cicd: snyk license check fails

open-telemetry / opentelemetry-collector-contrib

Contrib repository for the OpenTelemetry Collector

https://opentelemetry.io

Apache License 2.0

3.1k stars 2.39k forks source link

cicd: snyk license check fails #34199

Open codeboten opened 4 months ago

codeboten commented 4 months ago

Component(s)

No response

Describe the issue you're reporting

The following PR fails the license check: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/33655

The failure is that a dependency brought in by coreinternal is licensed with MPL, which fails the license check.

jpkrohling commented 3 months ago

At this moment, the only license check we have at Snyk is related to hashicorp/go-version, which has been added to the exception list here, making it safe to use:

https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv

codeboten commented 3 months ago

Marked all the go-version checks as ignores for core, will do some more for contrib later. It would be fantastic to find a way to do this in config somewhere

github-actions[bot] commented 1 month ago

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.