Scan Report
Created by ORT, the OSS Review Toolkit, version cc543c9380-dirty on 2023-04-29T06:28:19.563363848Z.

Project

Scanned revision eb43dc40a125a4dfaae108f48e0f71821fde7528 of Git repository https://github.com/eclipse-tractusx/tractusx-quality-checks.git

Index

Rule Violation Summary (0 errors, 5 warnings, 1 hints to resolve)

# Rule Package License Message
1 OSADL_PROJECT_LICENSE_COMPATIBILITY Go::github.com/inconshreveable/mousetrap:1.0.1 DETECTED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is compatible with the inbound license Apache-2.0 of its dependency 'Go::github.com/inconshreveable/mousetrap:1.0.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
2 OSADL_PROJECT_LICENSE_COMPATIBILITY Go::github.com/spf13/cobra:1.6.1 DETECTED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is compatible with the inbound license Apache-2.0 of its dependency 'Go::github.com/spf13/cobra:1.6.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
3 OSADL_PROJECT_LICENSE_COMPATIBILITY Go::github.com/spf13/pflag:1.0.5 DETECTED: BSD-3-Clause

It is unknown whether the outbound license NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is compatible with the inbound license BSD-3-Clause of its dependency 'Go::github.com/spf13/pflag:1.0.5'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
4 OSADL_PROJECT_LICENSE_COMPATIBILITY Go::gopkg.in/yaml.v3:3.0.1 DETECTED: Apache-2.0

It is unknown whether the outbound license NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is compatible with the inbound license Apache-2.0 of its dependency 'Go::gopkg.in/yaml.v3:3.0.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
5 OSADL_PROJECT_LICENSE_COMPATIBILITY Go::gopkg.in/yaml.v3:3.0.1 DETECTED: MIT

It is unknown whether the outbound license NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is compatible with the inbound license MIT of its dependency 'Go::gopkg.in/yaml.v3:3.0.1'. This combination of licenses is not covered by the compliance matrix.

How to fix

Get legal advice and eventually create a (global) rule violation resolution.
6 PROJECT_LICENSE_CHECK GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528 DETECTED: NOASSERTION

License NOASSERTION of project 'GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528' is unclassified.

How to fix

Classify NOASSERTION as either approved or restricted.

GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528 (go.mod)

VCS Information

Type Git
URL https://github.com/eclipse-tractusx/tractusx-quality-checks.git
Path
Revision eb43dc40a125a4dfaae108f48e0f71821fde7528

Packages

# Package Scopes Licenses Analyzer Issues Scanner Issues
1 GoMod::github.com/eclipse-tractusx/tractusx-quality-checks:eb43dc40a125a4dfaae108f48e0f71821fde7528 Detected Licenses (from VCS):
Apache-2.0 (exemplary link to the first of 85 locations)
BSD-2-Clause (exemplary link to the first of 2 locations)
BSD-3-Clause (exemplary link to the first of 2 locations)
EPL-2.0 (link to the location)
NOASSERTION (link to the location)
Effective License:
Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND EPL-2.0 AND NOASSERTION OR Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND NOASSERTION
      2 Go::github.com/inconshreveable/mousetrap:1.0.1
      • vendor
      		 Detected Licenses (from VCS):
      Apache-2.0 (exemplary link to the first of 2 locations)
      Effective License:
          3 Go::github.com/spf13/cobra:1.6.1
          • main
          • vendor
          		 Detected Licenses (from VCS):
          Apache-2.0 (exemplary link to the first of 40 locations)
          Effective License:
              4 Go::github.com/spf13/pflag:1.0.5
              • main
              • vendor
              		 Detected Licenses (from VCS):
              BSD-3-Clause (exemplary link to the first of 20 locations)
              Effective License:
                  5 Go::gopkg.in/yaml.v3:3.0.1
                  • main
                  • vendor
                  		 Detected Licenses (from artifact):
                  Effective License:

                      Repository Configuration

                      
---
excludes:
  paths:
  - pattern: "**/META-INF/DEPENDENCIES"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/META-INF/NOTICE*"
    reason: "BUILD_TOOL_OF"
    comment: "Licenses contained in this directory reflect content analysed elsewhere."
  - pattern: "**/*.svg"
    reason: "BUILD_TOOL_OF"
    comment: "SVG files do not contain any license information."
  - pattern: "package-lock.json"
    reason: "BUILD_TOOL_OF"
    comment: "Does not contain any license information."