-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.ort.yml
226 lines (203 loc) · 13.9 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
---
analyzer:
package_managers:
NPM:
options:
legacyPeerDeps: true
excludes:
paths:
- pattern: "Plugin-FS/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Plugin-JMS/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Weblogic/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Wildfly/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Core/Domibus-MSH-swagger/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Core/Domibus-MSH-distribution/**"
reason: "OPTIONAL_COMPONENT_OF"
comment: "Not included in distributed build artifacts."
- pattern: "Domibus-DSS/domibus-dss-test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "Core/Domibus-MSH-selenium-ui-tests/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "Core/Domibus-MSH-soapui-tests/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "Core/Domibus-MSH-test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: "Plugin-WS/Domibus-default-ws-plugin-backend-ws-test/**"
reason: "TEST_OF"
comment: "This directory contains tests."
- pattern: ".ort.yml"
reason: "DOCUMENTATION_OF"
comment: "This directory contains ort exclusions et al."
scopes:
- pattern: "checkstyle"
reason: "BUILD_DEPENDENCY_OF"
comment: "Packages for code styling checks (testing) only."
- pattern: "devDependencies"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "jacocoAgent"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for code coverage (testing) only."
- pattern: "jacocoAnt"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for code coverage (testing) only."
- pattern: "test.*"
reason: "TEST_DEPENDENCY_OF"
comment: "Packages for testing only."
- pattern: "annotationProcessor"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "compileClasspath"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
- pattern: "compileOnly"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
resolutions:
rule_violations:
- message: ".*EUPL-1.2.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "EUPL-1.2 is the main license of the project and therefore will not be an issue."
- message: ".*EUPL-1.1.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "EUPL-1.2 is the main license of the project and EUPL-1.1 is upward compatible and therefore not an issue."
- message: ".*GPL-2.0-only WITH Universal-FOSS-exception-1.0.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "GPL-2.0-only with Universal FOSS Exception 1.0 is acceptable. The exception allows for compatible linking with other FOSS projects."
- message: ".*GPL-2.0-only WITH LicenseRef-scancode-mysql-linking-exception-2018.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "GPL-2.0-only with LicenseRef-scancode-mysql-linking-exception-2018. The exception allows for compatible linking with other FOSS projects."
- message: "proprietary-free license LicenseRef-scancode-sun-prop-non-commercial in Maven:javax:javaee-api:7.0."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "Later version of the exact same files are licensed under CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0. This information is from version 8.0.1. of the same package."
- message: "proprietary-free license LicenseRef-IBM-US-Government-Restriction in Maven:javax:javaee-api:7.0."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "Later version of the exact same files are licensed under CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0. This information is from version 8.0.1. of the same package."
- message: "property:non-commercial license LicenseRef-scancode-sun-prop-non-commercial in Maven:javax:javaee-api:7.0."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "Later version of the exact same files are licensed under CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0. This information is from version 8.0.1. of the same package."
- message: "copyleft-strong license GPL-2.0-or-later in Maven:org.hibernate.orm:hibernate-core:6.4.4.Final."
reason: "CANT_FIX_EXCEPTION"
comment: "The package does not include any GPL-2.0-or-later licensed code. The hit is false."
- message: ".*LicenseRef-scancode-ecma-documentation.*"
reason: "NOT_MODIFIED_EXCEPTION"
comment: "The LicenseRef-scancode-ecma-documentation license allows redistributing without modifications. As long as the files licensed with said license is redistributed without modifications, the violation is acceptable."
- message: ".*LicenseRef-scancode-ms-specification.*"
reason: "NOT_MODIFIED_EXCEPTION"
comment: "The LicenseRef-scancode-ecma-documentation license allows redistributing without modifications. As long as the files licensed with said license is redistributed without modifications, the violation is acceptable."
- message: ".*LicenseRef-scancode-jsr-107-jcache-spec.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "A specification license."
- message: ".*LicenseRef-scancode-sun-jsr-spec-04-2006.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "A specification license."
- message: ".*LicenseRef-scancode-sun-sdk-spec-1.1.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "A specification license."
- message: "commercial license LicenseRef-scancode-proprietary-license in Maven:javax.xml.bind:jaxb-api:2.3.1."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "This is a specification license from Bea Systems, Inc., a company later acquired by Oracle."
- message: "copyleft-strong license CC-BY-SA-3.0 in Maven:org.freemarker:freemarker:2.3.32."
reason: "CANT_FIX_EXCEPTION"
comment: "License is in a license information file. The license defines that fonts used in documentation are under the concluded license and therefore is not an issue."
- message: "proprietary-free license LicenseRef-scancode-iptc-2006 in Maven:org.apache.tika:tika-core:2.7.0."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "A specification license."
- message: "proprietary-free license LicenseRef-scancode-efsl-1.0 in Maven:com.sun.mail:jakarta.mail:1.6.7."
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "A specification license."
- message: "proprietary-free license LicenseRef-doubleopen-jsr-356-websocket-spec in Maven:org.apache.cxf:.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "The Java API for Websocket (JSR-356) Specification is under a limited license from Oracle - as these files are not modified the implementation should satisfy the requirements for a compliant implementation. Therefore the license conditions are satisfied."
- message: "copyleft-strong license GPL-2.0-only in Maven:jakarta.xml.bind:jakarta.xml.bind-api:2.*"
reason: "CANT_FIX_EXCEPTION"
comment: "The license choice functionality doesn't fully work, and this is an OR license which is not applied."
- message: "copyleft-LGPL license LGPL-2.1-or-later in Maven:org.niis:harmony-api:2.4.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "As the NIIS application is open source, LGPL-licenses are complied with."
- message: "copyleft-LGPL license LGPL-2.1-or-later in Maven:org.niis:harmony-MSH:2.4.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "As the NIIS application is open source, LGPL-licenses are complied with."
- message: "free-restricted license LicenseRef-scancode-hazelcast-community-1.0 in Maven:com.hazelcast:hazelcast.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "As the NIIS application doesn't compete with Hazelcast offering, the license conditions are satisfied."
- message: "commercial license LicenseRef-scancode-proprietary-license in Maven:org.apache.commons:commons-compress:1.26.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "This PKWare technology is not in use, therefore license is sufficient."
- message: "ccommercial license LicenseRef-scancode-commercial-license in Maven:org.glassfish:javax.el:3.0.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "This fonts licensed under this license are not in use, therefore the license is complied with."
- message: ".*license LicenseRef-scancode-sun-prop-non-commercial in Maven:org.apache.geronimo.specs:geronimo.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "These refer to such older versions schema files contained in the source distribution which are not used and distributed, therefore the license is complied with."
- message: "commercial license LicenseRef-scancode-commercial-license in Maven:org.glassfish:javax.el:3.0.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "These fonts licensed under this license are not in use, therefore the license is complied with."
- message: "commercial license LicenseRef-scancode-proprietary-license in Maven:com.sun.xml.ws:policy:2.7.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "These refer to hits of OASIS-files under an unspecified license, but which are not in use, therefore the license is complied with."
- message: "source-available license Elastic-2.0 in Maven:com.hazelcast:hazelcast.*"
reason: "LICENSE_ACQUIRED_EXCEPTION"
comment: "This refers to extensions or connectors towards Elastic search and these are not used, therefore the license is complied with."
curations:
license_findings:
- path: "Core/Domibus-MSH-angular/package-lock.json"
concluded_license: "MIT"
reason: "INCORRECT"
comment: "Corrected scanner finding."
- path: "Core/Domibus-MSH/src/main/resources/config/infinispan/domibus-infinispan-default.xml"
concluded_license: "LGPL-2.1-or-later"
reason: "INCORRECT"
comment: "Corrected scanner finding."
- path: "third-party/mysql-connector-licensing"
concluded_license: "GPL-2.0-only WITH LicenseRef-scancode-mysql-linking-exception-2018 AND GPL-2.0-only WITH Universal-FOSS-exception-1.0 AND (LGPL-2.1-only OR EPL-1.0) AND LicenseRef-scancode-protobuf AND BSD-3-Clause AND EPL-2.0 AND Apache-2.0 AND MIT AND Unicode-DFS-2015"
reason: "INCORRECT"
comment: "Corrected scanner finding."
- path: "pom.xml"
concluded_license: "NONE"
reason: "INCORRECT"
comment: "Corrected scanner finding."
license_choices:
repository_license_choices:
- given: "CDDL-1.0 OR GPL-2.0-only"
choice: "CDDL-1.0"
- given: "BSD-3-Clause AND Apache-2.0 AND W3C AND LicenseRef-scancode-public-domain AND MIT AND SAX-PD AND EPL-1.0 AND (Apache-2.0 OR Apache-1.1 OR BSD-3-Clause OR LicenseRef-scancode-public-domain OR LicenseRef-scancode-indiana-extreme) AND (MIT OR GPL-1.0-or-later)"
choice: "BSD-3-Clause AND Apache-2.0 AND W3C AND LicenseRef-scancode-public-domain AND MIT AND SAX-PD AND EPL-1.0 AND LicenseRef-scancode-public-domain AND MIT"
- given: "(EPL-2.0 OR Apache-2.0) AND GPL-2.0-only WITH Classpath-exception-2.0"
choice: "Apache-2.0 AND GPL-2.0-only WITH Classpath-exception-2.0"
- given: "(EPL-2.0 OR Apache-2.0) AND EPL-2.0 AND Apache-2.0 AND CDDL-1.0 AND (CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0) AND BSD-3-Clause"
choice: "Apache-2.0 AND EPL-2.0 AND Apache-2.0 AND CDDL-1.0 AND CDDL-1.1 AND BSD-3-Clause"
- given: "EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0"
choice: "EPL-2.0"
- given: "NPL-1.1 OR GPL-2.0-or-later"
choice: "NPL-1.1"
- given: "(MIT OR GPL-2.0-or-later) AND (MIT OR BSD-3-Clause AND GPL-2.0-or-later)"
choice: "MIT AND MIT"
- given: "(MIT OR GPL-2.0-only) AND BSD-3-Clause"
choice: "MIT AND BSD-3-Clause"
- given: "MIT OR GPL-2.0-only"
choice: "MIT"
- given: "(EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only WITH Classpath-exception-2.0) AND Apache-2.0 AND W3C AND LicenseRef-scancode-public-domain AND OFL-1.1 AND MIT AND (GPL-2.0-only OR GPL-2.0-only WITH Classpath-exception-2.0) AND EPL-2.0"
choice: BSD-3-Clause AND Apache-2.0 AND W3C AND LicenseRef-scancode-public-domain AND OFL-1.1 AND MIT AND GPL-2.0-only WITH Classpath-exception-2.0 AND EPL-2.0
- given: "BSD-3-Clause AND LicenseRef-scancode-public-domain AND Apache-2.0 AND MIT AND Plexus AND EPL-2.0 AND SAX-PD AND (MIT OR GPL-1.0-or-later)"
choice: "BSD-3-Clause AND LicenseRef-scancode-public-domain AND Apache-2.0 AND MIT AND Plexus AND EPL-2.0 AND SAX-PD AND MIT"
- given: "Apache-2.0 AND (MIT OR AFL-2.1) AND BSD-3-Clause AND CC-BY-2.5 AND CDDL-1.0 AND LicenseRef-scancode-jdom AND LicenseRef-scancode-mx4j AND Apache-1.1 AND LicenseRef-scancode-public-domain"
choice: "Apache-2.0 AND MIT AND BSD-3-Clause AND CC-BY-2.5 AND CDDL-1.0 AND LicenseRef-scancode-jdom AND LicenseRef-scancode-mx4j AND Apache-1.1 AND LicenseRef-scancode-public-domain"
- given: "GPL-2.0-only WITH LicenseRef-scancode-mysql-linking-exception-2018 AND GPL-2.0-only WITH Universal-FOSS-exception-1.0 AND (LGPL-2.1-only OR EPL-1.0) AND LicenseRef-scancode-protobuf AND BSD-3-Clause AND EPL-2.0 AND Apache-2.0 AND MIT AND Unicode-DFS-2015"
choice: "GPL-2.0-only WITH LicenseRef-scancode-mysql-linking-exception-2018 AND GPL-2.0-only WITH Universal-FOSS-exception-1.0 AND EPL-1.0 AND LicenseRef-scancode-protobuf AND BSD-3-Clause AND EPL-2.0 AND Apache-2.0 AND MIT AND Unicode-DFS-2015"
- given: "BSD-3-Clause AND Apache-2.0 AND (GPL-2.0-only OR GPL-2.0-only WITH Classpath-exception-2.0) AND MIT"
choice: "BSD-3-Clause AND Apache-2.0 AND GPL-2.0-only WITH Classpath-exception-2.0 AND MIT"