jeffcshapiro

Per Bob Killen @mrbobbytables All of these EXCEPT kubernetes-2024-01-03.zip/kops/vendor/[github.com/hashicorp/memberlist/LICENSE](https://github.com/hashicorp/memberlist/LICENSE) have been granted a license exception approval: [cncf-exceptions-2019-11-01.spdx ](https://github.com/cncf/foundation/blob/main/license-exceptions/cncf-exceptions-2019-11-01.spdx) [github.com/hashicorp/errwrap](http://github.com/hashicorp/errwrap) - PackageComment: not auto-allowlist because: Non-allowlist license(s); approved by GB exception...

`### LICENSE INTAKE SCAN & ANALYSIS: OpenSSF: openssf-scorecard-monitor - This intake scan is a static analysis of the source code in your repository. A dependency scan was not performed. Once...

@david-a-wheeler > Adding license info to each source file is a good practice, but that won't prevent initial acceptance. Agreed - a good idea but no reason to cause any...

re-scanned https://github.com/hyperledger/identus-cloud-agent/ Confirmed - all MPL-2.0 licensed files have been removed from the repo. You can close this issue.

@joannalee333 Can you comment on this?

@kj-powell I can do an intake scan. 1st question I have is, this repo is under GPLv3 which is likely incompatible with the typical licenses that LF and OpenSSF projects...

I've done the scan and I'm working on the report. There are a lot of different licenses in the codebase, including of course GPLv3 and LGPL, and several permissive licenses....

LICENSE INTAKE SCAN & ANALYSIS: OpenSSF: cve-bin-tool DISTRIBUTION: [email protected], [email protected] - This License Intake Scan is a static analysis of the source code in your repository. A dependency scan was...

I'm on PTO this coming week, I will do the license intake scan the following week, if it's urgent let me know.

@eddie-knight report sent, see email