Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failure to determine license and flag to explicitly deny unknown licenses #672

Open
wmmc88 opened this issue Jan 26, 2024 · 8 comments
Open
Labels
enhancement New feature or request

Comments

@wmmc88
Copy link

wmmc88 commented Jan 26, 2024

I think a flag to explicitly deny unknown licenses is still warranted.

The following run fails to be able to detect the license of anstyle:
https://github.com/wmmc88/windows-drivers-rs/actions/runs/7632001216/job/20791223328?pr=18

I am unsure why this is the case since the license is available here.

In any case, I still think there should be a way to fail the job if unknown license is encountered. There are situations where you wont catch this in PR comments (ex. if triggered on push, or if triggered on PR from a fork)

Originally posted by @wmmc88 in #264 (comment)

@wmmc88 wmmc88 changed the title I think a flag to explicitly deny unknown licenses is still warranted. Failure to determine license and flag to explicitly deny unknown licenses Jan 26, 2024
@jonjanego jonjanego added enhancement New feature or request bug Something isn't working and removed enhancement New feature or request labels Jan 29, 2024
@mrysav
Copy link

mrysav commented Feb 23, 2024

For the specific reproduction PR you gave, I wasn't able to reproduce the issue in a test repository with the same Cargo.lock file. The license also appears correct in the "view rich diff"/dependency review feature of the pull request itself.

Image

So it looks like that part may have been a transient issue on our end.

On the topic of adding a fail-on-unknown-license option - I'll keep this issue open for tracking that.

@mrysav mrysav added the enhancement New feature or request label Feb 23, 2024
@jonjanego jonjanego removed the bug Something isn't working label Feb 26, 2024
@jonjanego
Copy link
Collaborator

#714 also suggests the value of failing on unknown.

@mbrundige
Copy link

The example we have run into is with this github action, Docker Scout.

Clearly not an SPDX license type, so I am not saying that I would expect a different result from the dependency review action, but the ability to (a) fail when unknown and (b) possibly allow for this specific dependency to pass once the team determines it is OK to include would be nice.

@sreya
Copy link

sreya commented Apr 17, 2024

@jonjanego would you accept a community PR to address this?

@jonjanego
Copy link
Collaborator

@sreya we'd definitely take a look at it!

Copy link

👋 This issue has been marked as stale because it has been open with no activity for 180 days. You can: comment on the issue or remove the stale label to hold stalebot off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions bot added the Stale label Oct 15, 2024
@wmmc88
Copy link
Author

wmmc88 commented Oct 15, 2024

@jonjanego is this going to be added?

@jonjanego
Copy link
Collaborator

@jonjanego is this going to be added?

at the moment we do not have bandwidth to add this new feature, but would love to review any community contributions to it!

@github-actions github-actions bot removed the Stale label Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

5 participants