From 507ea5df8fa9cddb56ba0b38da226e3e5ad046ea Mon Sep 17 00:00:00 2001 From: shahar-h Date: Thu, 12 Dec 2024 15:50:50 +0200 Subject: [PATCH] chore: fix osv license scan config and add license override (#4906) * chore: fix osv license scan config and add license override Signed-off-by: Shahar Harari * rename config file Signed-off-by: Shahar Harari * comment out again Signed-off-by: Shahar Harari --------- Signed-off-by: Shahar Harari --- .github/workflows/license-scan.yml | 2 +- tools/osv-scanner/license-scan-config.toml | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml index 834515bbeb0..c6dea873862 100644 --- a/.github/workflows/license-scan.yml +++ b/.github/workflows/license-scan.yml @@ -23,5 +23,5 @@ jobs: scan-args: |- --skip-git --experimental-licenses=Apache-2.0,BSD-2-Clause,BSD-2-Clause-FreeBSD,BSD-3-Clause,MIT,ISC,Python-2.0,PostgreSQL,X11,Zlib - --config tools/osv-scanner/license-scan-config.yaml + --config tools/osv-scanner/license-scan-config.toml ./ diff --git a/tools/osv-scanner/license-scan-config.toml b/tools/osv-scanner/license-scan-config.toml index 79a579ff7f8..3b96c10fe7e 100644 --- a/tools/osv-scanner/license-scan-config.toml +++ b/tools/osv-scanner/license-scan-config.toml @@ -1,7 +1,8 @@ # Ignore vulnerabilities on license scan [[PackageOverrides]] ecosystem = "Go" -vulnerability.ignore = true +# TODO uncomment once osv-scanner-action is updated to v1.9.1 +# vulnerability.ignore = true [[PackageOverrides]] name = "github.com/AdaLogics/go-fuzz-headers" @@ -80,6 +81,13 @@ ecosystem = "Go" license.override = ["Apache-2.0"] reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/119 is resolved" +[[PackageOverrides]] +name = "golang.org/x/crypto" +version = "0.31.0" +ecosystem = "Go" +license.override = ["BSD-3-Clause"] +reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/120 is resolved" + [[PackageOverrides]] name = "stdlib" ecosystem = "Go"