search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.15k stars 347 forks source link

feat: allow explicitly ignoring the license of a package in config #1243

Closed G-Rath closed 2 weeks ago

G-Rath commented 2 weeks ago

This allows you to configure the scanner to completely ignore the license of a package in a way that is explicit, as oppose to configuring license.overrides to set the package license to an allowed one.

Resolves #1124

codecov-commenter commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 67.82%. Comparing base (f8953ff) to head (4703d2a).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1243 +/- ## ========================================== - Coverage 67.83% 67.82% -0.02% ========================================== Files 174 174 Lines 16769 16773 +4 ========================================== + Hits 11375 11376 +1 - Misses 4765 4767 +2 - Partials 629 630 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

cuixq commented 2 weeks ago

@G-Rath I am a bit confused about what this PR does - could you update the description with more details?

G-Rath commented 2 weeks ago

@cuixq I've added a short description, though I think the linked issue gives context too - let me know if there's anything specific you're still confused on that you'd like me to clarify