ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Allow the advisor to filter packages by license classification

Open sschuberth opened this issue 3 years ago • 2 comments

Users might not want to disclose the names of (company-)internal packages in the lookup at (public) vulnerability providers. A way to address that would be to have configurable license classification filter for the advisor, so that only packages with licenses of the configured classifications (e.g. only Open Source licenses) are being looked up at the vulnerability provider.

sschuberth avatar Nov 14 '22 12:11 sschuberth

(e.g. only Open Source licenses) are being looked up at the vulnerability provider.

This specific check could be implemented way simpler by just trying to look up the license in the SPDX list.

sschuberth avatar Feb 15 '23 13:02 sschuberth

Also a more generic (Script based?) approach could be implemented that also addresses the needs of https://github.com/oss-review-toolkit/ort/issues/4892.

sschuberth avatar Jun 24 '24 09:06 sschuberth