Comments (2)
Could you please share the full deny list, as well as the dependency that it's failing on?
from dependency-review-action.
`fail-on-severity: high
comment-summary-in-pr: never
warn-only: true
license-check: true
deny-licenses:
- Abstyles
- AdaCore-doc
- Adobe-2006
- Adobe-Glyph
- Adobe-Utopia
- ADSL
- Afmparse
- AGPL-1.0-only
- AGPL-1.0-or-later
- Aladdin
- AMDPLPA
- AML
- AMPAS
- ANTLR-PD-fallback
- ANTLR-PD
- APAFML
- App-s2p
- Arphic-1999
- ASWF-Digital-Assets-1.0
- ASWF-Digital-Assets-1.1
- Baekmuk
- Bahyph
- Barr
- Beerware
- Bitstream-Charter
- Bitstream-Vera
- BitTorrent-1.0
- blessing
- Boehm-GC
- Borceux
- BSD-2-Clause-Views
- BSD-3-Clause-Attribution
- BSD-3-Clause-flex
- BSD-3-Clause-HP
- BSD-3-Clause-Modification
- BSD-3-Clause-No-Military-License
- BSD-3-Clause-No-Nuclear-License-2014
- BSD-3-Clause-No-Nuclear-License
- BSD-3-Clause-No-Nuclear-Warranty
- BSD-3-Clause-Open-MPI
- BSD-3-Clause-Sun
- BSD-4-Clause-Shortened
- BSD-4-Clause-UC
- BSD-4.3RENO
- BSD-4.3TAHOE
- BSD-Advertising-Acknowledgement
- BSD-Attribution-HPND-disclaimer
- BSD-Inferno-Nettverk
- BSD-Protection
- BSD-Source-Code
- BSD-Systemics
- BUSL-1.1
- bzip2-1.0.6
- C-UDA-1.0
- Caldera
- CC-BY-1.0
- CC-BY-2.0
- CC-BY-2.5-AU
- CC-BY-2.5
- CC-BY-3.0-AT
- CC-BY-3.0-DE
- CC-BY-3.0-IGO
- CC-BY-3.0-NL
- CC-BY-3.0-US
- CC-BY-3.0
- CC-BY-NC-1.0
- CC-BY-NC-2.0
- CC-BY-NC-2.5
- CC-BY-NC-3.0-DE
- CC-BY-NC-3.0
- CC-BY-NC-4.0
- CC-BY-NC-ND-1.0
- CC-BY-NC-ND-2.0
- CC-BY-NC-ND-2.5
- CC-BY-NC-ND-3.0-DE
- CC-BY-NC-ND-3.0-IGO
- CC-BY-NC-ND-3.0
- CC-BY-NC-ND-4.0
- CC-BY-NC-SA-1.0
- CC-BY-NC-SA-2.0-DE
- CC-BY-NC-SA-2.0-FR
- CC-BY-NC-SA-2.0-UK
- CC-BY-NC-SA-2.0
- CC-BY-NC-SA-2.5
- CC-BY-NC-SA-3.0-DE
- CC-BY-NC-SA-3.0-IGO
- CC-BY-NC-SA-3.0
- CC-BY-NC-SA-4.0
- CC-BY-ND-1.0
- CC-BY-ND-2.0
- CC-BY-ND-2.5
- CC-BY-ND-3.0-DE
- CC-BY-ND-3.0
- CC-BY-ND-4.0
- CC-BY-SA-1.0
- CC-BY-SA-2.0-UK
- CC-BY-SA-2.0
- CC-BY-SA-2.1-JP
- CC-BY-SA-2.5
- CC-BY-SA-3.0-AT
- CC-BY-SA-3.0-DE
- CC-BY-SA-3.0-IGO
- CC-BY-SA-3.0
- CC-PDDC
- CDDL-1.1
- CDL-1.0
- CDLA-Permissive-1.0
- CDLA-Permissive-2.0
- CDLA-Sharing-1.0
- CECILL-1.0
- CECILL-1.1
- CERN-OHL-1.1
- CERN-OHL-1.2
- CFITSIO
- check-cvs
- checkmk
- Clips
- CMU-Mach
- CNRI-Jython
- CNRI-Python-GPL-Compatible
- COIL-1.0
- Community-Spec-1.0
- copyleft-next-0.3.0
- copyleft-next-0.3.1
- Cornell-Lossless-JPEG
- CPOL-1.02
- Cronyx
- Crossword
- CrystalStacker
- Cube
- curl
- D-FSL-1.0
- diffmark
- DL-DE-BY-2.0
- DL-DE-ZERO-2.0
- DOC
- Dotseqn
- DRL-1.0
- DSDP
- dtoa
- dvipdfm
- eGenix
- Elastic-2.0
- EPICS
- ErlPL-1.1
- etalab-2.0
- EUPL-1.0
- Eurosym
- FBM
- FDK-AAC
- Ferguson-Twofish
- FreeBSD-DOC
- FreeImage
- FSFUL
- FSFULLR
- FSFULLRWD
- Furuseth
- fwlw
- GD
- GFDL-1.1-invariants-only
- GFDL-1.1-invariants-or-later
- GFDL-1.1-no-invariants-only
- GFDL-1.1-no-invariants-or-later
- GFDL-1.2-invariants-only
- GFDL-1.2-invariants-or-later
- GFDL-1.2-no-invariants-only
- GFDL-1.2-no-invariants-or-later
- GFDL-1.3-invariants-only
- GFDL-1.3-invariants-or-later
- GFDL-1.3-no-invariants-only
- GFDL-1.3-no-invariants-or-later
- Giftware
- GL2PS
- Glide
- Glulxe
- GLWTPL
- GPL-1.0-only
- GPL-1.0-or-later
- Graphics-Gems
- gSOAP-1.3b
- HaskellReport
- Hippocratic-2.1
- HP-1986
- HP-1989
- HPND-DEC
- HPND-doc-sell
- HPND-doc
- HPND-export-US-modify
- HPND-export-US
- HPND-Markus-Kuhn
- HPND-Pbmplus
- HPND-sell-regexpr
- HPND-sell-variant-MIT-disclaimer
- HPND-sell-variant
- HPND-UC
- HTMLTIDY
- IBM-pibs
- IEC-Code-Components-EULA
- IJG-short
- ImageMagick
- Info-ZIP
- Inner-Net-2.0
- Intel-ACPI
- Interbase-1.0
- JasPer-2.0
- JPL-image
- JPNIC
- JSON
- Kastrup
- Kazlib
- Knuth-CTAN
- LAL-1.2
- LAL-1.3
- Latex2e-translated-notice
- Latex2e
- Leptonica
- LGPLLR
- libpng-2.0
- Libpng
- libselinux-1.0
- libtiff
- libutil-David-Nugent
- Linux-man-pages-1-para
- Linux-man-pages-copyleft-2-para
- Linux-man-pages-copyleft-var
- Linux-man-pages-copyleft
- Linux-OpenIB
- LOOP
- LPPL-1.0
- LPPL-1.1
- lsof
- Lucida-Bitmap-Fonts
- LZMA-SDK-9.11-to-9.20
- LZMA-SDK-9.22
- magaz
- MakeIndex
- Martin-Birgmeier
- McPhee-slideshow
- metamail
- Minpack
- MIT-advertising
- MIT-CMU
- MIT-enna
- MIT-feh
- MIT-Festival
- MIT-open-group
- MIT-testregex
- MIT-Wu
- MITNFA
- MMIXware
- MPEG-SSG
- mpi-permissive
- mpich2
- mplus
- MS-LPL
- MTLL
- MulanPSL-1.0
- Mup
- NAIST-2003
- NBPL-1.0
- NCGL-UK-2.0
- Net-SNMP
- NetCDF
- Newsletr
- NICTA-1.0
- NIST-PD-fallback
- NIST-PD
- NIST-Software
- NLOD-1.0
- NLOD-2.0
- NLPL
- Noweb
- NRL
- NTP-0
- O-UDA-1.0
- OCCT-PL
- ODC-By-1.0
- OFFIS
- OFL-1.0-no-RFN
- OFL-1.0-RFN
- OGC-1.0
- OGDL-Taiwan-1.0
- OGL-Canada-2.0
- OGL-UK-1.0
- OGL-UK-2.0
- OGL-UK-3.0
- OLDAP-1.1
- OLDAP-1.2
- OLDAP-1.3
- OLDAP-1.4
- OLDAP-2.0.1
- OLDAP-2.0
- OLDAP-2.1
- OLDAP-2.2.1
- OLDAP-2.2.2
- OLDAP-2.2
- OLDAP-2.4
- OLDAP-2.5
- OLDAP-2.6
- OML
- OpenPBS-2.3
- OPL-1.0
- OPL-UK-3.0
- OPUBL-1.0
- PADL
- Parity-6.0.0
- Parity-7.0.0
- PDDL-1.0
- Plexus
- pnmstitch
- PolyForm-Noncommercial-1.0.0
- PolyForm-Small-Business-1.0.0
- PSF-2.0
- psfrag
- psutils
- Python-2.0.1
- python-ldap
- Qhull
- QPL-1.0-INRIA-2004
- Rdisc
- RHeCos-1.1
- RSA-MD
- Saxpath
- SCEA
- SchemeReport
- Sendmail-8.23
- Sendmail
- SGI-B-1.0
- SGI-B-1.1
- SGI-OpenGL
- SGP4
- SHL-0.5
- SHL-0.51
- SISSL-1.2
- SL
- SMPPL
- SNIA
- snprintf
- Soundex
- Spencer-86
- Spencer-94
- Spencer-99
- ssh-keyscan
- SSH-OpenSSH
- SSH-short
- SSPL-1.0
- SugarCRM-1.1.3
- SunPro
- SWL
- swrule
- Symlinks
- TAPR-OHL-1.0
- TCL
- TCP-wrappers
- TermReadKey
- TMate
- TORQUE-1.1
- TOSL
- TPDL
- TPL-1.0
- TTWL
- TTYP0
- TU-Berlin-1.0
- TU-Berlin-2.0
- UCAR
- ulem
- Unicode-DFS-2015
- Unicode-TOU
- UnixCrypt
- URT-RLE
- VOSTROM
- W3C-19980720
- W3C-20150513
- w3m
- Widget-Workshop
- Wsuipa
- X11-distribute-modifications-variant
- Xdebug-1.03
- Xerox
- Xfig
- xlock
- xpp
- XSkat
- YPL-1.0
- Zed
- Zeeff
- Zimbra-1.4
- zlib-acknowledgement
- ZPL-1.1`
The dependency that it's failing on is in the report.
actions/checkout@4.*.* – License: MIT
from dependency-review-action.
Related Issues (20)
- Bug: Some repos get error "fetch failed" when fetching v4.2.3 HOT 3
- Action fails to decorate PR when text is too long HOT 2
- Deny Packages Icon should be Red X (not a yellow warning) HOT 3
- Feature Request: Block on unknown licenses HOT 1
- `warn_only` Does Not Apply When Using a Deny List HOT 1
- error "fetch failed" with v4.2.5 HOT 3
- Scorecard table URLs include duplicate https:// HOT 3
- Question: Is this action limited to revisions on the _default_ branch only? HOT 2
- Conflict between vulnerabilities in scorecard vs check
- v4.3.0 Causing PURL Processing Errors HOT 6
- Allow this action to run on branch HOT 4
- Latest release breaks dependabot HOT 3
- Configuring allow-dependencies-licenses fails the action HOT 3
- Error :- Purl String argument is required . HOT 4
- Adding a license in 'allow-dependencies-licenses' does not prevent it from being populated in "invalid-license-changes" HOT 5
- Job Summary Size Limitation aborts the job HOT 2
- `fail-on-severity` should still show lower severity vulnerabilities
- [BUG] When the report exceeds 64KB pr issue is not created since it exceeds max comment issue HOT 1
- Why is this not named `dependency-review` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dependency-review-action.