forked from eclipse/kuksa.val
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.ort.yml
135 lines (134 loc) · 5.5 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# This is a configuration for ORT - the OSS Review toolkit
# https://oss-review-toolkit.org/ort/
#
# This is currently scoped to scan databroker. Test and build
# dependencies, examples and val-server components are excluded
# This should contain everything that will end up in our released
# databroker containers.
analyzer:
skip_excluded: true
excludes:
scopes:
- pattern: "build-dependencies"
reason: "BUILD_DEPENDENCY_OF"
comment: "Packages only required during build"
- pattern: "dev-dependencies"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages required for testing"
paths:
- pattern: "doc/**"
reason: "DOCUMENTATION_OF"
comment: "Not in release artifacts"
- pattern: "NOTICE.md"
reason: "OTHER"
comment: "We don't trust NOTICE, we scan"
- pattern: "kuksa-val-server/**"
reason: "OTHER"
comment: "Not part of databroker. Not in release artifact"
- pattern: "kuksa_apps/**"
reason: "OTHER"
comment: "Not part of databroker. Not in release artifact"
- pattern: "kuksa_go_client/**"
reason: "OTHER"
comment: "Not part of databroker. Not in release artifact"
- pattern: "test/**"
reason: "OTHER"
comment: "Not part of databroker. Not in release artifact"
- pattern: "kuksa_databroker/integration_test/**"
reason: "TEST_TOOL_OF"
comment: "Test only"
- pattern: "**/test-requirements.txt"
reason: "TEST_TOOL_OF"
comment: "Test only. Scope not working for Py"
license_choices:
repository_license_choices:
- given: "OpenSSL OR BSD-3-Clause OR GPL-1.0-or-later"
choice: "BSD-3-Clause"
- given: "OpenSSL OR BSD-3-Clause OR GPL-1.0-or-later OR GPL-2.0-only"
choice: "BSD-3-Clause"
- given: "(Apache-2.0 OR MS-PL) AND MIT"
choice: "Apache-2.0 AND MIT"
- given: "Apache-2.0 AND (Apache-2.0 OR MS-PL) AND MIT"
choice: "Apache-2.0 AND MIT"
- given: "(Apache-2.0 AND MIT) OR (MIT AND MS-PL)"
choice: "Apache-2.0 AND MIT"
- given: "(Apache-2.0 AND MIT) OR (Apache-2.0 AND MIT AND MS-PL)"
choice: "Apache-2.0 AND MIT"
- given: "MIT OR GPL-2.0-only"
choice: "MIT"
- given: "Apache-2.0 AND ISC AND BSD-3-Clause AND LicenseRef-scancode-ssleay-windows\
\ AND LicenseRef-scancode-openssl AND NTP AND Zlib AND LicenseRef-scancode-public-domain\
\ AND MPL-2.0 AND LicenseRef-scancode-x11-lucent AND Apache-2.0 WITH LLVM-exception\
\ AND BSD-2-Clause AND LicenseRef-scancode-info-zip-2001-01 AND LicenseRef-scancode-openssl-nokia-psk-contribution\
\ AND (LicenseRef-scancode-openssl OR BSD-3-Clause OR GPL-2.0-only)"
choice: "Apache-2.0 AND ISC AND BSD-3-Clause AND LicenseRef-scancode-ssleay-windows\
\ AND LicenseRef-scancode-openssl AND NTP AND Zlib AND LicenseRef-scancode-public-domain\
\ AND MPL-2.0 AND LicenseRef-scancode-x11-lucent AND Apache-2.0 WITH LLVM-exception\
\ AND BSD-2-Clause AND LicenseRef-scancode-info-zip-2001-01 AND LicenseRef-scancode-openssl-nokia-psk-contribution"
curations:
packages:
- id: "Crate::windows"
curations:
comment: >-
License information as per https://crates.io/crates/windows
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::windows_aarch64_msvc"
curations:
comment: >-
License information as per https://crates.io/crates/windows
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::windows_i686_msvc"
curations:
comment: >-
License information as per https://crates.io/crates/windows
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::windows_x86_64_msvc"
curations:
comment: >-
License information as per https://crates.io/crates/windows
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::rand_core"
curations:
comment: >-
License information as per https://crates.io/crates/rand_core
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::nix"
curations:
comment: >-
License information as per https://crates.io/crates/nix
concluded_license: "MIT"
- id: "Crate::ureq"
curations:
comment: >-
License information as per https://crates.io/crates/ureq
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::web-sys"
curations:
comment: >-
License information as per https://crates.io/crates/web-sys
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::ryu"
curations:
comment: >-
License information as per https://crates.io/crates/ryu
concluded_license: "Apache-2.0 OR BSL-1.0"
- id: "Crate::num-bigint"
curations:
comment: >-
License information as per https://crates.io/crates/num-bigint . Scanned and approved https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/11390
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::os_str_bytes"
curations:
comment: >-
License information as per https://crates.io/crates/os_str_bytes. 87 Clearlydefined.io score for MIT APACHE-2.0
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::os_str_bytes:6.4.1"
curations:
comment: >-
License information as per https://crates.io/crates/os_str_bytes. 87 Clearlydefined.io score for MIT APACHE-2.0
concluded_license: "MIT OR Apache-2.0"
- id: "PyPI::setuptools"
curations:
comment: >-
License information as per https://pypi.org/project/setuptools/ . The detected GPL is a false positive from an EXAMPLE in Readme.
concluded_license: "MIT"