forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.ort.yml
95 lines (95 loc) · 4.69 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
---
excludes:
paths:
- pattern: "*/src/{funTest,test}/**"
reason: "TEST_OF"
comment: "Licenses contained in this directory are used for testing and do not\
\ apply to the OSS Review Toolkit."
- pattern: "spdx-utils/src/main/kotlin/{SpdxDeclaredLicenseMapping,SpdxLicense,SpdxLicenseException,SpdxSimpleLicenseMapping}.kt"
reason: "DATA_FILE_OF"
comment: "Licenses contained in this class are used for processing licenses and\
\ do not apply to the OSS Review Toolkit."
- pattern: "spdx-utils/src/main/resources/{exceptions,licenserefs,licenses}/**"
reason: "DATA_FILE_OF"
comment: "This license file is used for generating license notes and does not\
\ apply to the OSS Review Toolkit."
- pattern: "test-utils/**"
reason: "TEST_OF"
comment: "Licenses contained in this directory are used for testing and do not\
\ apply to the OSS Review Toolkit."
scopes:
- pattern: "(test.*|funTest.*)"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for testing only. Not part of released artifacts."
- pattern: "devDependencies"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only. Not part of released artifacts"
resolutions:
issues:
- message: "ERROR: Timeout after 300 seconds while scanning file 'reporter-web-app/public/index.html'."
reason: "SCANNER_ISSUE"
comment: "The error can be ignored because the file does contain relevant license\
\ information."
- message: "ERROR: Timeout after 300 seconds while scanning file 'scanner/src/test/assets/aws-java-sdk-core-1.11.160_scancode-2.9.7.json'."
reason: "SCANNER_ISSUE"
comment: "This file contains test data. Contained licenses do not apply to the\
\ OSS Review Toolkit."
curations:
license_findings:
- path: "README.md"
line_count: 1
detected_license: "GPL-1.0-or-later"
concluded_license: "NONE"
reason: "DOCUMENTATION_OF"
comment: "Findings reference a file with 'gpl' in its name."
- path: "analyzer/src/funTest/assets/projects/external/spdx-tools-python/spdx/licenses.json"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: "This file contains official SPDX.org license ids. SPDX is licensed under\
\ CC0-1.0, see https://github.com/spdx/license-list-XML/blob/master/package.json#L33"
- path: "analyzer/src/funTest/assets/projects/synthetic/composer/{empty-deps,lockfile,no-lockfile,no-deps,with-provide,with-replace}/composer.phar"
concluded_license: "MIT"
reason: "DATA_OF"
comment: "These files are part of PHP Composer and include a mapping from human\
\ readable strings to SPDX license ids."
- path: "docs/**.md"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: "Documentation contains examples mentioning various licenses."
- path: "reporter-web-app/src/config.js"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: "Configuration file for WebApp reporter defining colors to use for each\
\ SPDX license."
- path: "spdx-utils/src/main/kotlin/SpdxLicense.kt"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: "This file defines official SPDX.org licenses so they can be used in\
\ OSS Review Toolkit."
- path: "spdx-utils/src/main/kotlin/SpdxLicenseException.kt"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: "This file defines official SPDX.org exceptions so they can be used in\
\ OSS Review Toolkit."
- path: "spdx-utils/src/main/kotlin/{SpdxDeclaredLicenseMapping.kt,SpdxSimpleLicenseMapping.kt}"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: "These files map declared licenses to SPDX.org license ids so they can\
\ be used in OSS Review Toolkit."
- path: "spdx-utils/src/main/resources/licenserefs/**"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: "This directory contains all non-official SPDX license ids which are\
\ used to generate open source notices. SPDX and ScanCode license files are\
\ licensed under CC0-1.0, see https://github.com/spdx/license-list-XML/blob/master/package.json#L33\
\ https://github.com/nexB/scancode-toolkit/blame/develop/README.rst#L168"
- path: "spdx-utils/src/main/resources/licenses/**"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: "This directory contains all official SPDX.org license ids which are\
\ used to generate open source notices. SPDX and ScanCode license files are\
\ licensed under CC0-1.0, see https://github.com/spdx/license-list-XML/blob/master/package.json#L33"
- path: "spdx-utils/src/test/kotlin/SpdxExpressionTest.kt"
concluded_license: "Apache-2.0"
reason: "CODE"
comment: "This file uses several variables named after licenses."