You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The pipeline support addressing OpenSource licenses that are considered "allows" and "denied". Denied licenses result in a pipeline failure and need addressing.
Licenses that are in neither list require usually special approval's per the company's rules around OpenSource. So, it would be beneficial to get a list of libraries and their according licenses that fall outside of established policies, so that I can address those in the according review process.
Use Case
As a person responsible for doing OpenSource review in software releases, I need to see a list of licenses which are not addressed by my policies, as I need to start an exception process (or make active efforts to replace the related libraries).
Proposed Solution
Create a seperate output file, listing licenses and libraries outside of the defined policies. There should also be some notification in the pipeline (is there a WARNING state?)
Other Information
No response
Acknowledgements
I may be able to implement this feature request
This feature might incur a breaking change
CICD Boot version used
n/a
Environment details (OS name and version, etc.)
n/a
The text was updated successfully, but these errors were encountered:
Describe the feature
The pipeline support addressing OpenSource licenses that are considered "allows" and "denied". Denied licenses result in a pipeline failure and need addressing.
Licenses that are in neither list require usually special approval's per the company's rules around OpenSource. So, it would be beneficial to get a list of libraries and their according licenses that fall outside of established policies, so that I can address those in the according review process.
Use Case
As a person responsible for doing OpenSource review in software releases, I need to see a list of licenses which are not addressed by my policies, as I need to start an exception process (or make active efforts to replace the related libraries).
Proposed Solution
Create a seperate output file, listing licenses and libraries outside of the defined policies. There should also be some notification in the pipeline (is there a WARNING state?)
Other Information
No response
Acknowledgements
CICD Boot version used
n/a
Environment details (OS name and version, etc.)
n/a
The text was updated successfully, but these errors were encountered: