- marked as enhancement
-
assigned issue to
Robert Reiz
Ignore license checks at least for Github PR checks
Issue #390
resolved
Our github PRs are failing license checks. We are not ready to tackle this. How can I ignore all license checks? I have explored the Component and License whitelists, however, I'm not sure how to use those to ignore all existing and future libraries.
Also, I don't want to ignore security issues.
Comments (5)
-
-
Hi @farhanible. Not sure if that's good idea to ignore licenses. The license whitelist is pretty easy to use, you simply put licenses on it which are allowed in your organisation. Dependencies which have a license which is not on your whitelist will be marked red.
However your feature request make sense. We will make it configurable which check you wanna perform on a pull request. But that will take a couple days. Until then I would recommend to use the license whitelist.
Can you share a link to your VersionEye organisation?
-
reporter
I shared it with you over the support email since I can't post it publicly.
I agree that ignoring licenses is not a good idea but, we want to be able to work out how to address it before blocking merges based on it. Turning off license checks may also be a good feature for organizations that already use another service for license verification.
Our PRs are being blocked on unknown licenses, which on spot-checking do exist within the dependency github pages. Can I add the "UNKNOWN" string to the license whitelist? I have configured a broad Component whitelist which is working for everything except java and clojure. I hope this does not ignore Security issues.
I also noticed that even though I selected the master branch for the Github repository when setting up the project in versioneye, the PR checks are running and blocking merges for all branches of a repo. I think the default behavior should be to run checks and block merges for PRs on the selected branch only (unless I'm missing something here).
-
- changed status to resolved
I received your email and will respond to it today.
-
reporter
Awesome thank you! This can be closed then. I will create a separate issue for the Github PR checks behavior.
- Log in to comment
