Apache Tentacles

Apache Tentacles is a utility developed under the Apache Creadur project to automate the inspection of staged software release artifacts. It downloads archives from a specified repository, unpacks them recursively, and generates detailed reports about their contents, including license and notice files. Tentacles is designed to assist in validating the completeness and compliance of release candidates before publication.

Features

• Recursively downloads and unpacks archives from staging repositories
• Supports common archive formats including JAR, ZIP, WAR, EAR, and TAR.GZ
• Generates HTML reports summarizing contents, licenses, and notices
• Identifies declared and undeclared license and notice files
• Provides structured output directories for binaries and unpacked content
• Manual validation support with potential for future automation
• Lightweight Java-based tool with minimal dependencies

Capabilities

• Facilitates pre-release auditing of software distributions
• Enables inspection of nested binaries and their associated metadata
• Supports recursive unpacking for deep content analysis
• Produces human-readable reports for compliance review
• Can be integrated into release workflows for Apache projects
• Offers extensibility for signature verification and automated flagging

Benefits

• Improves transparency and accountability in software releases
• Reduces risk of publishing incomplete or non-compliant artifacts
• Saves time in manual inspection by automating content extraction
• Enhances consistency across release validation processes
• Supports open-source governance and licensing best practices
• Strengthens trust in distributed binaries through thorough analysis