checkov-action icon indicating copy to clipboard operation
checkov-action copied to clipboard
verified publisher icon bridgecrewio

OSS License not properly indicated for v12.2785.0

Open ethankent opened this issue 1 year ago • 2 comments

A license scan using Github's dependency review action indicates:

Package Version License Issue Type
bridgecrewio/checkov-action d3328add8f0c9461fb3fe0739296f1cee85f7c2b Null Unknown License

Additionally, there is no license badge showing on the Marketplace page

I suspect a particular form field needs to get filled out when publishing.

ethankent avatar Jun 27 '24 21:06 ethankent

Hi @ethankent, this repository has a license (Apache 2), so this seems like a limitation of GitHub's dependency review. Do you have an example of one that does show the proper license? I would say that we have the proper license in place, so this is not a priority for us.

tsmithv11 avatar Jul 03 '24 04:07 tsmithv11

Hi @tsmithv11, thanks for the reply. Everything I see in this repository seems to indicate that the license is configured. So, I don't believe there's a problem on the repo itself. However, the license badge does seem to be missing on the Marketplace page, so possibly there's a gap in the publishing process.

If it helps, I can tell you that I see a similar action in the marketplace that doesn't have any problems with the dependency review action. It's called Trivy & I can see that it has a license badge showing correctly.

ethankent avatar Aug 01 '24 21:08 ethankent