chore: fix osv license scan config and add license override (#4906)

* chore: fix osv license scan config and add license override Signed-off-by: Shahar Harari <[email protected]> * rename config file Signed-off-by: Shahar Harari <[email protected]> * comment out again Signed-off-by: Shahar Harari <[email protected]> --------- Signed-off-by: Shahar Harari <[email protected]>
envoyproxy · Dec 12, 2024 · 507ea5d · 507ea5d
1 parent 9b60a67
commit 507ea5d
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml
@@ -23,5 +23,5 @@ jobs:
         scan-args: |-
           --skip-git
           --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib
-          --config tools/osv-scanner/license-scan-config.yaml
+          --config tools/osv-scanner/license-scan-config.toml
           ./
diff --git a/tools/osv-scanner/license-scan-config.toml b/tools/osv-scanner/license-scan-config.toml
@@ -1,7 +1,8 @@
 # Ignore vulnerabilities on license scan
 [[PackageOverrides]]
 ecosystem = "Go"
-vulnerability.ignore = true
+# TODO uncomment once osv-scanner-action is updated to v1.9.1
+# vulnerability.ignore = true
 
 [[PackageOverrides]]
 name = "github.com/AdaLogics/go-fuzz-headers"
@@ -80,6 +81,13 @@ ecosystem = "Go"
 license.override = ["Apache-2.0"]
 reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/119 is resolved"
 
+[[PackageOverrides]]
+name = "golang.org/x/crypto"
+version = "0.31.0"
+ecosystem = "Go"
+license.override = ["BSD-3-Clause"]
+reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/120 is resolved"
+
 [[PackageOverrides]]
 name = "stdlib"
 ecosystem = "Go"