... | ... | @@ -9,6 +9,23 @@ Curations correct invalid or missing package metadata, configure a licenses mapp |
|
|
* When? passed to the `analyze` or `evaluate`.
|
|
|
* Doc: https://github.com/oss-review-toolkit/ort/blob/main/docs/config-file-curations-yml.md
|
|
|
|
|
|
The official documentation for curations is hosted in their repository [1], and there is an example file provided for convenience [2].
|
|
|
|
|
|
[1] https://github.com/oss-review-toolkit/ort/blob/main/docs/config-file-curations-yml.md \
|
|
|
[2] https://github.com/oss-review-toolkit/ort/blob/main/examples/curations.yml
|
|
|
|
|
|
We've conducted a few tests on our instance and eventually settled down on this format:
|
|
|
```
|
|
|
- id: "NPM::argparse:1.0.10"
|
|
|
curations:
|
|
|
comment: "Manually checked issue, it is a false-positive. License available at https://www.npmjs.com/package/argparse/v/1.0.10"
|
|
|
concluded_license: "MIT"
|
|
|
- id: "NPM::chokidar:3.5.2"
|
|
|
curations:
|
|
|
comment: "Manually checked issue, it is a false-positive. License available at https://www.npmjs.com/package/chokidar/v/3.5.2"
|
|
|
concluded_license: "MIT"
|
|
|
```
|
|
|
|
|
|
## Resolutions
|
|
|
|
|
|
Resolutions allow you to resolve issues, policy rule violations or vulnerabilities by providing a reason why they are acceptable and can be ignored.
|
... | ... | |