Skip to content

Commit

Permalink
chore: Add security and license scanning with FOSSA (#1290)
Browse files Browse the repository at this point in the history 
Continuation of the #722 - now that we assessed and landed on FOSSA

Now we are ready to merge the scan -- it's scanning as it should,
although it reported the following errors already:

```
Using project name: `https://github.com/TBD54566975/ftl`
Using revision: `0d3b05517292a2ec0cc9824d6a12894a4dbee0c5`


[ERROR] 

  ========================================================================
  Tested Following Project:
  ========================================================================


  Project Title: https://github.com/TBD54566975/ftl
  Project Revision: 0d3b055
  Project Visibility: private
  Project Targets:
  - gomod: [buildengine/testdata/projects/alpha/go.mod]
  - gomod: [buildengine/testdata/projects/another/go.mod]
  - gomod: [buildengine/testdata/projects/external/go.mod]
  - gomod: [buildengine/testdata/projects/lib/go.mod]
  - gomod: [buildengine/testdata/projects/other/go.mod]
  - gomod: [go-runtime/compile/build-template/go.mod]
  - gomod: [go-runtime/compile/external-module-template/go.mod]
  - gomod: [go-runtime/compile/testdata/duplicateverbs/go.mod]
  - gomod: [go-runtime/compile/testdata/failing/go.mod]
  - gomod: [go-runtime/compile/testdata/one/go.mod]
  - gomod: [go-runtime/compile/testdata/two/go.mod]
  - gomod: [go-runtime/scaffolding/go.mod]
  - gomod: [go.mod]
  - gomod: [integration/testdata/schema-generate/go.mod]
  - gomod: [kotlin-runtime/external-module-template/go.mod]
  - gomod: [kotlin-runtime/scaffolding/go.mod]
  - maven: [buildengine/testdata/projects/externalkotlin/pom.xml]
  - maven: [buildengine/testdata/projects/libkotlin/pom.xml]
  - maven: [kotlin-runtime/ftl-runtime/pom.xml]
  - maven: [kotlin-runtime/scaffolding/{{ .Name | lower }}/pom.xml]
  - npm: [extensions/vscode/package-lock.json]
  - npm: [frontend/package-lock.json]


  COMPLIANCE ISSUES (Total 10)

  ========================================================================
  Unlicensed Dependency (Total 1)
  ========================================================================
  ⚑ Unlicensed dependency detected in github.com/alecthomas/kong-toml@09a5bdacdc2ae63e5c06164b372de9d7234ae691
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/4433957


  ========================================================================
  Flagged by Policy (Total 9)
  ========================================================================
  ⚑ LGPL-3.0-only license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203514

  ⚑ EPL-1.0 license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203513

  ⚑ LGPL-2.1-only license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203512

  ⚑ EPL-1.0 license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203517

  ⚑ LGPL-3.0-only license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203516

  ⚑ LGPL-2.1-only license detected in ch.qos.logback:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/5203515

  ⚑ MPL-2.0 license detected in [email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/4433963

  ⚑ MPL-2.0 license detected in [email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/4433964

  ⚑ MPL-1.1 license detected in org.hotswapagent:[email protected]
  More information: https://app.fossa.com/projects/custom%2B588%2Fgithub.com%2FTBD54566975%2Fftl/refs/branch/master/0d3b05517292a2ec0cc9824d6a12894a4dbee0c5/issues/licensing/4433958


[ERROR] ----------
  An issue occurred

  >>> Relevant errors

    Error

      The scan has revealed issues. Number of issues found: 10
```
  • Loading branch information
@leordev
leordev authored Apr 18, 2024
1 parent b8e6065 commit b1a9aeb
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions .github/workflows/security.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: Security and License Scans

on:
pull_request_target:
branches:
- main

push:
branches:
- main

# Run every day at 5am UTC
schedule:
- cron: "0 5 * * *"

# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:

jobs:
security-license-scan:
uses: TBD54566975/open-source-programs/.github/workflows/security.yml@main
secrets: inherit

0 comments on commit b1a9aeb

Please sign in to comment.