10
README.md
10
README.md
@@ -108,7 +108,7 @@ fail-on-scopes:
|
||||
|
||||
Only allow the licenses that comply with the expressions in this list. See "[Licenses](https://github.com/actions/dependency-review-action#licenses)".
|
||||
|
||||
**Possible values**: Any valid [spdx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60).
|
||||
**Possible values**: A list of of [SPDX-compliant license identifiers](https://spdx.org/licenses/).
|
||||
|
||||
**Inline example**: `allow-licenses: BSD-3-Clause, LGPL-2.1 OR MIT OR BSD-3-Clause`
|
||||
|
||||
@@ -117,7 +117,9 @@ Only allow the licenses that comply with the expressions in this list. See "[Lic
|
||||
```yaml
|
||||
allow-licenses:
|
||||
- BSD-3-Clause
|
||||
- LGPL-2.1 OR MIT OR BSD-3-Clause
|
||||
- LGPL-2.1
|
||||
- MIT
|
||||
- BSD-3-Clause
|
||||
```
|
||||
|
||||
### deny-licenses
|
||||
@@ -125,7 +127,7 @@ allow-licenses:
|
||||
Add a custom list of licenses you want to block. See
|
||||
"[Licenses](https://github.com/actions/dependency-review-action#licenses)".
|
||||
|
||||
**Possible values**: Any valid [sodx license expression](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60).
|
||||
**Possible values**: Any valid set of [SPDX licenses](https://spdx.org/licenses/).
|
||||
|
||||
**Inline example**: `deny-licenses: LGPL-2.0, GPL-2.0+ WITH Bison-exception-2.2`
|
||||
|
||||
@@ -257,7 +259,7 @@ forbid a subset of licenses. These options are not supported on Enterprise Serve
|
||||
|
||||
You can use the [Licenses
|
||||
API](https://docs.github.com/en/rest/licenses) to see the full list of
|
||||
supported licenses. Use [spdx license expressions](https://spdx.dev/spdx-specification-21-web-version/#h.jxpfx0ykyb60)
|
||||
supported licenses. Use [SPDX licenses](https://spdx.org/licenses/)
|
||||
to filter the licenses. A couple of examples:
|
||||
|
||||
```yaml
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
import * as core from '@actions/core'
|
||||
import spdxSatisfies from 'spdx-satisfies'
|
||||
import {Octokit} from 'octokit'
|
||||
|
||||
import {Change, Changes} from './schemas'
|
||||
import {isSPDXValid} from './utils'
|
||||
|
||||
|
||||
@@ -129,7 +129,7 @@ function printLicensesBlock(
|
||||
}
|
||||
if (invalidLicenseChanges.unresolved.length > 0) {
|
||||
core.warning(
|
||||
'\nThe validity of the licenses of the dependecies below could not be determine. Ensure that they are valid spdx licenses:'
|
||||
'\nThe validity of the licenses of the dependencies below could not be determined. Ensure that they are valid SPDX licenses:'
|
||||
)
|
||||
printLicensesError(invalidLicenseChanges.unresolved)
|
||||
core.setFailed(
|
||||
|
||||
@@ -12,7 +12,7 @@ export function addSummaryToSummary(
|
||||
.addRaw('We found:')
|
||||
.addList([
|
||||
`${addedPackages.length} vulnerable package(s)`,
|
||||
`${invalidLicenseChanges.unresolved.length} package(s) with unprocessable licenses`,
|
||||
`${invalidLicenseChanges.unresolved.length} package(s) with invalid SPDX license definitions`,
|
||||
`${invalidLicenseChanges.forbidden.length} package(s) with incompatible licenses`,
|
||||
`${invalidLicenseChanges.unlicensed.length} package(s) with unknown licenses.`
|
||||
])
|
||||
@@ -114,7 +114,7 @@ export function addLicensesToSummary(
|
||||
)
|
||||
printLicenseViolation('Unknown Licenses', invalidLicenseChanges.unlicensed)
|
||||
printLicenseViolation(
|
||||
'Unvalidated Licenses',
|
||||
'Invalid SPDX License Definitions',
|
||||
invalidLicenseChanges.unresolved
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user