licence + vulnerability check #90

Closed
opened 2024-05-28 21:44:30 +00:00 by b · 1 comment
Owner

As part of the pipeline (to staging) we should check licences that they are in the following whitelist:

'AFLv2.1;Apache 2.0;Apache-2.0;Apache*;Artistic-2.0;0BSD;BSD*;BSD-2-Clause;BSD-3-Clause;CC0-1.0;CC-BY-3.0;CC-BY-4.0;ISC;MIT;MPL-2.0;ODC-By-1.0;Python-2.0;Unlicense;'

We should also check that npm audit reports 0 vulnerabilities. If there is a strong argument, we could change this to npm audit --omit=dev --audit-level=low.

As part of the pipeline (to staging) we should check licences that they are in the following whitelist: ` 'AFLv2.1;Apache 2.0;Apache-2.0;Apache*;Artistic-2.0;0BSD;BSD*;BSD-2-Clause;BSD-3-Clause;CC0-1.0;CC-BY-3.0;CC-BY-4.0;ISC;MIT;MPL-2.0;ODC-By-1.0;Python-2.0;Unlicense;'` We should also check that `npm audit` reports 0 vulnerabilities. If there is a strong argument, we could change this to `npm audit --omit=dev --audit-level=low`.
Owner

linked to #38

linked to #38
y added the
Priority
Medium
label 2024-06-25 13:34:17 +00:00
y added
Priority
High
and removed
Priority
Medium
labels 2024-06-25 13:35:25 +00:00
y self-assigned this 2024-06-25 13:35:34 +00:00
enes closed this issue 2024-08-07 13:54:36 +00:00
Sign in to join this conversation.
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sigit/sigit.io#90
No description provided.