DevGuard Logo

/Devguard
Project
/devguard-scanner
Repository

Overview
Compliance
Code Risk-Handling
Dependency Risk-Handling
Dependencies

Only OSI approved licenses

This policy checks if there is no violation against the license allow list.

Control evaluation result

Component "/aiohappyeyeballs" uses non-OSI approved license "non-standard"
Component "/aiohttp" uses non-OSI approved license "non-standard"
Component "/autocommand" uses non-OSI approved license "LGPL-3.0"
Component "/beautifulsoup4" has no license declared
Component "/boltons" uses non-OSI approved license "non-standard"
Component "/boolean.py" uses non-OSI approved license "non-standard"
Component "/certifi" uses non-OSI approved license "non-standard"
Component "/cffi" uses non-OSI approved license "non-standard"
Component "/charset-normalizer" has no license declared
Component "/configargparse" has no license declared
Component "/contextlib2" has no license declared
Component "/decorator" has no license declared
Component "/defusedxml" uses non-OSI approved license "non-standard"
Component "/exceptiongroup" uses non-OSI approved license "non-standard"
Component "/face" uses non-OSI approved license "non-standard"
Component "/gitdb" uses non-OSI approved license "non-standard"
Component "/glom" uses non-OSI approved license "non-standard"
Component "/license-expression" uses non-OSI approved license "non-standard"
Component "/mdurl" uses non-OSI approved license "non-standard"
Component "/multidict" uses non-OSI approved license "non-standard"
Component "/my-test-package" has no license declared
Component "/networkx" uses non-OSI approved license "non-standard"
Component "/numpy" uses non-OSI approved license "non-standard"
Component "/packaging" uses non-OSI approved license "non-standard"
Component "/ply" has no license declared
Component "/prettytable" uses non-OSI approved license "non-standard"
Component "/protobuf" has no license declared
Component "/pycparser" uses non-OSI approved license "non-standard"
Component "/pygments" uses non-OSI approved license "non-standard"
Component "/python-dateutil" uses non-OSI approved license "non-standard"
Component "/regex" uses non-OSI approved license "non-standard"
Component "/ruamel.yaml" has no license declared
Component "/ruamel.yaml.clib" has no license declared
Component "/semantic-version" uses non-OSI approved license "non-standard"
Component "/sortedcontainers" has no license declared
Component "/stdlib" has no license declared
Component "/tqdm" uses non-OSI approved license "non-standard"
Component "/typeguard" uses non-OSI approved license "non-standard"
Component "/typing-extensions" uses non-OSI approved license "non-standard"
Component "/wcwidth" uses non-OSI approved license "non-standard"
Component "/wrapt" uses non-OSI approved license "non-standard"
Component "alpine/alpine-baselayout" has no license declared
Component "alpine/alpine-baselayout-data" has no license declared
Component "alpine/alpine-keys" has no license declared
Component "alpine/alpine-release" has no license declared
Component "alpine/apk-tools" has no license declared
Component "alpine/brotli" has no license declared
Component "alpine/brotli-libs" has no license declared
Component "alpine/busybox" has no license declared
Component "alpine/busybox-binsh" has no license declared
Component "alpine/c-ares" has no license declared
Component "alpine/ca-certificates" has no license declared
Component "alpine/ca-certificates-bundle" has no license declared
Component "alpine/curl" has no license declared
Component "alpine/gdbm" has no license declared
Component "alpine/git" has no license declared
Component "alpine/git-init-template" has no license declared
Component "alpine/libbz2" has no license declared
Component "alpine/libcrypto3" has no license declared
Component "alpine/libcurl" has no license declared
Component "alpine/libexpat" has no license declared
Component "alpine/libffi" has no license declared
Component "alpine/libgcc" has no license declared
Component "alpine/libidn2" has no license declared
Component "alpine/libncursesw" has no license declared
Component "alpine/libpanelw" has no license declared
Component "alpine/libpsl" has no license declared
Component "alpine/libssl3" has no license declared
Component "alpine/libstdc++" has no license declared
Component "alpine/libunistring" has no license declared
Component "alpine/mpdecimal" has no license declared
Component "alpine/musl" has no license declared
Component "alpine/musl-utils" has no license declared
Component "alpine/ncurses-terminfo-base" has no license declared
Component "alpine/nghttp2" has no license declared
Component "alpine/nghttp2-libs" has no license declared
Component "alpine/openssl" has no license declared
Component "alpine/pax-utils" has no license declared
Component "alpine/pcre2" has no license declared
Component "alpine/pyc" has no license declared
Component "alpine/python3" has no license declared
Component "alpine/python3-pyc" has no license declared
Component "alpine/python3-pycache-pyc0" has no license declared
Component "alpine/readline" has no license declared
Component "alpine/scanelf" has no license declared
Component "alpine/sqlite-libs" has no license declared
Component "alpine/ssl_client" has no license declared
Component "alpine/xz-libs" has no license declared
Component "alpine/zlib" has no license declared
Component "alpine/zstd" has no license declared
Component "alpine/zstd-libs" has no license declared
Component "cloud.google.com/go" has no license declared
Component "cloud.google.com/go/auth/oauth2adapt" has no license declared
Component "cloud.google.com/go/monitoring" has no license declared
Component "cloud.google.com/go/storage" has no license declared
Component "cuelabs.dev/go/oci/ociregistry" has no license declared
Component "cuelang.org/go" has no license declared
Component "github.com/aliyuncontainerservice/ack-ram-tool/pkg/credentials/provider" has no license declared
Component "github.com/apparentlymart/go-textseg/v15" uses non-OSI approved license "non-standard"
Component "github.com/aquasecurity/trivy-db" has no license declared
Component "github.com/asaskevich/govalidator" has no license declared
Component "github.com/aws/aws-sdk-go-v2/config" has no license declared
Component "github.com/aws/aws-sdk-go-v2/credentials" has no license declared
Component "github.com/aws/aws-sdk-go-v2/feature/ec2/imds" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/s3" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/sso" has no license declared
Component "github.com/aws/aws-sdk-go-v2/service/sts" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/azcore" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/azidentity" has no license declared
Component "github.com/azure/azure-sdk-for-go/sdk/internal" has no license declared
Component "github.com/bgentry/go-netrc" uses non-OSI approved license "non-standard"
Component "github.com/buildkite/interpolate" uses non-OSI approved license "non-standard"
Component "github.com/cloudflare/circl" uses non-OSI approved license "non-standard"
Component "github.com/cncf/xds/go" has no license declared
Component "github.com/containerd/platforms" has no license declared
Component "github.com/cyberphone/json-canonicalization" has no license declared
Component "github.com/cyberphone/json-canonicalization" uses non-OSI approved license "non-standard"
Component "github.com/digitorus/timestamp" uses non-OSI approved license "non-standard"
Component "github.com/dustin/go-humanize" uses non-OSI approved license "non-standard"
Component "github.com/emirpasic/gods" uses non-OSI approved license "non-standard"
Component "github.com/go-git/gcfg" uses non-OSI approved license "non-standard"
Component "github.com/go-json-experiment/json" has no license declared
Component "github.com/go-redis/redis/v8" uses non-OSI approved license "non-standard"
Component "github.com/godbus/dbus/v5" uses non-OSI approved license "non-standard"
Component "github.com/gogo/protobuf" uses non-OSI approved license "non-standard"
Component "github.com/golang-jwt/jwt/v4" has no license declared
Component "github.com/golang-jwt/jwt/v5" has no license declared
Component "github.com/golang/groupcache" has no license declared
Component "github.com/google/go-containerregistry" has no license declared
Component "github.com/gorilla/websocket" has no license declared
Component "github.com/hashicorp/hcl" has no license declared
Component "github.com/hashicorp/vault/api" uses non-OSI approved license "non-standard"
Component "github.com/in-toto/attestation" uses non-OSI approved license "non-standard"
Component "github.com/in-toto/in-toto-golang" uses non-OSI approved license "non-standard"
Component "github.com/kevinburke/ssh_config" uses non-OSI approved license "non-standard"
Component "github.com/klauspost/compress" uses non-OSI approved license "non-standard"
Component "github.com/l3montree-dev/devguard" has no license declared
Component "github.com/magiconair/properties" uses non-OSI approved license "non-standard"
Component "github.com/masahiro331/go-mvn-version" has no license declared
Component "github.com/masterminds/squirrel" uses non-OSI approved license "non-standard"
Component "github.com/moby/sys/user" has no license declared
Component "github.com/munnerz/goautoneg" uses non-OSI approved license "non-standard"
Component "github.com/nozzle/throttler" has no license declared
Component "github.com/opencontainers/go-digest" uses non-OSI approved license "non-standard"
Component "github.com/opencontainers/image-spec" has no license declared
Component "github.com/pelletier/go-toml/v2" uses non-OSI approved license "non-standard"
Component "github.com/pkg/browser" uses non-OSI approved license "non-standard"
Component "github.com/pkg/errors" uses non-OSI approved license "non-standard"
Component "github.com/pmezard/go-difflib" uses non-OSI approved license "non-standard"
Component "github.com/rcrowley/go-metrics" uses non-OSI approved license "non-standard"
Component "github.com/russross/blackfriday/v2" uses non-OSI approved license "non-standard"
Component "github.com/rust-secure-code/go-rustaudit" has no license declared
Component "github.com/shopspring/decimal" uses non-OSI approved license "non-standard"
Component "github.com/sigstore/protobuf-specs" has no license declared
Component "github.com/sigstore/sigstore" has no license declared
Component "github.com/spdx/tools-golang" uses non-OSI approved license "non-standard"
Component "github.com/spf13/viper" has no license declared
Component "github.com/syndtr/goleveldb" uses non-OSI approved license "non-standard"
Component "github.com/ulikunitz/xz" uses non-OSI approved license "non-standard"
Component "github.com/vmihailenco/msgpack/v5" uses non-OSI approved license "non-standard"
Component "github.com/vmihailenco/tagparser/v2" uses non-OSI approved license "non-standard"
Component "github.com/wasilibs/wazero-helpers" has no license declared
Component "github.com/xi2/xz" uses non-OSI approved license "non-standard"
Component "github.com/zricethezav/gitleaks/v8" has no license declared
Component "golang.org/x/crypto" has no license declared
Component "golang.org/x/exp" has no license declared
Component "golang.org/x/mod" has no license declared
Component "golang.org/x/net" has no license declared
Component "golang.org/x/oauth2" has no license declared
Component "golang.org/x/sync" has no license declared
Component "golang.org/x/sys" has no license declared
Component "golang.org/x/term" has no license declared
Component "golang.org/x/text" has no license declared
Component "golang.org/x/time" has no license declared
Component "golang.org/x/xerrors" has no license declared
Component "google.golang.org/genproto" has no license declared
Component "google.golang.org/genproto/googleapis/api" has no license declared
Component "google.golang.org/genproto/googleapis/rpc" has no license declared
Component "google.golang.org/protobuf" has no license declared
Component "gopkg.in/cheggaaa/pb.v1" has no license declared
Component "gopkg.in/evanphx/json-patch.v4" has no license declared
Component "gopkg.in/go-jose/go-jose.v2" has no license declared
Component "gopkg.in/inf.v0" has no license declared
Component "gopkg.in/ini.v1" has no license declared
Component "gopkg.in/warnings.v0" has no license declared
Component "gopkg.in/yaml.v3" has no license declared
Component "k8s.io/kube-openapi" has no license declared
Component "k8s.io/utils" has no license declared
Component "sigs.k8s.io/json" uses non-OSI approved license "non-standard"
Component "sigs.k8s.io/release-utils" has no license declared
Component "sigs.k8s.io/yaml" uses non-OSI approved license "non-standard"

Status

Evaluation result after comparing the policy with the current state of the asset
191 Violations
Update the attestation using the following command
devguard-scanner attest --predicateType "https://cyclonedx.org/bom" <json file>
GitHubImprintTerms of UsePrivacy
Copyright © 2025 L3montree GmbH and the DevGuard Contributors. All rights reserved. Version d51ba4d3f2ef56cdcc49e35bed410d86e1263d7a