-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failure to determine license and flag to explicitly deny unknown licenses #672
Comments
For the specific reproduction PR you gave, I wasn't able to reproduce the issue in a test repository with the same So it looks like that part may have been a transient issue on our end. On the topic of adding a fail-on-unknown-license option - I'll keep this issue open for tracking that. |
#714 also suggests the value of failing on unknown. |
The example we have run into is with this github action, Docker Scout. Clearly not an SPDX license type, so I am not saying that I would expect a different result from the dependency review action, but the ability to (a) fail when unknown and (b) possibly allow for this specific dependency to pass once the team determines it is OK to include would be nice. |
@jonjanego would you accept a community PR to address this? |
@sreya we'd definitely take a look at it! |
👋 This issue has been marked as stale because it has been open with no activity for 180 days. You can: comment on the issue or remove the stale label to hold stalebot off for a while, add the |
@jonjanego is this going to be added? |
at the moment we do not have bandwidth to add this new feature, but would love to review any community contributions to it! |
I think a flag to explicitly deny unknown licenses is still warranted.
The following run fails to be able to detect the license of anstyle:
https://github.com/wmmc88/windows-drivers-rs/actions/runs/7632001216/job/20791223328?pr=18
I am unsure why this is the case since the license is available here.
In any case, I still think there should be a way to fail the job if unknown license is encountered. There are situations where you wont catch this in PR comments (ex. if triggered on push, or if triggered on PR from a fork)
Originally posted by @wmmc88 in #264 (comment)
The text was updated successfully, but these errors were encountered: