Ignore UNKNOWN licenses on pull requests

Since a couple months VersionEye can check your dependencies on each pull request on GitHub. That was described here. VersionEye will mark the status of the pull request as failed if:

  • a dependency has a 1 or more security vulnerabilities
  • the license of a dependency violates the license whitelist
  • the license of a dependency is UNKNOWN

An UNKNOWN license is as dangerous as a violation of your license whitelist. Simply because the maintainers of the dependency can come up with a dangerous license afterwards and that could harm your company. That’s why strongly recommend NOT to ignore UNKNOWN licenses.

However, some people want to simply ignore UNKNOWN licenses in their projects. That’s why we introduced this option now. On the license whitelist there is a new checkbox now.

Screen Shot 2017-07-22 at 12.42.22

If that option is checked and the license whitelist is assigned to the project, then UNKNOWN licenses will not cause a failed status on the pull request check. Use this checkbox wisely!

One thought on “Ignore UNKNOWN licenses on pull requests

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s