
   apt-get install -y mono-complete &&\
-  curl -o /usr/local/bin/nuget.exe https://dist.nuget.org/win-x86-commandline/latest/nuget.exe &&\
-  echo "alias nuget=\"mono /usr/local/bin/nuget.exe\"" >> ~/.bash_aliases
+  curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
+  curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
 
 # install dotnet core
+WORKDIR /tmp
 RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsoft-prod.deb &&\
   sudo dpkg -i packages-microsoft-prod.deb &&\
+  rm packages-microsoft-prod.deb &&\
   sudo apt-get update &&\
-  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
+  sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
 
 RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
     echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
     apt-get update &&\
-    apt-get install -y php7.1-cli &&\
+    apt-get install -y php7.4-cli &&\
     php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
     php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
     php composer-setup.php &&\
@@ -156,7 +164,7 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5
 
 # install license_finder
 COPY . /LicenseFinder
-RUN bash -lc "cd /LicenseFinder && bundle install -j4 && rake install"
+RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && rake install"
 
 WORKDIR /
 

data/README.md

@@ -7,7 +7,7 @@ Build status
 * Ruby 2.4.9 [![Ruby 2.4.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.5.7 [![Ruby 2.5.7 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.7/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * Ruby 2.6.5 [![Ruby 2.6.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.6.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.7.0 [![Ruby 2.7.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.7.1 [![Ruby 2.7.1 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.1/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 * JRuby 9.2.9.0 [![JRuby 9.2.9.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.2.9.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
@@ -359,7 +359,7 @@ $ license_finder dependencies remove my_js_dep
 Sometimes a project will have development or test dependencies which
 you don't want to track.  You can exclude theses dependencies by running
 `license_finder ignored_groups`.  (Currently this only works for packages
-managed by Bundler, NPM, and Nuget.)
+managed by Bundler, NPM, Yarn, Maven, Pip2, Pip3, and Nuget.)
 
 On rare occasions a package manager will report an individual dependency
 that you want to exclude from all reports, even though it is approved.

data/Rakefile

@@ -63,7 +63,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
     puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
   end
 
-  ruby_versions = %w[2.7.0 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
+  ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
 
   params = []
   params << "ruby_versions=#{ruby_versions.join(',')}"

data/VERSION

@@ -1 +1 @@
-6.1.0
+6.5.0

data/bin/license_finder_pip.py

@@ -7,9 +7,15 @@ try:
         from pip._internal.req import parse_requirements
 except ImportError:
         from pip.req import parse_requirements
+
 try:
-        from pip._internal.download import PipSession
+    # since pip 19.3
+    from pip._internal.network.session import PipSession
 except ImportError:
+    try:
+        # since pip 10
+        from pip._internal.download import PipSession
+    except ImportError:
         from pip.download import PipSession
 
 from pip._vendor import pkg_resources

data/ci/pipelines/release.yml.erb

@@ -19,22 +19,13 @@ resources:
     branch: master
     ignore_paths: [VERSION, CHANGELOG.md]
 
-- name: lf-git-version
-  type: git
-  source:
-    uri: git@github.com:pivotal/LicenseFinder.git
-    private_key: ((CfOslBot.private_key))
-    branch: master
-
 - name: semver-version
   type: semver
   source:
-    driver: git
-    uri: git@github.com:pivotal/LicenseFinder.git
-    branch: master
-    file: VERSION
-    private_key: ((CfOslBot.private_key))
-    commit_message: "Updates version to: %version%"
+    driver: gcs
+    bucket: lf-semver-version
+    key: version
+    json_key: ((GCPQueuedReportsBucketCredentials))
 
 - name: dockerhub-edge
   type: docker-image
@@ -154,8 +145,6 @@ jobs:
   - get: lf-git
     tags: ["private-worker"]
     passed: [<%= "#{ruby_versions.map{ |version| "ruby-#{version}"}.join(', ')}, rubocop" %>]
-  - get: lf-git-version
-    tags: ["private-worker"]
   - get: semver-version
     tags: ["private-worker"]
     trigger: true
@@ -171,14 +160,14 @@ jobs:
     params:
       GIT_USERNAME: ((GithubApiUser))
       GIT_EMAIL: ((GithubApiEmail))
-    file: lf-git-version/ci/tasks/update-changelog.yml
+    file: lf-git/ci/tasks/update-changelog.yml
   - put: dockerhub
     tags: ["private-worker"]
     params:
-      build: lf-git-version
+      build: lf-git-changed
       tag: version/version.txt
       tag_as_latest: true
-  - put: lf-git-version
+  - put: lf-git
     tags: ["private-worker"]
     params:
       repository: lf-git-changed
@@ -190,7 +179,7 @@ jobs:
       GIT_EMAIL: ((GithubApiEmail))
       GIT_PRIVATE_KEY: ((CfOslBot.private_key))
       GEM_API_KEY: ((LicenseFinderGemApiKey))
-    file: lf-git-version/ci/tasks/build-and-push-gem.yml
+    file: lf-git/ci/tasks/build-and-push-gem.yml
   - put: lf-release
     tags: ["private-worker"]
     params:

data/ci/scripts/pushscript.sh

@@ -3,8 +3,8 @@
 echo -e "---\n:rubygems_api_key: $GEM_API_KEY" > ~/.gem/credentials
 chmod 0600 ~/.gem/credentials
 
-cd lf-git-version
 build_version="$(cat semver-version/version)"
+cd lf-git
 built_gem="pkg/license_finder-$build_version.gem"
 
 git config --global user.email $GIT_EMAIL

data/ci/scripts/updateChangelog.sh

@@ -2,9 +2,11 @@
 
 set -e
 
-git clone lf-git-version lf-git-changed
+git clone lf-git lf-git-changed
 
 CHANGELOG_FILE="CHANGELOG.md"
+VERSION_FILE="VERSION"
+
 COMMIT_URL="https://github.com/pivotal/LicenseFinder/commit/"
 
 TAGS=( "Added" "ADDED" "Fixed" "FIXED" "Changed" "CHANGED" "Deprecated" "DEPRECATED" "Removed" "REMOVED" "Security" "SECURITY" )
@@ -50,10 +52,15 @@ echo -e "$LOG\n$(cat $CHANGELOG_FILE)" > $CHANGELOG_FILE
 # Append version hyperlink to the end of the file
 echo -e "[$VERSION]: https://github.com/pivotal/LicenseFinder/compare/$OLD...$VERSION_TAG" >> $CHANGELOG_FILE
 
+# Update version file in git
+echo $VERSION > $VERSION_FILE
+
 git config --global user.email $GIT_EMAIL
 git config --global user.name $GIT_USERNAME
 
 git add $CHANGELOG_FILE
+git add $VERSION_FILE
+
 git commit -m "Update changelog for version: $VERSION"
 
 echo "New version: $VERSION"

data/ci/tasks/build-and-push-gem.yml

@@ -1,10 +1,10 @@
 ---
 platform: linux
 inputs:
-- name: lf-git-version
+- name: lf-git
 - name: semver-version
 run:
   path: bash
   args:
   - "-lc"
-  - lf-git-version/ci/scripts/pushscript.sh
+  - lf-git/ci/scripts/pushscript.sh

data/ci/tasks/rubocop.yml

@@ -4,7 +4,7 @@ image_resource:
   type: registry-image
   source:
     repository: ruby
-    tag: 2.6.5
+    tag: 2.7.1
 
 inputs:
 - name: LicenseFinder

data/ci/tasks/update-changelog.yml

@@ -6,11 +6,11 @@ image_resource:
     tag: latest
 platform: linux
 inputs:
-- name: lf-git-version
+- name: lf-git
 - name: lf-release
 - name: semver-version
 outputs:
 - name: lf-git-changed
 - name: version
 run:
-  path: lf-git-version/ci/scripts/updateChangelog.sh
+  path: lf-git/ci/scripts/updateChangelog.sh

data/lib/license_finder/cli.rb

@@ -8,6 +8,7 @@ end
 require 'license_finder/cli/patched_thor'
 require 'license_finder/cli/base'
 require 'license_finder/cli/makes_decisions'
+require 'license_finder/cli/inherited_decisions'
 require 'license_finder/cli/permitted_licenses'
 require 'license_finder/cli/restricted_licenses'
 require 'license_finder/cli/dependencies'

data/lib/license_finder/cli/base.rb

@@ -44,6 +44,7 @@ module LicenseFinder
           :elixir_command,
           :mix_command,
           :mix_deps_dir,
+          :write_headers,
           :save,
           :prepare,
           :prepare_no_fail,

data/lib/license_finder/cli/inherited_decisions.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  module CLI
+    class InheritedDecisions < Base
+      extend Subcommand
+      include MakesDecisions
+
+      desc 'list', 'List all the inherited decision files'
+      def list
+        say 'Inherited Decision Files:', :blue
+        say_each(decisions.inherited_decisions)
+      end
+
+      auditable
+      desc 'add DECISION_FILE...', 'Add one or more decision files to the inherited decisions'
+      def add(*decision_files)
+        assert_some decision_files
+        modifying { decision_files.each { |filepath| decisions.inherit_from(filepath) } }
+        say "Added #{decision_files.join(', ')} to the inherited decisions"
+      end
+
+      auditable
+      desc 'remove DECISION_FILE...', 'Remove one or more decision files from the inherited decisions'
+      def remove(*decision_files)
+        assert_some decision_files
+        modifying { decision_files.each { |filepath| decisions.remove_inheritance(filepath) } }
+        say "Removed #{decision_files.join(', ')} from the inherited decisions"
+      end
+    end
+  end
+end

data/lib/license_finder/cli/main.rb

@@ -140,6 +140,7 @@ module LicenseFinder
       desc 'report', "Print a report of the project's dependencies to stdout"
       shared_options
       format_option
+      method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
       method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
 
       def report
@@ -171,6 +172,7 @@ module LicenseFinder
       subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
       subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
       subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
+      subcommand 'inherited_decisions', InheritedDecisions, 'Add or remove decision files you want to inherit from'
 
       private
 
@@ -203,7 +205,7 @@ module LicenseFinder
       def report_of(content)
         report = FORMATS[config.format] || FORMATS['text']
         report = MergedReport if report == CsvReport && config.aggregate_paths
-        report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s)
+        report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s, write_headers: config.write_headers)
       end
 
       def save?