Feature Request: License Scanner compares against allowed licenses

[TheMagicNacho]

Issue: license-scanner does not inform if there is a mismatch of licenses, it only returns the list of licenses.

Discussion: CI/CD implementation would benefit form license comparisons.

Recommendation: Implement a flag which would cause the std.out return true if all scanned licenses are on the whitelist, and false for otherwise.

Use Case

As a CI/CD pipeline administrator, I can provide license-scanner a list of accepted licenses, and if there is a mismatch return false otherwise return true.

[markstur]

@mrutkows this might overlap with your plan for CI/CD license checking. I think maybe there is a difference between this one looking for "list of accepted" vs perhaps a more explicit check for "expected". Seems like it might be an overlapping use case to me though.... TBD.

[TheMagicNacho]

@markstur is there an issue already open for the other concept? I tried looking for an overlapping issue before opening this one.

Regarding expected vs allowed. I think expected is more concise. And unless I'm not understanding correctly, it sounds like these two ideas would address the same underlying issue.

[markstur]

We can use this issue as your feature request.

Should "no license found" handling part of this feature request or not? We may want to add another feature request for that because I think you are only asking for an error code when unwanted licenses are found (not white-listed) and that makes sense. We might want to add an issue where we expect a license and do not find it. I'll enter an issue for that case.

[TheMagicNacho]

Yeah. I agree with your statement.

When a whitelist is provided there are three use cases.

1. License Matches: Cool keep scanning.
2. License Does Not Match: Keep Scanning, but keep a note and report all the miss-matched licenses and throw an error code on exit.
3. Expected License Is not Found: Throw an error code on close out.