DevGuard Logo

/Devguard
Project
/devguard-documentation
Repository

Overview
Compliance
Code Risk-Handling
Dependency Risk-Handling
Dependencies

Only OSI approved licenses

This policy checks if there is no violation against the license allow list.

Control evaluation result

Component "/argparse" uses non-OSI approved license "non-standard"
Component "/caniuse-lite" uses non-OSI approved license "non-standard"
Component "/client-only" has no license declared
Component "/concat-map" uses non-OSI approved license "non-standard"
Component "/confbox" uses non-OSI approved license "non-standard"
Component "/d3-geo" uses non-OSI approved license "non-standard"
Component "/d3-scale-chromatic" uses non-OSI approved license "non-standard"
Component "/dagre-d3-es" uses non-OSI approved license "non-standard"
Component "/damerau-levenshtein" uses non-OSI approved license "non-standard"
Component "/deep-is" uses non-OSI approved license "non-standard"
Component "/devguard-docs" has no license declared
Component "/didyoumean" uses non-OSI approved license "non-standard"
Component "/dompurify" uses non-OSI approved license "non-standard"
Component "/dotenv" uses non-OSI approved license "non-standard"
Component "/entities" uses non-OSI approved license "non-standard"
Component "/escodegen" uses non-OSI approved license "non-standard"
Component "/eslint-scope" uses non-OSI approved license "non-standard"
Component "/esm" uses non-OSI approved license "non-standard"
Component "/espree" uses non-OSI approved license "non-standard"
Component "/esprima" uses non-OSI approved license "non-standard"
Component "/esquery" uses non-OSI approved license "non-standard"
Component "/esrecurse" uses non-OSI approved license "non-standard"
Component "/estraverse" uses non-OSI approved license "non-standard"
Component "/esutils" uses non-OSI approved license "non-standard"
Component "/fast-json-stable-stringify" uses non-OSI approved license "non-standard"
Component "/fs.realpath" uses non-OSI approved license "non-standard"
Component "/ignore" uses non-OSI approved license "non-standard"
Component "/jackspeak" uses non-OSI approved license "non-standard"
Component "/json-parse-even-better-errors" uses non-OSI approved license "non-standard"
Component "/json-stable-stringify-without-jsonify" uses non-OSI approved license "non-standard"
Component "/json5" uses non-OSI approved license "non-standard"
Component "/language-subtag-registry" uses non-OSI approved license "non-standard"
Component "/ljharb-monorepo-symlink-test" has no license declared
Component "/lodash-es" uses non-OSI approved license "non-standard"
Component "/lodash.merge" uses non-OSI approved license "non-standard"
Component "/makeerror" uses non-OSI approved license "non-standard"
Component "/marked" uses non-OSI approved license "non-standard"
Component "/mhchemparser" uses non-OSI approved license "non-standard"
Component "/mylib" has no license declared
Component "/path-scurry" uses non-OSI approved license "non-standard"
Component "/pathe" uses non-OSI approved license "non-standard"
Component "/pkg-types" uses non-OSI approved license "non-standard"
Component "/readable-stream" uses non-OSI approved license "non-standard"
Component "/rw" uses non-OSI approved license "non-standard"
Component "/saxes" uses non-OSI approved license "non-standard"
Component "/server-only" has no license declared
Component "/source-map" uses non-OSI approved license "non-standard"
Component "/source-map-js" uses non-OSI approved license "non-standard"
Component "@colors/colors" uses non-OSI approved license "non-standard"
Component "@corex/deepmerge" has no license declared
Component "@my-scope/package-a" has no license declared
Component "@my-scope/package-b" has no license declared
Component "@next/swc-linux-x64-musl" has no license declared
Component "@radix-ui/react-compose-refs" has no license declared
Component "@rushstack/eslint-patch" uses non-OSI approved license "non-standard"
Component "@sinclair/typebox" uses non-OSI approved license "non-standard"
Component "debian/base-files" has no license declared
Component "debian/gcc-12" has no license declared
Component "debian/gcc-12-base" has no license declared
Component "debian/libc6" has no license declared
Component "debian/libgcc-s1" has no license declared
Component "debian/libgomp1" has no license declared
Component "debian/libstdc++6" has no license declared
Component "debian/netbase" has no license declared
Component "debian/openssl" has no license declared
Component "debian/tzdata" has no license declared

Status

Evaluation result after comparing the policy with the current state of the asset
66 Violations
Update the attestation using the following command
devguard-scanner attest --predicateType "https://cyclonedx.org/bom" <json file>
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version d51ba4d3f2ef56cdcc49e35bed410d86e1263d7a