Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-02T15:17:17.748464469Z.

Project

Scanned revision 74a9e569d10c53abd31a19a65aed0165df5d7957 of Git repository https://github.com/eclipse-ecal/ecal-mcap-tools.git

Index

Rule Violation Summary (2 errors, 4 warnings, 4 hints to resolve)

# Rule Package License Message
1 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::mcap:1.0.2 DETECTED: MPL-2.0

The outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is incompatible with the inbound license MPL-2.0 of its dependency 'PyPI::mcap:1.0.2'. Software under a copyleft license such as the MPL-2.0 license normally cannot be redistributed under a non-copyleft license such as the MIT license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'PyPI::mcap:1.0.2' or put 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' under a different license.
2 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::zstandard:0.20.0 DETECTED: GPL-2.0-only

The outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is incompatible with the inbound license GPL-2.0-only of its dependency 'PyPI::zstandard:0.20.0'. Software under a copyleft license such as the GPL-2.0-only license normally cannot be redistributed under a non-copyleft license such as the MIT license, except if it were explicitly permitted in the licenses.

How to fix

Remove the dependency on 'PyPI::zstandard:0.20.0' or put 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' under a different license.
3 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::lz4:4.3.2 DETECTED: NOASSERTION

It is unknown whether the outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is compatible with the inbound license NOASSERTION of its dependency 'PyPI::lz4:4.3.2'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
4 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::mcap:1.0.2 DETECTED: NOASSERTION

It is unknown whether the outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is compatible with the inbound license NOASSERTION of its dependency 'PyPI::mcap:1.0.2'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
5 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::semver:3.0.0 DETECTED: CC-BY-3.0

It is unknown whether the outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is compatible with the inbound license CC-BY-3.0 of its dependency 'PyPI::semver:3.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
6 OSADL_PROJECT_LICENSE_COMPATIBILITY PyPI::semver:3.0.0 DETECTED: NOASSERTION

It is unknown whether the outbound license MIT of project 'PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957' is compatible with the inbound license NOASSERTION of its dependency 'PyPI::semver:3.0.0'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
7 DEPENDENCY_LICENSE_CHECK PyPI::lz4:4.3.2 DETECTED: NOASSERTION

License NOASSERTION of dependency 'PyPI::lz4:4.3.2' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
8 DEPENDENCY_LICENSE_CHECK PyPI::mcap:1.0.2 DETECTED: NOASSERTION

License NOASSERTION of dependency 'PyPI::mcap:1.0.2' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
9 DEPENDENCY_LICENSE_CHECK PyPI::semver:3.0.0 DETECTED: NOASSERTION

License NOASSERTION of dependency 'PyPI::semver:3.0.0' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.
10 DEPENDENCY_LICENSE_CHECK PyPI::zstandard:0.20.0 DETECTED: GPL-2.0-only

License GPL-2.0-only of dependency 'PyPI::zstandard:0.20.0' is unclassified.

How to fix

Classify GPL-2.0-only as either approved or restricted.

PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957 (ecal-hdf5-2-mcap/requirements.txt)

VCS Information

Type Git
URL https://github.com/eclipse-ecal/ecal-mcap-tools.git
Path ecal-hdf5-2-mcap
Revision 74a9e569d10c53abd31a19a65aed0165df5d7957

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 PIP::ecal-hdf5-2-mcap/requirements.txt:74a9e569d10c53abd31a19a65aed0165df5d7957 Detected Licenses (from VCS):
MIT (exemplary link to the first of 2 locations)
Effective License:
      2 PyPI::lz4:4.3.2
      • install
      		 Detected Licenses (from VCS):
      BSD-2-Clause (exemplary link to the first of 19 locations)
      BSD-3-Clause (exemplary link to the first of 8 locations)
      NOASSERTION (link to the location)
      Effective License:
      BSD-2-Clause AND BSD-3-Clause AND NOASSERTION
          3 PyPI::mcap:1.0.2
          • install
          		 Declared Licenses:
          Detected Licenses (from VCS):
          Apache-2.0 (link to the location)
          BSD-3-Clause (exemplary link to the first of 21 locations)
          MIT (exemplary link to the first of 22 locations)
          MPL-2.0 (link to the location)
          NOASSERTION (link to the location)
          Effective License:
          Apache-2.0 AND BSD-3-Clause AND MIT AND MPL-2.0 AND NOASSERTION
              4 PyPI::semver:3.0.0
              • install
              		 Declared Licenses:
              Detected Licenses (from VCS):
              BSD-3-Clause (exemplary link to the first of 3 locations)
              CC-BY-3.0 (exemplary link to the first of 2 locations)
              NOASSERTION (link to the location)
              Effective License:
              BSD-3-Clause AND CC-BY-3.0 AND NOASSERTION
                  5 PyPI::zstandard:0.20.0
                  • install
                  		 Declared Licenses:
                  Detected Licenses (from VCS):
                  BSD-3-Clause (exemplary link to the first of 130 locations)
                  GPL-2.0-only (exemplary link to the first of 77 locations)
                  MIT (exemplary link to the first of 4 locations)
                  Effective License:

                      Unmanaged::ecal-mcap-tools:74a9e569d10c53abd31a19a65aed0165df5d7957 ()

                      VCS Information

                      Type Git
                      URL https://github.com/eclipse-ecal/ecal-mcap-tools
                      Path
                      Revision 74a9e569d10c53abd31a19a65aed0165df5d7957

                      Packages

                      # Package Scopes Licenses Analyzer Issues Scanner Issues
                      1 Unmanaged::ecal-mcap-tools:74a9e569d10c53abd31a19a65aed0165df5d7957 Detected Licenses (from VCS):
                      MIT (exemplary link to the first of 2 locations)
                      Effective License:

                          Repository Configuration

                          
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."