chainloop icon indicating copy to clipboard operation
chainloop copied to clipboard

Published 20 hours ago verified publisher icon chainloop-dev

Missing license for altas related packages

Open kaysavps opened this issue 3 weeks ago • 0 comments

Executing the policy sbom-with-licenses over the controlplane migrations sbom shows some components without licenses:

Violations

  • Missing licenses for ariga.io/atlas/cmd/atlas (pkg:golang/ariga.io/atlas/[email protected]?package-id=cab9ec0d40a529be#atlas)
  • Missing licenses for github.com/ariga/language-tools/packages/language-server-go (pkg:golang/github.com/ariga/[email protected]?package-id=b71cbfd2cf76b196#packages/language-server-go)

These packages are included as part of atlas container community edition distribution. However, since they are pointing to a specific snapshot syft is not able to retrieve the license. These modules are distributed under the Apache license - https://github.com/ariga/atlas/blob/master/LICENSE.

kaysavps avatar Nov 17 '25 16:11 kaysavps