Closed stevespringett closed 3 years ago
I've been chatting with Brian Fox as well as Justin Young and Najla Damand (dedicated OSS Index product manager) about enabling OSS Index by default in DT.
We have agreed upon what is required on both ends to do so and are moving forward. Feel free to reach out to Sonatype regarding the TOS. I think that's a good catch as it likely needs to be updated.
Alright, will do! If they are open to the usage in DT, esp. by default, the ToS should not create doubt in that.
Thank you for your quick reply and really great work on this and related projects. It's a tremendous help for us.
335e5acb3de80adf763e52dc61b2824d1b99c7c0
Can we also activate OSS Indexer now in version 3.8 without having an account too?
No. 3.8 and lower still requires an account.
Closing. Anonymous OSS Index enabled by default in v4.0 - to be released soon.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Hi, just wondering if that is a good idea - since I am not even sure that we can use the Sonatype OSS Index at our company just like this... Looking at their ToS, one could understand that the use in DependencyTrack is not permitted:
https://ossindex.sonatype.org/tos
i.e.:
--> otherwise I need to first contact them via email and hope for their agreement.
Also:
So, this sounds to me like this:
I am not a lawyer, but just reading this makes me doubt that it should be enabled by default.
IMO it should be clearly stated in DT before enabling the OSS Index that you need to accept their ToS and that you might need to ask their permission via email first.
However, I will write them an email to ask for our intended use, because their ToS are rather not suggested this use is allowed out of the box.