-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathconfig.docker.example.toml
88 lines (79 loc) · 2.31 KB
/
config.docker.example.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# Example License Scanner Config - Docker Version
# use this config for running license-scanner against built docker images
[environment]
title = "License Scanner Config"
##
# What mode should we run the scanner in?
# options:
# - "standalone": will run the tool against all repos listed in the `repos` list (below)
# - "local": will run the tool against the repo defined in `pathToRepo`
# - "docker": will run the tool against the docker image defined in `dockerImage`
mode = 'docker'
##
# How we should process the licenses
# options are:
# - "fossa-api": will export to fossa api (requires FOSSA_API_KEY to be set in .env)
# - "fossa-json": will export from fossa to a folder of json files. This just shows import heirarchies, and doesn't scan licenses
# - "lc-csv": will use npm license-checker, and export to a list of csv files
# - "lc-summary": will use npm license-checker, and export a summary file for each repo
tool = "lc-csv"
##
# The docker image to be scanned.
# DEPRECATED: use `dockerImages` instead
#
# Ignored when `mode != "docker"`
# Override by setting `dockerImage` env variable
##
dockerImage = 'mojaloop/central-ledger:latest'
##
# A list of docker images to scan
#
# Ignored when `mode != "docker"`
# Override by setting `dockerImages` env variable
##
dockerImages = [
"mojaloop/ml-api-adapter:latest",
"mojaloop/central-ledger:latest"
]
##
# A list of packages that we have manually audited and are ok with.
#
# string: Format: "<package>;<reason>"
#
#
# e.g.
# excludeList = [
# "taffydb@2.6.2;Contains MIT license on github, but not listed in package.json"
# ]
#
# will ignore taffydb@2.6.2 in the license check, and put the "Contains MIT..." reason in the license-summary
##
excludeList = [
"taffydb@2.6.2;Contains MIT license on github, but not listed in package.json",
"buffercursor@0.0.12;No license on github or npm", # has no license on github or npm
"cycle@1.0.3;Listed as Public-Domain on npm, but no License file in github",
"spdx-exceptions@2.2.0;Requires attribution",
]
##
# A list of licenses strings that we allow.
##
allowedList = [
"AFLv2.1",
"Apache License, Version 2.0",
"Apache*",
"Apache-2.0",
"BSD",
"BSD*",
"BSD-2-Clause",
"BSD-3-Clause",
"CC-BY-3.0",
"CC0-1.0",
"ISC",
"MIT",
"MIT*",
"Public Domain",
"UNLICENSED",
"Unlicense",
"Unlicensed",
"WTFPL",
]