Skip to content

Instantly share code, notes, and snippets.

@syntaqx

syntaqx/dependency-review-config.yml

Last active May 5, 2023 18:53
Show Gist options
  • Save syntaqx/e5ca1586f9a8781aa1d14620840ea28d to your computer and use it in GitHub Desktop.
Save syntaqx/e5ca1586f9a8781aa1d14620840ea28d to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. syntaqx revised this gist May 5, 2023. 1 changed file with 267 additions and 85 deletions.
    352 changes: 267 additions & 85 deletions dependency-review-config.yml
    View file
    Original file line number Diff line number Diff line change
    @@ -2,92 +2,274 @@ fail_on_severity: 'low'
    license-check: true
    vulnerability-check: true

    # You do not need Legal approval to use code licensed under these licenses, for
    # any use case.
    allow_licenses:
    - 'GPL-3.0'
    - 'BSD-3-Clause'
    - 'MIT'
    - oAFL-1.1
    - oAFL-1.2
    - oAFL-2.0
    - oAFL-2.1
    - oAFL-3.0
    - AMPAS
    - APAFML
    - ADSL
    - AMDPLPA
    - ANTLR-PD-fallback
    - ANTLR-PD
    - oApache-1.0
    - oApache-1.1
    - oApache-2.0
    - AML
    - Artistic-2.0
    - Bahyph
    - Barr
    - BlueOak-1.0.0
    - BSL-1.0
    - BSD-1-Clause
    - BSD-2-Clause
    - BSD-2-Clause-FreeBSD
    - BSD-2-Clause-NetBSD
    - BSD-2-Clause-Views
    - BSD-3-Clause
    - BSD-3-Clause-Clear
    - BSD-3-Clause-Modification
    - BSD-3-Clause-No-Nuclear-License-2014
    - BSD-3-Clause-No-Nuclear-Warranty
    - BSD-3-Clause-Open-MPI
    - BSD-4-Clause
    - BSD-4-Clause-Shortened
    - BSD-Source-Code
    - BSD-3-Clause-Attribution
    - 0BSD
    - BSD-2-Clause-Patent
    - BSD-4-Clause-UC
    - bzip2-1.0.5
    - bzip2-1.0.6
    - CC-BY-1.0
    - CC-BY-2.0
    - CC-BY-2.5
    - CC-BY-3.0
    - CC-BY-4.0
    - MIT-CMU
    - CNRI-Jython
    - CNRI-Python
    - CNRI-Python-
    - GPL-Compatible
    - CC0-1.0
    - Cube
    - curl
    - DSDP
    - ECL-1.0
    - ECL-2.0
    - eGenix
    - MIT-advertising
    - MIT-enna
    - Entessa
    - MIT-feh
    - FTL
    - HTMLTIDY
    - IBM-pibs
    - ICU
    - ImageMagick
    - Info-ZIP
    - Intel
    - ISC
    - JasPer-2.0
    - LPPL-1.3c
    - BSD-3-Clause-LBNL
    - Libpng
    - libtiff
    - Linux-OpenIB
    - MTLL
    - MS-PL
    - MITNFA
    - MIT-Modern-Variant
    - MIT
    - MIT-0
    - MIT-open-group
    - MulanPSL-1.0
    - MulanPSL-2.0
    - Multics
    - Mup
    - Naumen
    - NetCDF
    - Net-SNMP
    - NTP
    - OLDAP-2.2.2
    - OLDAP-2.0
    - OLDAP-2.0.1
    - OLDAP-2.1
    - OLDAP-2.2
    - OLDAP-2.2.1
    - OLDAP-2.3
    - OLDAP-2.4
    - OLDAP-2.5
    - OLDAP-2.6
    - OLDAP-2.7
    - OLDAP-2.8
    - OML
    - OpenSSL
    - PHP-3.0
    - PHP-3.01
    - Plexus
    - libpng-2.0
    - PostgreSQL
    - Python-2.0
    - PSF-2.0
    - Ruby
    - Saxpath
    - SWL
    - SGI-B-2.0
    - Spencer-99
    - SMLNJ
    - TCL
    - TCP-wrappers
    - Unlicense
    - Unicode-DFS-2015
    - Unicode-DFS-2016
    - UPL-1.0
    - NCSA
    - VSL-1.0
    - W3C
    - Xnet
    - X11
    - Xerox
    - XFree86-1.1
    - xpp
    - Zlib
    - zlib-acknowledgement
    - ZPL-2.0
    - ZPL-2.1

    # Caution.. not sure what to do with these correctly.
    # You must obtain Legal approval to distribute code licensed under these
    # licenses. You do not need Legal approval to make internal use of code licensed
    # under these licenses.
    caution_licenses:
    - BSD-Protection
    - oCDDL-1.0
    - oCDDL-1.1
    - (CPL-1.0)
    - ocopyleft-next-0.3.0
    - ocopyleft-next-0.3.1
    - oCC-BY-SA-1.0
    - oCC-BY-SA-2.0
    - oCC-BY-SA-2.5
    - oCC-BY-SA-3.0
    - oCC-BY-SA-4.0
    - oEPL-1.0
    - oEPL-2.0
    - ErlPL-1.1
    - IPL-1.0
    - oGPL-1.0-only
    - oGPL-1.0-or-later
    - oGPL-2.0-only
    - oGPL-2.0-or-later
    - oGPL-3.0-only
    - oGPL-3.0-or-later
    - oGPL-2.0-only WITH Autoconf-exception-2.0
    - oGPL-3.0-only WITH Autoconf-exception-3.0
    - oGPL-2.0-only WITH Bison-exception-2.2
    - oGPL-2.0-only WITH Classpath-exception-2.0
    - oGPL-2.0-only WITH Font-exception-2.0
    - oGPL-2.0-only WITH GCC-exception-2.0
    - oGPL-2.0-only WITH GCC-exception-3.1
    - oLGPL-2.0-only
    - oLGPL-2.0-or-later
    - oLGPL-2.1-only
    - oLGPL-2.1-or-later
    - oLGPL-3.0-only
    - oLGPL-3.0-or-later
    - oMPL-1.0
    - oMPL-1.1
    - oMPL-2.0
    - oMPL-2.0-no-copyleft-exception
    - MS-RL
    - QPL-1.0
    - Sleepycat
    - SPL-1.0

    # You must obtain Legal approval to use any code licensed under these
    disallow_licenses:
    - 'AAL'
    - 'Adobe-2006'
    - 'oAGPL-1.0-only
    - 'oAGPL-1.0-or-later
    - 'oAGPL-3.0-only
    - 'oAGPL-3.0-or-later
    - 'Afmparse License (Afmparse)
    - 'oAPSL-1.0'
    - 'oAPSL-1.1'
    - 'oAPSL-1.2'
    - 'oAPSL-2.0'
    - 'Artistic-1.0'
    - 'Artistic-1.0-cl8'
    - 'Artistic-1.0-Perl'
    - 'Beerware'
    - 'blessing'
    - 'Borceux'
    - 'CECILL-B'
    - 'ClArtistic'
    - 'CPAL-1.0'
    - 'Condor-1.1'
    - 'Crossword'
    - 'oCAL-1.0'
    - 'oCAL-1.0-Combined-Work-Exception'
    - 'CrystalStacker'
    - 'diffmark'
    - 'DOC'
    - 'EFL-1.0'
    - 'EFL-2.0'
    - 'oEUPL-1.0'
    - 'oEUPL-1.1'
    - 'oEUPL-1.2'
    - 'Fair'
    - 'FSFUL'
    - 'FSFULLR'
    - 'Giftware'
    - 'HPND'
    - 'IJG'
    - 'Leptonica'
    - 'LPL-1.0'
    - 'LPL-1.02'
    - 'MirOS'
    - 'mpich2'
    - 'NASA-1.3'
    - 'NBPL-1.0'
    - 'Newsletr'
    - 'NLPL'
    - 'NPOSL-3.0'
    - 'NRL'
    - 'OGTSL'
    - 'OLDAP-1.1'
    - 'OLDAP-1.2'
    - 'OLDAP-1.3'
    - 'OLDAP-1.4'
    - 'oOSL-1.0'
    - 'oOSL-1.1'
    - 'oOSL-2.0'
    - 'oOSL-2.1'
    - 'oOSL-3.0'
    - 'oParity-6.0.0'
    - 'oPaity-7.0.0'
    - 'psutils'
    - 'Qhull'
    - 'rdisc'
    - 'RPSL-1.0'
    - 'oRPL-1.1'
    - 'oRPL-1.5'
    - 'RSA-MD'
    - 'SSPL-1.0'
    - 'Spencer-86'
    - 'Spencer-94'
    - 'TU-Berlin-1.0'
    - 'TU-Berlin-2.0'
    - 'Vim'
    - 'W3C-19980720'
    - 'W3C-20150513'
    - 'Wsuipa'
    - 'WTFPL'
    - 'xinetd'
    - 'Zed'
    - 'Zend-2.0'
    - 'ZPL-1.1'
    - AAL
    - Adobe-2006
    - oAGPL-1.0-only
    - oAGPL-1.0-or-later
    - oAGPL-3.0-only
    - oAGPL-3.0-or-later
    - Afmparse
    - oAPSL-1.0
    - oAPSL-1.1
    - oAPSL-1.2
    - oAPSL-2.0
    - Artistic-1.0
    - Artistic-1.0-cl8
    - Artistic-1.0-Perl
    - Beerware
    - blessing
    - Borceux
    - CECILL-B
    - ClArtistic
    - CPAL-1.0
    - Condor-1.1
    - Crossword
    - oCAL-1.0
    - oCAL-1.0-Combined-Work-Exception
    - CrystalStacker
    - diffmark
    - DOC
    - EFL-1.0
    - EFL-2.0
    - oEUPL-1.0
    - oEUPL-1.1
    - oEUPL-1.2
    - Fair
    - FSFUL
    - FSFULLR
    - Giftware
    - HPND
    - IJG
    - Leptonica
    - LPL-1.0
    - LPL-1.02
    - MirOS
    - mpich2
    - NASA-1.3
    - NBPL-1.0
    - Newsletr
    - NLPL
    - NPOSL-3.0
    - NRL
    - OGTSL
    - OLDAP-1.1
    - OLDAP-1.2
    - OLDAP-1.3
    - OLDAP-1.4
    - oOSL-1.0
    - oOSL-1.1
    - oOSL-2.0
    - oOSL-2.1
    - oOSL-3.0
    - oParity-6.0.0
    - oPaity-7.0.0
    - psutils
    - Qhull
    - rdisc
    - RPSL-1.0
    - oRPL-1.1
    - oRPL-1.5
    - RSA-MD
    - SSPL-1.0
    - Spencer-86
    - Spencer-94
    - TU-Berlin-1.0
    - TU-Berlin-2.0
    - Vim
    - W3C-19980720
    - W3C-20150513
    - Wsuipa
    - WTFPL
    - xinetd
    - Zed
    - Zend-2.0
    - ZPL-1.1
  2. syntaqx revised this gist May 5, 2023. 1 changed file with 80 additions and 62 deletions.
    142 changes: 80 additions & 62 deletions dependency-review-config.yml
    View file
    Original file line number Diff line number Diff line change
    @@ -11,65 +11,83 @@ allow_licenses:
    disallow_licenses:
    - 'AAL'
    - 'Adobe-2006'
    - 'oAGPL-1.0-only
    - 'oAGPL-1.0-or-later
    - 'oAGPL-3.0-only
    - 'oAGPL-3.0-or-later
    - 'Afmparse License (Afmparse)
    - 'oAPSL-1.0'
    - 'oAPSL-1.1'
    - 'oAPSL-1.2'
    - 'oAPSL-2.0'
    - 'Artistic-1.0'
    - 'Artistic-1.0-cl8'
    - 'Artistic-1.0-Perl'
    - 'Beerware'
    - 'blessing'
    - 'Borceux'
    - 'CECILL-B'
    - 'ClArtistic'
    - 'CPAL-1.0'
    - 'Condor-1.1'
    - 'Crossword'
    - 'oCAL-1.0'
    - 'oCAL-1.0-Combined-Work-Exception'
    - 'CrystalStacker'
    - 'diffmark'
    - 'DOC'
    - 'EFL-1.0'
    - 'EFL-2.0'
    - 'oEUPL-1.0'
    - 'oEUPL-1.1'
    - 'oEUPL-1.2'
    - 'Fair'
    - 'FSFUL'
    - 'FSFULLR'
    - 'Giftware'
    - 'HPND'
    - 'IJG'
    - 'Leptonica'
    - 'LPL-1.0'
    - 'LPL-1.02'
    - 'MirOS'
    - 'mpich2'
    - 'NASA-1.3'
    - 'NBPL-1.0'
    - 'Newsletr'
    - 'NLPL'
    - 'NPOSL-3.0'
    - 'NRL'
    - 'OGTSL'
    - 'OLDAP-1.1'
    - 'OLDAP-1.2'
    - 'OLDAP-1.3'
    - 'OLDAP-1.4'
    - 'oOSL-1.0'
    - 'oOSL-1.1'
    - 'oOSL-2.0'
    - 'oOSL-2.1'
    - 'oOSL-3.0'
    - 'oParity-6.0.0'
    - 'oPaity-7.0.0'
    - 'psutils'
    - 'Qhull'
    - 'rdisc'
    - 'oAGPL-1.0-only
    - 'oAGPL-1.0-or-later
    - 'oAGPL-3.0-only
    - 'oAGPL-3.0-or-later
    - 'Afmparse License (Afmparse)
    - 'oAPSL-1.0'
    - 'oAPSL-1.1'
    - 'oAPSL-1.2'
    - 'oAPSL-2.0'
    - 'Artistic-1.0'
    - 'Artistic-1.0-cl8'
    - 'Artistic-1.0-Perl'
    - 'Beerware'
    - 'blessing'
    - 'Borceux'
    - 'CECILL-B'
    - 'ClArtistic'
    - 'CPAL-1.0'
    - 'Condor-1.1'
    - 'Crossword'
    - 'oCAL-1.0'
    - 'oCAL-1.0-Combined-Work-Exception'
    - 'CrystalStacker'
    - 'diffmark'
    - 'DOC'
    - 'EFL-1.0'
    - 'EFL-2.0'
    - 'oEUPL-1.0'
    - 'oEUPL-1.1'
    - 'oEUPL-1.2'
    - 'Fair'
    - 'FSFUL'
    - 'FSFULLR'
    - 'Giftware'
    - 'HPND'
    - 'IJG'
    - 'Leptonica'
    - 'LPL-1.0'
    - 'LPL-1.02'
    - 'MirOS'
    - 'mpich2'
    - 'NASA-1.3'
    - 'NBPL-1.0'
    - 'Newsletr'
    - 'NLPL'
    - 'NPOSL-3.0'
    - 'NRL'
    - 'OGTSL'
    - 'OLDAP-1.1'
    - 'OLDAP-1.2'
    - 'OLDAP-1.3'
    - 'OLDAP-1.4'
    - 'oOSL-1.0'
    - 'oOSL-1.1'
    - 'oOSL-2.0'
    - 'oOSL-2.1'
    - 'oOSL-3.0'
    - 'oParity-6.0.0'
    - 'oPaity-7.0.0'
    - 'psutils'
    - 'Qhull'
    - 'rdisc'
    - 'RPSL-1.0'
    - 'oRPL-1.1'
    - 'oRPL-1.5'
    - 'RSA-MD'
    - 'SSPL-1.0'
    - 'Spencer-86'
    - 'Spencer-94'
    - 'TU-Berlin-1.0'
    - 'TU-Berlin-2.0'
    - 'Vim'
    - 'W3C-19980720'
    - 'W3C-20150513'
    - 'Wsuipa'
    - 'WTFPL'
    - 'xinetd'
    - 'Zed'
    - 'Zend-2.0'
    - 'ZPL-1.1'
  3. syntaqx created this gist May 5, 2023.
    75 changes: 75 additions & 0 deletions dependency-review-config.yml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,75 @@
    fail_on_severity: 'low'
    license-check: true
    vulnerability-check: true

    allow_licenses:
    - 'GPL-3.0'
    - 'BSD-3-Clause'
    - 'MIT'

    # You must obtain Legal approval to use any code licensed under these
    disallow_licenses:
    - 'AAL'
    - 'Adobe-2006'
    - 'oAGPL-1.0-only
    - 'oAGPL-1.0-or-later
    - 'oAGPL-3.0-only
    - 'oAGPL-3.0-or-later
    - 'Afmparse License (Afmparse)
    - 'oAPSL-1.0'
    - 'oAPSL-1.1'
    - 'oAPSL-1.2'
    - 'oAPSL-2.0'
    - 'Artistic-1.0'
    - 'Artistic-1.0-cl8'
    - 'Artistic-1.0-Perl'
    - 'Beerware'
    - 'blessing'
    - 'Borceux'
    - 'CECILL-B'
    - 'ClArtistic'
    - 'CPAL-1.0'
    - 'Condor-1.1'
    - 'Crossword'
    - 'oCAL-1.0'
    - 'oCAL-1.0-Combined-Work-Exception'
    - 'CrystalStacker'
    - 'diffmark'
    - 'DOC'
    - 'EFL-1.0'
    - 'EFL-2.0'
    - 'oEUPL-1.0'
    - 'oEUPL-1.1'
    - 'oEUPL-1.2'
    - 'Fair'
    - 'FSFUL'
    - 'FSFULLR'
    - 'Giftware'
    - 'HPND'
    - 'IJG'
    - 'Leptonica'
    - 'LPL-1.0'
    - 'LPL-1.02'
    - 'MirOS'
    - 'mpich2'
    - 'NASA-1.3'
    - 'NBPL-1.0'
    - 'Newsletr'
    - 'NLPL'
    - 'NPOSL-3.0'
    - 'NRL'
    - 'OGTSL'
    - 'OLDAP-1.1'
    - 'OLDAP-1.2'
    - 'OLDAP-1.3'
    - 'OLDAP-1.4'
    - 'oOSL-1.0'
    - 'oOSL-1.1'
    - 'oOSL-2.0'
    - 'oOSL-2.1'
    - 'oOSL-3.0'
    - 'oParity-6.0.0'
    - 'oPaity-7.0.0'
    - 'psutils'
    - 'Qhull'
    - 'rdisc'
    16 changes: 16 additions & 0 deletions dependency-review.yml
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,16 @@
    name: 'Dependency Review'
    on: [pull_request]

    permissions:
    contents: read

    jobs:
    dependency-review:
    runs-on: ubuntu-latest
    steps:
    - name: 'Checkout Repository'
    uses: actions/checkout@v3
    - name: 'Dependency Review'
    uses: actions/dependency-review-action@v3
    with:
    config-file: './.github/dependency-review-config.yml'