Description
Is your feature request related to a problem? Please describe.
Open source projects are almost always coupled with an open source license. Common examples of licenses include Apache-2.0 and MIT however there are a significant number of other licenses which apply certain restrictions and expectations on code that is contributed and how it is reused. A crucial part of enabling open source contribution at organisations is deciding what open source licenses are permissible for contribution. An Open Source Program Office will or should typically define a list of licenses that have been approved for contribution. GitProxy serves as a control point for ensuring that contributions that flow from inside a company network to the open source ecosystem are to projects under licenses that have been approved.
Describe the solution you'd like
A clear and concise description of what you want to happen.
- Define a data model and API structure for the license inventory #604
- Design UI components for the license inventory and project licenses #608
- GitProxy should provide controls for the addition and removal of licenses to the inventory
- GitProxy should automatically re-certify the state of a license on a periodic basis, i.e. has it changed to a different license
- GitProxy should verify the license implications of a contribution at point of push by a developer
- Every project in the project inventory should store a license field with its relevant license
- On creation of a new project, the license of the project should be pre-populated or at least selectable by an administrator
- On clone of an unidentified and unapproved project, automatically identify all licenses in some project
- Automatically detect the usage of unapproved licenses or license headers in contributions
- Track the state of a license over time, i.e. approved, unapproved
- Implement the license inventory as its own deployable service