-
Notifications
You must be signed in to change notification settings - Fork 364
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: allow explicitly ignoring the license of a package in config (#…
…1243) This allows you to configure the scanner to completely ignore the license of a package in a way that is explicit, as oppose to configuring `license.overrides` to set the package license to an allowed one. Resolves #1124
- Loading branch information
Showing
7 changed files
with
188 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
28 changes: 28 additions & 0 deletions
28
cmd/osv-scanner/fixtures/osv-scanner-complex-licenses-config.toml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
[[PackageOverrides]] | ||
ecosystem = "npm" | ||
ignore = true | ||
license.override = ["0BSD"] | ||
|
||
[[PackageOverrides]] | ||
ecosystem = "Packagist" | ||
license.override = ["0BSD"] | ||
|
||
[[PackageOverrides]] | ||
ecosystem = "Alpine" | ||
name = "musl" | ||
license.override = ["UNKNOWN"] | ||
|
||
[[PackageOverrides]] | ||
ecosystem = "Alpine" | ||
name = "musl-utils" | ||
license.ignore = true # this takes priority over license.override | ||
license.override = ["UNKNOWN"] | ||
|
||
[[PackageOverrides]] | ||
ecosystem = "Alpine" | ||
name = "apk-tools" | ||
license.ignore = false | ||
|
||
[[PackageOverrides]] | ||
ecosystem = "Alpine" | ||
license.ignore = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters