-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.ort.yml
189 lines (189 loc) · 10.7 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# Curation for OSS OCaaS findings. For reference, see : https://github.com/oss-review-toolkit/ort/blob/main/docs/config-file-ort-yml.md
analyzer:
skip_excluded: true
excludes:
paths:
- pattern: "src/rust/kanto-auto-deployer/container-management/**"
reason: "BUILD_TOOL_OF"
comment: "Container management protobuffers are only used during build time and are licensed under Apache-2.0. No other parts of Container-Management are used"
- pattern: "src/rust/kanto-tui/container-management/**"
reason: "BUILD_TOOL_OF"
comment: "Container management protobuffers are only used during build time and are licensed under Apache-2.0. No other parts of Container-Management are used"
- pattern: ".devcontainer/**"
reason: "BUILD_TOOL_OF"
comment: "Dev container scripts are only used during development inside codespaces/vs code devcontainers. All Leda-utils provided scripts are licensed explicitly under Apache-2.0."
package_configurations:
- id: "Crate::rand_core:0.6.4"
source_artifact_url: "https://crates.io/api/v1/crates/rand_core/0.6.4/download"
license_finding_curations:
- path: "rand_core-0.6.4/LICENSE-APACHE"
start_lines: "7"
line_count: 181
detected_license: "ImageMagick"
concluded_license: "MIT OR Apache-2.0"
reason: INCORRECT
comment: "The rand_core crate is dual licensed under Apache-2.0 or MIT"
- id: "Crate::windows:0.48.0"
source_artifact_url: "https://crates.io/api/v1/crates/windows-sys/0.42.0/download"
path_excludes:
- pattern: "**/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "The distribution target architectures do not include windows and the crate is dual-licensed under Apache-2.0 or MIT"
license_finding_curations:
- path: "windows-0.48.0/src/Windows/Win32/UI/Shell/mod.rs"
start_lines: "53991"
line_count: 1
detected_license: "Noweb"
concluded_license: "MIT OR Apache-2.0"
reason: INCORRECT
comment: "License of windows crate is Apache-2.0 OR MIT and target architectures do not include windows."
curations:
license_findings:
- path: "src/rust/kanto-tui/src/main.rs"
detected_license: "GPL-2.0-only"
reason: "INCORRECT"
comment: "Kantui and all of its sources are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/rust/kanto-tui/src/kanto_api.rs"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "Kantui and all of its sources are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/sh/sdv-device-info"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "Leda shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/sh/sdv-kanto-ctl"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "Leda shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/sh/sdv-health"
detected_license: "GPL-2.0-only"
reason: "INCORRECT"
comment: "Leda shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/tests/sdv-ctr-exec-tests.bats"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "BATS tests for Leda Shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/tests/sdv-device-info-tests.bats"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "BATS tests for Leda Shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/tests/sdv-help-tests.bats"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "BATS tests for Leda Shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/tests/sdv-kanto-ctl-tests.bats"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "BATS tests for Leda Shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: "src/tests/sdv-provision-tests.bats"
detected_license: "LicenseRef-scancode-biosl-4.0"
reason: "INCORRECT"
comment: "BATS tests for Leda Shell utilities are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- path: ".devcontainer/post-start.sh"
detected_license: "GPL-2.0-only"
reason: "INCORRECT"
comment: "Dev container scripts are only used during development inside codespaces/vs code devcontainers. All Leda-utils provided scripts are licensed explicitly under Apache-2.0."
concluded_license: "Apache-2.0"
packages:
- id: "Crate::prost-build:0.10.4"
curations:
comment: "Licenses were scanned manually in source and effective licenses are concluded. GPL-3.0-or-later WITH Autoconf-exception-2.0 applies only to ax_pthread.m4 which is a thid-party build dependency of prost-build."
concluded_license: "Apache-2.0"
- id: "Crate::bytes:1.4.0"
curations:
comment: "Wrong detection of README file which is not included in final build."
concluded_license: "Apache-2.0"
- id: "Crate::windows_aarch64_msvc:0.42.2"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::windows_i686_msvc:0.42.2"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::windows_x86_64_msvc:0.42.2"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::windows_x86_64_msvc:0.48.0"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::windows_aarch64_msvc:0.48.0"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::windows_i686_msvc:0.48.0"
curations:
comment: "Wrong detection of license. Windows targets crate is licensed under MIT or Apache-2.0. https://crates.io/crates/windows-targets Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "Apache-2.0"
- id: "Crate::enclose:1.1.8"
curations:
comment: "Wrong detection of license header."
concluded_license: "Apache-2.0"
- id: "Crate::tokio:1.27.0"
curations:
comment: "Wrong detection of README file which is not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::tokio-macros:2.0.0"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::async-stream:0.3.5"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::tower:0.4.13"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::async-stream:0.3.4"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::axum:0.5.17"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::tokio-util:0.7.7"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::tracing-attributes:0.1.23"
curations:
comment: "Wrong detection of README and LICENSE files which are not included in final build anyway."
concluded_license: "MIT"
- id: "Crate::windows:0.48.0"
curations:
comment: "Wrong detection of README, LICENSE files. Improper detection of of variables/traits/functions as License names. Windows crate is licensed under MIT or Apache-2.0. Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "MIT OR Apache-2.0"
- id: "Crate::windows:0.48.0"
curations:
comment: "Wrong detection of README, LICENSE files. Improper detection of of variables/traits/functions as License names. Windows crate is licensed under MIT or Apache-2.0. Additionally kantui/KAD do not target and do not compile for Windows-based systems."
concluded_license: "MIT OR Apache-2.0"
- id: "Cargo::kantui:0.3.0"
curations:
comment: "Kantui and all of its sources are explicitly licensed under Apache-2.0 with appropriate SPDX identifiers"
concluded_license: "Apache-2.0"
- id: "Crate::ryu:1.0.13"
curations:
comment: "Ryu is dual-licensed under Apache-2.0 and BSL-1.0. Direct C-to-Rust translated files are licensed under Apache 2.0"
concluded_license: "Apache-2.0"
license_choices:
repository_license_choices:
- given: "GPL-2.0-or-later OR MIT"
choice: "MIT"
- given: "MIT OR GPL-2.0-only"
choice: "MIT"
- given: "Apache-2.0 OR BSL-1.0"
choice: "Apache-2.0"