Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement a license inventory ⚖️ #594

Open
11 tasks
JamieSlome opened this issue Jun 7, 2024 · 0 comments
Open
11 tasks

Implement a license inventory ⚖️ #594

JamieSlome opened this issue Jun 7, 2024 · 0 comments
Assignees
Labels
enhancement New feature or request

Comments

@JamieSlome
Copy link
Member

JamieSlome commented Jun 7, 2024

Is your feature request related to a problem? Please describe.

Open source projects are almost always coupled with an open source license. Common examples of licenses include Apache-2.0 and MIT however there are a significant number of other licenses which apply certain restrictions and expectations on code that is contributed and how it is reused. A crucial part of enabling open source contribution at organisations is deciding what open source licenses are permissible for contribution. An Open Source Program Office will or should typically define a list of licenses that have been approved for contribution. GitProxy serves as a control point for ensuring that contributions that flow from inside a company network to the open source ecosystem are to projects under licenses that have been approved.

Describe the solution you'd like
A clear and concise description of what you want to happen.

  • Define a data model and API structure for the license inventory #604
  • Design UI components for the license inventory and project licenses #608
  • GitProxy should provide controls for the addition and removal of licenses to the inventory
  • GitProxy should automatically re-certify the state of a license on a periodic basis, i.e. has it changed to a different license
  • GitProxy should verify the license implications of a contribution at point of push by a developer
  • Every project in the project inventory should store a license field with its relevant license
  • On creation of a new project, the license of the project should be pre-populated or at least selectable by an administrator
  • On clone of an unidentified and unapproved project, automatically identify all licenses in some project
  • Automatically detect the usage of unapproved licenses or license headers in contributions
  • Track the state of a license over time, i.e. approved, unapproved
  • Implement the license inventory as its own deployable service
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant