FOSSA supports projects that use cpan. We are currently on
We look for and analyze the following files for license and dependency information
FOSSA will find any package available via the Metacpan API.
Declared licenses in
(MY)META.(yml/json) files will be picked up
We use both metadata file parsing and the
cpanm command line tool to discover dependencies. To resolve versions, we use the ElasticSearch cpan api found Here
We're starting by turning open source license compliance into what it should be — simple, accessible.