add results from LF license scanning

Signed-off-by: Xander Grzywinski <[email protected]>

process/project-lifecycle-documents/zarf_sandbox_stage.md

@@ -18,7 +18,38 @@ The project must be aligned with the OpenSSF mission and either be a novel appro
 
 ### IP policy and licensing due diligence
 When contributing an existing Project to the OpenSSF, the contribution must undergo license and IP due diligence by the Linux Foundation (LF).
-  * Not applicable - There has been no formal trademark filed by Defense Unicorns.
+
+LF License Intake Scan Report:
+
+LICENSE INTAKE SCAN & ANALYSIS: OpenSSF: Zarf
+DISTRIBUTION: Amanda Martin, #341
+
+This intake scan is a static analysis of the source code in your repository. A dependency scan was not performed. Once a project is added to LFX [https://security.lfx.linuxfoundation.org], you can use SNYK to view a dependency scan for both licenses and vulnerabilities.
+CODE SCANNED: [pulled 19–JUNE-2024]
+https://github.com/defenseunicorns/zarf
+
+PROJECT LICENSE: Apache-2.0
+
+Top level project license file found in repo
+SPDX LICENSE IDENTIFIERS: SPDX license identifiers were found in source file headers.
+
+PERMISSIVE LICENSES: Apache-2.0
+
+COPYLEFT LICENSES: None found
+
+SOURCE AVAILABLE LICENSES: None found
+
+PROPRIETARY LICENSES: None found
+
+LICENSE CONFLICTS: None found
+
+BINARY / PACKAGE FILES: None found
+
+THIRD PARTY CODE / DEPENDENCIES: None found
+
+THIRD PARTY NOTICE FILE: None found
+
+SUMMARY FINDINGS: All of the scanned code is under the project license, Apache-2.0. SPDX license identifiers were found in source file headers. No license conflicts found. No dependencies or third party code detected in repo.
 
 ### Project References
 The project should provide a list of existing resources with links to the repository, and if available, website, a roadmap, contributing guide, demos and walkthroughs, and any other material to showcase the existing breadth, maturity, and direction of the project.