License scanner is reporting incorrect results on some GitLab projects
I've noticed that the license scanner reports incorrect results in several cases:
For example, from gitlab-com/gl-infra/woodhouse!167 (merged):
-
github.com/BurntSushi/xgb
is incorrect: https://github.com/BurntSushi/xgb/blob/master/LICENSE -
github.com/spf13/cobra
is Apache https://github.com/spf13/cobra/blob/main/LICENSE.txt -
github.com/spf13/cobra
is reported 3 times, all incorrectly -
github.com/jmespath/go-jmespath
reports is unknown, is ASL2: https://github.com/jmespath/go-jmespath/blob/master/LICENSE - Other licenses report as unknown when using recognised licenses.
- https://github.com/BurntSushi/xgb/blob/master/LICENSE and https://github.com/go-gl/glfw/blob/master/LICENSE appear to be the same license, but are reported as different licences in the report.
Similarly, on the tenctl
project, we see several recognised licensed reported as unknown
: https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/tenctl/-/pipelines/601869457/licenses
-
github.com/spf13/cobra
is reported as unknown, should be ASL2 - Other licenses also incorrectly marked as unknown.
Workaround
As a workaround, you can run the following in a before_script
license_scanning:
before_script:
- . /opt/gitlab/.bashrc
- license_management licenses add react MIT
Edited by Sam White