Assuming you are building a commercial product and one of your clients requires to have a report of all OSS dependencies you use. The report should contain all sources and license text of your runtime OSS dependencies.
How would you maintain such a report? Currently we build a solution for ourselves which is a bit clunky, takes a hand curated yaml file, downloads the sources and licenses and zips them. Would this be your solution as well?
PS: We are mainly talking about Java and Javascript dependencies (mvn/npm)
EDIT: The main quest is of course to stay away from OSS dependencies with GPL, as the client does not like them.