-
Notifications
You must be signed in to change notification settings - Fork 3
/
.ort.yml
104 lines (84 loc) · 4.75 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
---
excludes:
paths:
- pattern: "3RD-PARTY-NOTICES.txt"
reason: "OTHER"
comment: "File including 3rd party license notices."
- pattern: "doc/**"
reason: "DOCUMENTATION_OF"
comment: "This directory contains documentation that's not distributed."
- pattern: "gradle/**"
reason: "BUILD_TOOL_OF"
comment: "This directory contains Gradle build tool."
- pattern: "img/**"
reason: "DOCUMENTATION_OF"
comment: "This directory contains documentation images that are not distributed."
- pattern: "xroad-catalog-collector/packages/**"
reason: "BUILD_TOOL_OF"
comment: "This directory contains packaging scripts."
- pattern: "xroad-catalog-collector/src/test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "xroad-catalog-lister/img/**"
reason: "DOCUMENTATION_OF"
comment: "This directory contains documentation images that are not distributed."
- pattern: "xroad-catalog-lister/packages/**"
reason: "BUILD_TOOL_OF"
comment: "This directory contains packaging scripts."
- pattern: "xroad-catalog-lister/src/test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "xroad-catalog-persistence/src/test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "xroad-catalog-persistence/img/**"
reason: "DOCUMENTATION_OF"
comment: "This directory contains documentation images that are not distributed."
scopes:
- pattern: "checkstyle"
reason: "BUILD_DEPENDENCY_OF"
comment: "Packages for code styling checks (testing) only."
- pattern: "devDependencies"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "jacocoAgent"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for code coverage (testing) only."
- pattern: "jacocoAnt"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for code coverage (testing) only."
- pattern: "test.*"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for testing only."
- pattern: "annotationProcessor"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "compileClasspath"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "compileOnly"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "provided"
reason: "RUNTIME_DEPENDENCY_OF"
comment: "Packages that are provided by the runtime."
resolutions:
rule_violations:
- message: "free-restricted license LicenseRef-scancode-ecma-documentation in Maven:org.apache.cxf:.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The specification files meant by this license hit are not modified and thus are used in accordance with the license."
- message: "proprietary-free license LicenseRef-scancode-efsl-1.0 in Maven:jakarta.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The specification files meant by this license hit are not modified and thus are used in accordance with the license."
- message: "The declared license 'The BSD License' could not be mapped to a valid license or parsed as an SPDX expression. The license was found in package Maven:org.codehaus.woodstox:stax2-api:4.2.1."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The declared license is not conflicting, and the actual license has been checked from the package."
- message: "proprietary-free license LicenseRef-scancode-sun-prop-non-commercial in Maven:com.sun.xml.bind:jaxb-xjc:2.1.7."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The finding is to a file which is found in later files with CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0, of which CDDL-1.0 is chosen. While web hits can no longer confirm this for this exact version, earlier analysis did confirm this with web hits."
- message: "property:non-commercial license LicenseRef-scancode-sun-prop-non-commercial in Maven:com.sun.xml.bind:jaxb-xjc:2.1.7."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The finding is to a file which is found in later files with CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0, of which CDDL-1.0 is chosen. While web hits can no longer confirm this for this exact version, earlier analysis did confirm this with web hits."
- message: "commercial license LicenseRef-scancode-proprietary-license in Maven:javax.xml.bind:jaxb-api:2.1."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The finding is to a file which is found in later files with CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, of which CDDL-1.1 is chosen. While web hits can no longer confirm this for this exact version, earlier analysis did confirm this with web hits. The latest version contains many of the same files with BSD-3-Clause."