DevGuard Logo

/Devguard
Group
/devguard-scanner
Repository

Overview
Compliance
Code Risks
Dependency Risks
Dependencies

Only OSI approved licenses

This policy checks if there is no violation against the license allow list.

Control evaluation result

Component "/autocommand" uses non-OSI approved license "LGPL-3.0"
Component "/backports.tarfile" has no license declared
Component "/beautifulsoup4" has no license declared
Component "/charset-normalizer" has no license declared
Component "/configargparse" has no license declared
Component "/contextlib2" has no license declared
Component "/decorator" has no license declared
Component "/importlib-metadata" has no license declared
Component "/inflect" has no license declared
Component "/jaraco.collections" has no license declared
Component "/jaraco.context" has no license declared
Component "/jaraco.functools" has no license declared
Component "/jaraco.text" has no license declared
Component "/my-test-package" has no license declared
Component "/packageurl-python" has no license declared
Component "/peewee" has no license declared
Component "/ply" has no license declared
Component "/protobuf" has no license declared
Component "/ruamel.yaml" has no license declared
Component "/ruamel.yaml.clib" has no license declared
Component "/sortedcontainers" has no license declared
Component "/stdlib" has no license declared
Component "/zipp" has no license declared
Component "alpine/alpine-baselayout" has no license declared
Component "alpine/alpine-baselayout-data" has no license declared
Component "alpine/alpine-keys" has no license declared
Component "alpine/alpine-release" has no license declared
Component "alpine/apk-tools" has no license declared
Component "alpine/brotli" has no license declared
Component "alpine/brotli-libs" has no license declared
Component "alpine/busybox" has no license declared
Component "alpine/busybox-binsh" has no license declared
Component "alpine/c-ares" has no license declared
Component "alpine/ca-certificates" has no license declared
Component "alpine/ca-certificates-bundle" has no license declared
Component "alpine/curl" has no license declared
Component "alpine/gdbm" has no license declared
Component "alpine/git" has no license declared
Component "alpine/git-init-template" has no license declared
Component "alpine/libbz2" has no license declared
Component "alpine/libcrypto3" has no license declared
Component "alpine/libcurl" has no license declared
Component "alpine/libexpat" has no license declared
Component "alpine/libffi" has no license declared
Component "alpine/libgcc" has no license declared
Component "alpine/libidn2" has no license declared
Component "alpine/libncursesw" has no license declared
Component "alpine/libpanelw" has no license declared
Component "alpine/libpsl" has no license declared
Component "alpine/libssl3" has no license declared
Component "alpine/libstdc++" has no license declared
Component "alpine/libunistring" has no license declared
Component "alpine/mpdecimal" has no license declared
Component "alpine/musl" has no license declared
Component "alpine/musl-utils" has no license declared
Component "alpine/ncurses-terminfo-base" has no license declared
Component "alpine/nghttp2" has no license declared
Component "alpine/nghttp2-libs" has no license declared
Component "alpine/openssl" has no license declared
Component "alpine/pax-utils" has no license declared
Component "alpine/pcre2" has no license declared
Component "alpine/pyc" has no license declared
Component "alpine/python3" has no license declared
Component "alpine/python3-pyc" has no license declared
Component "alpine/python3-pycache-pyc0" has no license declared
Component "alpine/readline" has no license declared
Component "alpine/scanelf" has no license declared
Component "alpine/sqlite-libs" has no license declared
Component "alpine/ssl_client" has no license declared
Component "alpine/xz-libs" has no license declared
Component "alpine/zlib" has no license declared
Component "alpine/zstd" has no license declared
Component "alpine/zstd-libs" has no license declared
Component "cloud.google.com/go" has no license declared
Component "cloud.google.com/go/auth/oauth2adapt" has no license declared
Component "cloud.google.com/go/monitoring" has no license declared
Component "cloud.google.com/go/storage" has no license declared
Component "cuelabs.dev/go/oci/ociregistry" has no license declared
Component "cuelang.org/go" has no license declared
Component "github.com/alibabacloud-go/cr-20160607" has no license declared
Component "github.com/aliyuncontainerservice/ack-ram-tool/pkg/credentials/provider" has no license declared
Component "github.com/aquasecurity/trivy-db" has no license declared
Component "github.com/asaskevich/govalidator" has no license declared
Component "github.com/aws/aws-sdk-go-v2/config" has no license declared
Component "github.com/aws/aws-sdk-go-v2/credentials" has no license declared
Component "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/s3" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/sso" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/sts" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/azcore" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/azidentity" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/internal" has no license declared
Component "github.com/cncf/xds/go" has no license declared
Component "github.com/containerd/platforms" has no license declared
Component "github.com/cyberphone/json-canonicalization" has no license declared
Component "github.com/go-json-experiment/json" has no license declared
Component "github.com/gocsaf/csaf/v3" has no license declared
Component "github.com/golang-jwt/jwt/v4" has no license declared
Component "github.com/golang-jwt/jwt/v5" has no license declared
Component "github.com/golang/groupcache" has no license declared
Component "github.com/google/go-containerregistry" has no license declared
Component "github.com/googlecloudplatform/grpc-gcp-go/grpcgcp" has no license declared
Component "github.com/googlecloudplatform/opentelemetry-operations-go/detectors/gcp" has no license declared
Component "github.com/googlecloudplatform/opentelemetry-operations-go/exporter/metric" has no license declared
Component "github.com/googlecloudplatform/opentelemetry-operations-go/internal/resourcemapping" has no license declared
Component "github.com/gorilla/websocket" has no license declared
Component "github.com/hashicorp/hcl" has no license declared
Component "github.com/l3montree-dev/devguard" has no license declared
Component "github.com/masahiro331/go-mvn-version" has no license declared
Component "github.com/moby/sys/user" has no license declared
Component "github.com/nozzle/throttler" has no license declared
Component "github.com/opencontainers/image-spec" has no license declared
Component "github.com/rust-secure-code/go-rustaudit" has no license declared
Component "github.com/sigstore/protobuf-specs" has no license declared
Component "github.com/sigstore/sigstore" has no license declared
Component "github.com/spf13/viper" has no license declared
Component "github.com/wasilibs/wazero-helpers" has no license declared
Component "github.com/xeipuuv/gojsonpointer" has no license declared
Component "github.com/xeipuuv/gojsonreference" has no license declared
Component "github.com/xeipuuv/gojsonschema" has no license declared
Component "github.com/zricethezav/gitleaks/v8" has no license declared
Component "gitlab.com/gitlab-org/api/client-go" has no license declared
Component "golang.org/x/crypto" has no license declared
Component "golang.org/x/exp" has no license declared
Component "golang.org/x/mod" has no license declared
Component "golang.org/x/net" has no license declared
Component "golang.org/x/oauth2" has no license declared
Component "golang.org/x/sync" has no license declared
Component "golang.org/x/sys" has no license declared
Component "golang.org/x/term" has no license declared
Component "golang.org/x/text" has no license declared
Component "golang.org/x/time" has no license declared
Component "golang.org/x/xerrors" has no license declared
Component "google.golang.org/genproto" has no license declared
Component "google.golang.org/genproto/googleapis/api" has no license declared
Component "google.golang.org/genproto/googleapis/rpc" has no license declared
Component "google.golang.org/protobuf" has no license declared
Component "gopkg.in/cheggaaa/pb.v1" has no license declared
Component "gopkg.in/evanphx/json-patch.v4" has no license declared
Component "gopkg.in/go-jose/go-jose.v2" has no license declared
Component "gopkg.in/inf.v0" has no license declared
Component "gopkg.in/ini.v1" has no license declared
Component "gopkg.in/warnings.v0" has no license declared
Component "gopkg.in/yaml.v3" has no license declared
Component "k8s.io/kube-openapi" has no license declared
Component "k8s.io/utils" has no license declared
Component "modernc.org/libc" has no license declared
Component "modernc.org/mathutil" has no license declared
Component "modernc.org/memory" has no license declared
Component "modernc.org/sqlite" has no license declared
Component "sigs.k8s.io/release-utils" has no license declared

Status

Evaluation result after comparing the policy with the current state of the asset
151 Violations
Update the attestation using the following command
devguard-scanner attest --token <Personal access token> --predicateType "https://cyclonedx.org/bom" <json file>

Create a Personal Access Token

To use the Devguard-Scanner, you need to create a Personal Access Token. You can create such a token by clicking the button below.

Manage your tokens
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version 667098114b5ef45c7830e7aa599604fa65eb818f