Skip to content

Commit

Permalink
ci: cleanup osv-scanner config (envoyproxy#4579)
Browse files Browse the repository at this point in the history
Signed-off-by: Shahar Harari <[email protected]>
(cherry picked from commit 1a275b9)
Signed-off-by: Huabing Zhao <[email protected]>
  • Loading branch information
shahar-h authored and zhaohuabing committed Nov 6, 2024
1 parent 0784f1c commit 6e95d8d
Showing 1 changed file with 5 additions and 28 deletions.
33 changes: 5 additions & 28 deletions osv-scanner.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,3 @@
[[IgnoredVulns]]
id = "GO-2022-0646"
reason = "No a real issue, just a warning about third party package."

[[PackageOverrides]]
name = "github.com/AdaLogics/go-fuzz-headers"
version = "0.0.0-20230811130428-ced1acdcaa24"
Expand All @@ -16,13 +12,6 @@ ecosystem = "Go"
license.override = ["MIT"]
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/87 is resolved"

[[PackageOverrides]]
name = "github.com/containers/storage"
version = "1.55.0"
ecosystem = "Go"
license.override = ["Apache-2.0"]
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/104 is resolved"

[[PackageOverrides]]
name = "github.com/distribution/distribution/v3"
version = "3.0.0-beta.1"
Expand All @@ -41,32 +30,28 @@ reason = "This package has dual license - the code is licensed under the Apache
name = "github.com/go-sql-driver/mysql"
version = "1.8.1"
ecosystem = "Go"
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
license.override = ["Apache-2.0"]
license.ignore = true
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"

[[PackageOverrides]]
name = "github.com/hashicorp/errwrap"
version = "1.1.0"
ecosystem = "Go"
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
license.override = ["Apache-2.0"]
license.ignore = true
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"

[[PackageOverrides]]
name = "github.com/hashicorp/go-multierror"
version = "1.1.1"
ecosystem = "Go"
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
license.override = ["Apache-2.0"]
license.ignore = true
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"

[[PackageOverrides]]
name = "github.com/hashicorp/hcl"
version = "1.0.0"
ecosystem = "Go"
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
license.override = ["Apache-2.0"]
license.ignore = true
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"

[[PackageOverrides]]
Expand All @@ -80,19 +65,11 @@ reason = "This package has dual license - the code is licensed under the Apache
name = "github.com/shoenig/go-m1cpu"
version = "0.1.6"
ecosystem = "Go"
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
license.override = ["Apache-2.0"]
license.ignore = true
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/cncf-exceptions-2023-08-31.spdx"

[[PackageOverrides]]
name = "stdlib"
ecosystem = "Go"
license.override = ["BSD-3-Clause"]
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/86 is resolved"

[[PackageOverrides]]
name = "sigs.k8s.io/json"
version = "0.0.0-20221116044647-bc3834ca7abd"
ecosystem = "Go"
license.override = ["Apache-2.0"]
reason = "https://github.com/kubernetes-sigs/json/blob/main/LICENSE"

0 comments on commit 6e95d8d

Please sign in to comment.