forked from oss-review-toolkit/ort
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.ort.yml
108 lines (108 loc) · 4.9 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
---
excludes:
paths:
- pattern: "**/src/{funTest,test}/**"
reason: "TEST_OF"
comment: >-
Licenses contained in this directory are used for testing and do not apply to the OSS Review Toolkit.
- pattern: "examples/**"
reason: "EXAMPLE_OF"
comment: >-
This directory contains example files with licenses that do not apply to the OSS Review Toolkit.
- pattern: "utils/spdx/src/main/kotlin/{SpdxDeclaredLicenseMapping,SpdxLicense,SpdxLicenseException,SpdxSimpleLicenseMapping}.kt"
reason: "DATA_FILE_OF"
comment: >-
Licenses contained in this class are used for processing licenses and do not apply to the OSS Review Toolkit.
- pattern: "utils/spdx/src/main/resources/**"
reason: "DATA_FILE_OF"
comment: >-
Licenses contained in this directory are used for generating license notes and mapping licenses and exceptions.
They do not apply to the OSS Review Toolkit.
- pattern: "utils/test/**"
reason: "TEST_OF"
comment: >-
Licenses contained in this directory are used for testing and do not apply to the OSS Review Toolkit.
scopes:
- pattern: "(test.*|funTest.*)"
reason: "TEST_DEPENDENCY_OF"
comment: >-
Packages for testing only. Not part of released artifacts.
- pattern: "devDependencies"
reason: "DEV_DEPENDENCY_OF"
comment: >-
Packages for development only. Not part of released artifacts.
resolutions:
issues:
- message: "ERROR: Timeout after 300 seconds while scanning file 'reporter-web-app/public/index.html'."
reason: "SCANNER_ISSUE"
comment: >-
The error can be ignored because the file does contain relevant license information.
- message: "ERROR: Timeout after 300 seconds while scanning file 'scanner/src/test/assets/aws-java-sdk-core-1.11.160_scancode-2.9.7.json'."
reason: "SCANNER_ISSUE"
comment: >-
This file contains test data. Contained licenses do not apply to the OSS Review Toolkit.
curations:
license_findings:
- path: "README.md"
line_count: 1
detected_license: "GPL-1.0-or-later"
concluded_license: "NONE"
reason: "DOCUMENTATION_OF"
comment: >-
Findings reference a file with 'gpl' in its name.
- path: "analyzer/src/funTest/assets/projects/external/spdx-tools-python/spdx/licenses.json"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: >-
This file contains official SPDX.org license ids. SPDX is licensed under CC0-1.0, see
https://github.com/spdx/license-list-XML/blob/master/package.json#L33.
- path: "analyzer/src/funTest/assets/projects/synthetic/composer/{empty-deps,lockfile,no-lockfile,no-deps,with-provide,with-replace}/composer.phar"
concluded_license: "MIT"
reason: "DATA_OF"
comment: >-
These files are part of PHP Composer and include a mapping from human readable strings to SPDX license ids.
- path: "docs/**.md"
concluded_license: "Apache-2.0"
reason: "DOCUMENTATION_OF"
comment: >-
Documentation contains examples mentioning various licenses.
- path: "reporter-web-app/public/index.html"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: >-
This file contains license identifiers in test data.
- path: "utils/spdx/src/main/kotlin/SpdxLicense.kt"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: >-
This file defines official SPDX.org licenses so they can be used in OSS Review Toolkit.
- path: "utils/spdx/src/main/kotlin/SpdxLicenseException.kt"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: >-
This file defines official SPDX.org exceptions so they can be used in OSS Review Toolkit.
- path: "utils/spdx/src/main/resources/{declared-license-mapping.yml,deprecated-license-mapping.yml,exception-mapping.yml,simple-license-mapping.yml}"
concluded_license: "Apache-2.0"
reason: "DATA_OF"
comment: >-
These files contain mappings for licenses and exceptions.
- path: "utils/spdx/src/main/resources/licenserefs/**"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: >-
This directory contains all non-official SPDX license ids which are used to generate open source notices. SPDX and
ScanCode license files are licensed under CC0-1.0, see
https://github.com/spdx/license-list-XML/blob/master/package.json#L33 and
https://github.com/nexB/scancode-toolkit/blame/develop/README.rst#L168.
- path: "utils/spdx/src/main/resources/licenses/**"
concluded_license: "CC0-1.0"
reason: "DATA_OF"
comment: >-
This directory contains all official SPDX.org license ids which are used to generate open source notices. SPDX and
ScanCode license files are licensed under CC0-1.0, see
https://github.com/spdx/license-list-XML/blob/master/package.json#L33.
- path: "utils/spdx/src/test/kotlin/SpdxExpressionTest.kt"
concluded_license: "Apache-2.0"
reason: "CODE"
comment: >-
This file uses several variables named after licenses.