Open codeboten opened 3 months ago
At this moment, the only license check we have at Snyk is related to hashicorp/go-version, which has been added to the exception list here, making it safe to use:
https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv
Marked all the go-version
checks as ignores for core, will do some more for contrib later. It would be fantastic to find a way to do this in config somewhere
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers
. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.
Component(s)
No response
Describe the issue you're reporting
The following PR fails the license check: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/33655
The failure is that a dependency brought in by
coreinternal
is licensed with MPL, which fails the license check.