anchore / grant

Search an SBOM for licenses and the packages they belong to
Apache License 2.0
68 stars 7 forks source link

Adding severity for ruleset #51

Open tomerse-sg opened 8 months ago

tomerse-sg commented 8 months ago

Hi,

Might be a good idea to add a "severity" to each rule (default can be unknown). can help users to prioritize licenses issues (like with CVEs).

rules: 
    - pattern: "*gpl*"
      name: "deny-gpl"
      mode: "deny"
      reason: "GPL licenses are not allowed per xxx-xx company policy"
      severity: "High"
      exclusions:
        - "alpine-base-layout" # We don't link against this package so we don't care about its license