Skip to content

Commit 6e95d8d

Browse files
shahar-hzhaohuabing
shahar-h
authored and
zhaohuabing
committed
ci: cleanup osv-scanner config (envoyproxy#4579)
Signed-off-by: Shahar Harari <[email protected]> (cherry picked from commit 1a275b9) Signed-off-by: Huabing Zhao <[email protected]>
1 parent 0784f1c commit 6e95d8d

File tree

1 file changed

+5
-28
lines changed

1 file changed

+5
-28
lines changed

osv-scanner.toml

+5-28
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,3 @@
1-
[[IgnoredVulns]]
2-
id = "GO-2022-0646"
3-
reason = "No a real issue, just a warning about third party package."
4-
51
[[PackageOverrides]]
62
name = "github.com/AdaLogics/go-fuzz-headers"
73
version = "0.0.0-20230811130428-ced1acdcaa24"
@@ -16,13 +12,6 @@ ecosystem = "Go"
1612
license.override = ["MIT"]
1713
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/87 is resolved"
1814

19-
[[PackageOverrides]]
20-
name = "github.com/containers/storage"
21-
version = "1.55.0"
22-
ecosystem = "Go"
23-
license.override = ["Apache-2.0"]
24-
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/104 is resolved"
25-
2615
[[PackageOverrides]]
2716
name = "github.com/distribution/distribution/v3"
2817
version = "3.0.0-beta.1"
@@ -41,32 +30,28 @@ reason = "This package has dual license - the code is licensed under the Apache
4130
name = "github.com/go-sql-driver/mysql"
4231
version = "1.8.1"
4332
ecosystem = "Go"
44-
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
45-
license.override = ["Apache-2.0"]
33+
license.ignore = true
4634
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"
4735

4836
[[PackageOverrides]]
4937
name = "github.com/hashicorp/errwrap"
5038
version = "1.1.0"
5139
ecosystem = "Go"
52-
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
53-
license.override = ["Apache-2.0"]
40+
license.ignore = true
5441
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"
5542

5643
[[PackageOverrides]]
5744
name = "github.com/hashicorp/go-multierror"
5845
version = "1.1.1"
5946
ecosystem = "Go"
60-
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
61-
license.override = ["Apache-2.0"]
47+
license.ignore = true
6248
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"
6349

6450
[[PackageOverrides]]
6551
name = "github.com/hashicorp/hcl"
6652
version = "1.0.0"
6753
ecosystem = "Go"
68-
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
69-
license.override = ["Apache-2.0"]
54+
license.ignore = true
7055
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/CNCF-licensing-exceptions.csv"
7156

7257
[[PackageOverrides]]
@@ -80,19 +65,11 @@ reason = "This package has dual license - the code is licensed under the Apache
8065
name = "github.com/shoenig/go-m1cpu"
8166
version = "0.1.6"
8267
ecosystem = "Go"
83-
# Override the license to an allowed one until https://github.com/google/osv-scanner/issues/1124 is resolved and we can skip it from license scanning instead
84-
license.override = ["Apache-2.0"]
68+
license.ignore = true
8569
reason = "This package has MPL-2.0 which is not approved in CNCF Allowlist, but it has an exception. See https://github.com/cncf/foundation/blob/main/license-exceptions/cncf-exceptions-2023-08-31.spdx"
8670

8771
[[PackageOverrides]]
8872
name = "stdlib"
8973
ecosystem = "Go"
9074
license.override = ["BSD-3-Clause"]
9175
reason = "Unidentified license, remove once https://github.com/google/deps.dev/issues/86 is resolved"
92-
93-
[[PackageOverrides]]
94-
name = "sigs.k8s.io/json"
95-
version = "0.0.0-20221116044647-bc3834ca7abd"
96-
ecosystem = "Go"
97-
license.override = ["Apache-2.0"]
98-
reason = "https://github.com/kubernetes-sigs/json/blob/main/LICENSE"

0 commit comments

Comments
 (0)