forked from envoyproxy/gateway
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
125 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -42,7 +42,6 @@ jobs: | |
scan-args: |- | ||
--skip-git | ||
--recursive | ||
--config=tools/osv-scanner/config.toml | ||
--no-call-analysis=go | ||
./ | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
[[IgnoredVulns]] | ||
id = "GO-2022-0646" | ||
reason = "No a real issue, just a warning about third party package." | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/AdaLogics/go-fuzz-headers" | ||
version = "0.0.0-20230811130428-ced1acdcaa24" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "Unknown license since package version is missing in pkg.go.dev" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/asaskevich/govalidator" | ||
version = "0.0.0-20230301143203-a9d515a09cc2" | ||
ecosystem = "Go" | ||
license.override = ["MIT"] | ||
reason = "Unknown license, remove once https://github.com/google/deps.dev/issues/87 is resolved" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/containers/storage" | ||
version = "1.55.0" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "Unknown license, remove once https://github.com/google/deps.dev/issues/104 is resolved" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/distribution/distribution/v3" | ||
version = "3.0.0-beta.1" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "Unknown license, remove once https://github.com/google/deps.dev/issues/105 is resolved" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/docker/go-metrics" | ||
version = "0.0.1" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has dual license - the code is licensed under the Apache 2.0 license and the docs under CC-BY-SA-4.0 license" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/go-sql-driver/mysql" | ||
version = "1.8.1" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/hashicorp/errwrap" | ||
version = "1.1.0" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/hashicorp/go-cleanhttp" | ||
version = "0.5.2" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/hashicorp/go-multierror" | ||
version = "1.1.1" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/hashicorp/go-version" | ||
version = "1.7.0" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/hashicorp/hcl" | ||
version = "1.0.0" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/moby/patternmatcher" | ||
version = "0.6.0" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "Unknown license, remove once https://github.com/google/deps.dev/issues/106 is resolved" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/opencontainers/go-digest" | ||
version = "1.0.0" | ||
ecosystem = "Go" | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has dual license - the code is licensed under the Apache 2.0 license and the docs under CC-BY-SA-4.0 license" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/shoenig/go-m1cpu" | ||
version = "0.1.6" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/cncf-exceptions-2023-08-31.spdx" | ||
|
||
[[PackageOverrides]] | ||
name = "stdlib" | ||
ecosystem = "Go" | ||
license.override = ["BSD-3-Clause"] | ||
reason = "Unknown license, remove once https://github.com/google/deps.dev/issues/86 is resolved" | ||
|
||
[[PackageOverrides]] | ||
name = "github.com/grafana/tempo" | ||
version = "1.5.0" | ||
ecosystem = "Go" | ||
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from licnese scanning instead | ||
license.override = ["Apache-2.0"] | ||
reason = "This package is only used in e2e tests so we can ignore its license" |
This file was deleted.
Oops, something went wrong.