8000 Allow logical OR separated licenses to be whitelisted · Issue #205 · anchore/grant · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Allow logical OR separated licenses to be whitelisted #205
New issue
New issue
Open
Open
Allow logical OR separated licenses to be whitelisted#205
Labels
enhancementFeature ehnancements
@Nikkulin3

Description

@Nikkulin3
Nikkulin3
opened on May 5, 2025

What would you like to be added:

Currently, there is no possibility to chose one license over another if multiple licenses are supplied via SBOM.

There should be a mode where you can allow any package which has a whitelisted license, disregarding blacklisted licenses of the same package.

Example:

Snippet from cyclonedx SBOM

"licenses": [
  {
    "license": {
      "id": "EPL-2.0"
    }
  },
  {
    "license": {
      "id": "GPL-2.0-with-classpath-exception"
    }
  }
],

Or similar in this other package of the same SBOM with an OR expression

"licenses": [
  {
    "expression": "MIT OR Apache-2.0 OR LGPL-2.1-or-later"
  }
],

grant.yaml

rules:
  - pattern: "EPL-*"
    name: "EPL"
    mode: "allow"
    reason: "EPL is compatible with our project"
  - pattern: "*"
    name: "reject everything else"
    mode: "deny"
    reason: "All licenses need to be explicitly allowed"

Why is this needed:
Some packages have an OR in there license and I would like to pick the one suited to my needs without whitelisting the other license or excluding the package manually.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementFeature ehnancements

    Type

    No type

    Projects

    OSS

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0