-
Notifications
You must be signed in to change notification settings - Fork 3
/
.ort.yml
62 lines (61 loc) · 2.36 KB
/
.ort.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Copyright (c) 2023-2024 Contributors to the Eclipse Foundation
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
---
excludes:
scopes:
- pattern: "devDependencies"
reason: "DEV_DEPENDENCY_OF"
comment: "Packages for development only."
package_configurations:
- id: "NPM::typescript:4.8.3"
source_artifact_url: "https://registry.npmjs.org/typescript/-/typescript-4.8.3.tgz"
license_finding_curations:
- path: "package/ThirdPartyNoticeText.txt"
start_lines: "125"
line_count: 1
detected_license: "LicenseRef-scancode-cve-tou"
concluded_license: "Apache-2.0"
reason: "INCORRECT"
comment: "Found in ThirdPartyNoticeText file in Packages for development only."
- path: "package/ThirdPartyNoticeText.txt"
start_lines: "172"
line_count: 18
detected_license: "LicenseRef-scancode-khronos"
concluded_license: "Apache-2.0"
reason: "INCORRECT"
comment: "Found in ThirdPartyNoticeText file in Packages for development only."
- path: "package/ThirdPartyNoticeText.txt"
start_lines: "86"
line_count: 14
detected_license: "W3C-20150513"
concluded_license: "Apache-2.0"
reason: "INCORRECT"
comment: "Found in ThirdPartyNoticeText file in Packages for development only."
resolutions:
rule_violations:
- message: "License Apache-2.0 found in project 'NPM:@eclipse-velocitas:velocitas-project-generator.*"
reason: "EXAMPLE_OF_EXCEPTION"
comment: "Lincense found is the used license which we document in the package.json"
vulnerabilities:
# NPM::flat:5.0.2
- id: "sonatype-2020-0889"
reason: "INEFFECTIVE_VULNERABILITY"
comment: "Packages for development only."
# NPM::mocha:10.0.0
- id: "sonatype-2021-1683"
reason: "INEFFECTIVE_VULNERABILITY"
comment: "Packages for development only."
- id: "sonatype-2021-4946"
reason: "INEFFECTIVE_VULNERABILITY"
comment: "Packages for development only."