scorecard icon indicating copy to clipboard operation
scorecard copied to clipboard

Published 20 hours ago verified publisher icon ossf

Feature: New Check "Permissive License"

Open fhoeborn opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Please describe. Usage of non-permissive licensed open-source software comes with some legal risk, especially when used by companies. It would be good to have an indicator if software is permissively licensed or if further considerations have to be taken.

Describe the solution you'd like An extended version of the license check, that checks whether a known-permissive license is used for the analyzed repo.

Describe alternatives you've considered Checking for copyleft licenses. But that way around it might fool you into a "safe" license situation because of a non-comprehensive license list in the check. Therefore it is more safe to check for a known-list of "safe" licenses and rather "fail" for everything else.

Additional context Added a possible implementation here https://github.com/ossf/scorecard/pull/3838

fhoeborn avatar Feb 02 '24 18:02 fhoeborn