syntaqx/dependency-review-config.yml

## dependency-review-config.yml
fail_on_severity: 'low'
license-check: true
vulnerability-check: true

# You do not need Legal approval to use code licensed under these licenses, for
# any use case.
allow_licenses:
  - oAFL-1.1
  - oAFL-1.2
  - oAFL-2.0
  - oAFL-2.1
  - oAFL-3.0
  - AMPAS
  - APAFML
  - ADSL
  - AMDPLPA
  - ANTLR-PD-fallback
  - ANTLR-PD
  - oApache-1.0
  - oApache-1.1
  - oApache-2.0
  - AML
  - Artistic-2.0
  - Bahyph
  - Barr
  - BlueOak-1.0.0
  - BSL-1.0
  - BSD-1-Clause
  - BSD-2-Clause
  - BSD-2-Clause-FreeBSD
  - BSD-2-Clause-NetBSD
  - BSD-2-Clause-Views
  - BSD-3-Clause
  - BSD-3-Clause-Clear
  - BSD-3-Clause-Modification
  - BSD-3-Clause-No-Nuclear-License-2014
  - BSD-3-Clause-No-Nuclear-Warranty
  - BSD-3-Clause-Open-MPI
  - BSD-4-Clause
  - BSD-4-Clause-Shortened
  - BSD-Source-Code
  - BSD-3-Clause-Attribution
  - 0BSD
  - BSD-2-Clause-Patent
  - BSD-4-Clause-UC
  - bzip2-1.0.5
  - bzip2-1.0.6
  - CC-BY-1.0
  - CC-BY-2.0
  - CC-BY-2.5
  - CC-BY-3.0
  - CC-BY-4.0
  - MIT-CMU
  - CNRI-Jython
  - CNRI-Python
  - CNRI-Python-
  - GPL-Compatible
  - CC0-1.0
  - Cube
  - curl
  - DSDP
  - ECL-1.0
  - ECL-2.0
  - eGenix
  - MIT-advertising
  - MIT-enna
  - Entessa
  - MIT-feh
  - FTL
  - HTMLTIDY
  - IBM-pibs
  - ICU
  - ImageMagick
  - Info-ZIP
  - Intel
  - ISC
  - JasPer-2.0
  - LPPL-1.3c
  - BSD-3-Clause-LBNL
  - Libpng
  - libtiff
  - Linux-OpenIB
  - MTLL
  - MS-PL
  - MITNFA
  - MIT-Modern-Variant
  - MIT
  - MIT-0
  - MIT-open-group
  - MulanPSL-1.0
  - MulanPSL-2.0
  - Multics
  - Mup
  - Naumen
  - NetCDF
  - Net-SNMP
  - NTP
  - OLDAP-2.2.2
  - OLDAP-2.0
  - OLDAP-2.0.1
  - OLDAP-2.1
  - OLDAP-2.2
  - OLDAP-2.2.1
  - OLDAP-2.3
  - OLDAP-2.4
  - OLDAP-2.5
  - OLDAP-2.6
  - OLDAP-2.7
  - OLDAP-2.8
  - OML
  - OpenSSL
  - PHP-3.0
  - PHP-3.01
  - Plexus
  - libpng-2.0
  - PostgreSQL
  - Python-2.0
  - PSF-2.0
  - Ruby
  - Saxpath
  - SWL
  - SGI-B-2.0
  - Spencer-99
  - SMLNJ
  - TCL
  - TCP-wrappers
  - Unlicense
  - Unicode-DFS-2015
  - Unicode-DFS-2016
  - UPL-1.0
  - NCSA
  - VSL-1.0
  - W3C
  - Xnet
  - X11
  - Xerox
  - XFree86-1.1
  - xpp
  - Zlib
  - zlib-acknowledgement
  - ZPL-2.0
  - ZPL-2.1

# Caution.. not sure what to do with these correctly.
# You must obtain Legal approval to distribute code licensed under these
# licenses. You do not need Legal approval to make internal use of code licensed
# under these licenses.
caution_licenses:
  - BSD-Protection
  - oCDDL-1.0
  - oCDDL-1.1
  - (CPL-1.0)
  - ocopyleft-next-0.3.0
  - ocopyleft-next-0.3.1
  - oCC-BY-SA-1.0
  - oCC-BY-SA-2.0
  - oCC-BY-SA-2.5
  - oCC-BY-SA-3.0
  - oCC-BY-SA-4.0
  - oEPL-1.0
  - oEPL-2.0
  - ErlPL-1.1
  - IPL-1.0
  - oGPL-1.0-only
  - oGPL-1.0-or-later
  - oGPL-2.0-only
  - oGPL-2.0-or-later
  - oGPL-3.0-only
  - oGPL-3.0-or-later
  - oGPL-2.0-only WITH Autoconf-exception-2.0
  - oGPL-3.0-only WITH Autoconf-exception-3.0
  - oGPL-2.0-only WITH Bison-exception-2.2
  - oGPL-2.0-only WITH Classpath-exception-2.0
  - oGPL-2.0-only WITH Font-exception-2.0
  - oGPL-2.0-only WITH GCC-exception-2.0
  - oGPL-2.0-only WITH GCC-exception-3.1
  - oLGPL-2.0-only
  - oLGPL-2.0-or-later
  - oLGPL-2.1-only
  - oLGPL-2.1-or-later
  - oLGPL-3.0-only
  - oLGPL-3.0-or-later
  - oMPL-1.0
  - oMPL-1.1
  - oMPL-2.0
  - oMPL-2.0-no-copyleft-exception
  - MS-RL
  - QPL-1.0
  - Sleepycat
  - SPL-1.0

# You must obtain Legal approval to use any code licensed under these
disallow_licenses:
  - AAL
  - Adobe-2006
  - oAGPL-1.0-only
  - oAGPL-1.0-or-later
  - oAGPL-3.0-only
  - oAGPL-3.0-or-later
  - Afmparse
  - oAPSL-1.0
  - oAPSL-1.1
  - oAPSL-1.2
  - oAPSL-2.0
  - Artistic-1.0
  - Artistic-1.0-cl8
  - Artistic-1.0-Perl
  - Beerware
  - blessing
  - Borceux
  - CECILL-B
  - ClArtistic
  - CPAL-1.0
  - Condor-1.1
  - Crossword
  - oCAL-1.0
  - oCAL-1.0-Combined-Work-Exception
  - CrystalStacker
  - diffmark
  - DOC
  - EFL-1.0
  - EFL-2.0
  - oEUPL-1.0
  - oEUPL-1.1
  - oEUPL-1.2
  - Fair
  - FSFUL
  - FSFULLR
  - Giftware
  - HPND
  - IJG
  - Leptonica
  - LPL-1.0
  - LPL-1.02
  - MirOS
  - mpich2
  - NASA-1.3
  - NBPL-1.0
  - Newsletr
  - NLPL
  - NPOSL-3.0
  - NRL
  - OGTSL
  - OLDAP-1.1
  - OLDAP-1.2
  - OLDAP-1.3
  - OLDAP-1.4
  - oOSL-1.0
  - oOSL-1.1
  - oOSL-2.0
  - oOSL-2.1
  - oOSL-3.0
  - oParity-6.0.0
  - oPaity-7.0.0
  - psutils
  - Qhull
  - rdisc
  - RPSL-1.0
  - oRPL-1.1
  - oRPL-1.5
  - RSA-MD
  - SSPL-1.0
  - Spencer-86
  - Spencer-94
  - TU-Berlin-1.0
  - TU-Berlin-2.0
  - Vim
  - W3C-19980720
  - W3C-20150513
  - Wsuipa
  - WTFPL
  - xinetd
  - Zed
  - Zend-2.0
  - ZPL-1.1

## dependency-review.yml
name: 'Dependency Review'
on: [pull_request]

permissions:
  contents: read

jobs:
  dependency-review:
    runs-on: ubuntu-latest
    steps:
      - name: 'Checkout Repository'
        uses: actions/checkout@v3
      - name: 'Dependency Review'
        uses: actions/dependency-review-action@v3
        with:
          config-file: './.github/dependency-review-config.yml'
	fail_on_severity: 'low'
	license-check: true
	vulnerability-check: true

	# You do not need Legal approval to use code licensed under these licenses, for
	# any use case.
	allow_licenses:
	- oAFL-1.1
	- oAFL-1.2
	- oAFL-2.0
	- oAFL-2.1
	- oAFL-3.0
	- AMPAS
	- APAFML
	- ADSL
	- AMDPLPA
	- ANTLR-PD-fallback
	- ANTLR-PD
	- oApache-1.0
	- oApache-1.1
	- oApache-2.0
	- AML
	- Artistic-2.0
	- Bahyph
	- Barr
	- BlueOak-1.0.0
	- BSL-1.0
	- BSD-1-Clause
	- BSD-2-Clause
	- BSD-2-Clause-FreeBSD
	- BSD-2-Clause-NetBSD
	- BSD-2-Clause-Views
	- BSD-3-Clause
	- BSD-3-Clause-Clear
	- BSD-3-Clause-Modification
	- BSD-3-Clause-No-Nuclear-License-2014
	- BSD-3-Clause-No-Nuclear-Warranty
	- BSD-3-Clause-Open-MPI
	- BSD-4-Clause
	- BSD-4-Clause-Shortened
	- BSD-Source-Code
	- BSD-3-Clause-Attribution
	- 0BSD
	- BSD-2-Clause-Patent
	- BSD-4-Clause-UC
	- bzip2-1.0.5
	- bzip2-1.0.6
	- CC-BY-1.0
	- CC-BY-2.0
	- CC-BY-2.5
	- CC-BY-3.0
	- CC-BY-4.0
	- MIT-CMU
	- CNRI-Jython
	- CNRI-Python
	- CNRI-Python-
	- GPL-Compatible
	- CC0-1.0
	- Cube
	- curl
	- DSDP
	- ECL-1.0
	- ECL-2.0
	- eGenix
	- MIT-advertising
	- MIT-enna
	- Entessa
	- MIT-feh
	- FTL
	- HTMLTIDY
	- IBM-pibs
	- ICU
	- ImageMagick
	- Info-ZIP
	- Intel
	- ISC
	- JasPer-2.0
	- LPPL-1.3c
	- BSD-3-Clause-LBNL
	- Libpng
	- libtiff
	- Linux-OpenIB
	- MTLL
	- MS-PL
	- MITNFA
	- MIT-Modern-Variant
	- MIT
	- MIT-0
	- MIT-open-group
	- MulanPSL-1.0
	- MulanPSL-2.0
	- Multics
	- Mup
	- Naumen
	- NetCDF
	- Net-SNMP
	- NTP
	- OLDAP-2.2.2
	- OLDAP-2.0
	- OLDAP-2.0.1
	- OLDAP-2.1
	- OLDAP-2.2
	- OLDAP-2.2.1
	- OLDAP-2.3
	- OLDAP-2.4
	- OLDAP-2.5
	- OLDAP-2.6
	- OLDAP-2.7
	- OLDAP-2.8
	- OML
	- OpenSSL
	- PHP-3.0
	- PHP-3.01
	- Plexus
	- libpng-2.0
	- PostgreSQL
	- Python-2.0
	- PSF-2.0
	- Ruby
	- Saxpath
	- SWL
	- SGI-B-2.0
	- Spencer-99
	- SMLNJ
	- TCL
	- TCP-wrappers
	- Unlicense
	- Unicode-DFS-2015
	- Unicode-DFS-2016
	- UPL-1.0
	- NCSA
	- VSL-1.0
	- W3C
	- Xnet
	- X11
	- Xerox
	- XFree86-1.1
	- xpp
	- Zlib
	- zlib-acknowledgement
	- ZPL-2.0
	- ZPL-2.1

	# Caution.. not sure what to do with these correctly.
	# You must obtain Legal approval to distribute code licensed under these
	# licenses. You do not need Legal approval to make internal use of code licensed
	# under these licenses.
	caution_licenses:
	- BSD-Protection
	- oCDDL-1.0
	- oCDDL-1.1
	- (CPL-1.0)
	- ocopyleft-next-0.3.0
	- ocopyleft-next-0.3.1
	- oCC-BY-SA-1.0
	- oCC-BY-SA-2.0
	- oCC-BY-SA-2.5
	- oCC-BY-SA-3.0
	- oCC-BY-SA-4.0
	- oEPL-1.0
	- oEPL-2.0
	- ErlPL-1.1
	- IPL-1.0
	- oGPL-1.0-only
	- oGPL-1.0-or-later
	- oGPL-2.0-only
	- oGPL-2.0-or-later
	- oGPL-3.0-only
	- oGPL-3.0-or-later
	- oGPL-2.0-only WITH Autoconf-exception-2.0
	- oGPL-3.0-only WITH Autoconf-exception-3.0
	- oGPL-2.0-only WITH Bison-exception-2.2
	- oGPL-2.0-only WITH Classpath-exception-2.0
	- oGPL-2.0-only WITH Font-exception-2.0
	- oGPL-2.0-only WITH GCC-exception-2.0
	- oGPL-2.0-only WITH GCC-exception-3.1
	- oLGPL-2.0-only
	- oLGPL-2.0-or-later
	- oLGPL-2.1-only
	- oLGPL-2.1-or-later
	- oLGPL-3.0-only
	- oLGPL-3.0-or-later
	- oMPL-1.0
	- oMPL-1.1
	- oMPL-2.0
	- oMPL-2.0-no-copyleft-exception
	- MS-RL
	- QPL-1.0
	- Sleepycat
	- SPL-1.0

	# You must obtain Legal approval to use any code licensed under these
	disallow_licenses:
	- AAL
	- Adobe-2006
	- oAGPL-1.0-only
	- oAGPL-1.0-or-later
	- oAGPL-3.0-only
	- oAGPL-3.0-or-later
	- Afmparse
	- oAPSL-1.0
	- oAPSL-1.1
	- oAPSL-1.2
	- oAPSL-2.0
	- Artistic-1.0
	- Artistic-1.0-cl8
	- Artistic-1.0-Perl
	- Beerware
	- blessing
	- Borceux
	- CECILL-B
	- ClArtistic
	- CPAL-1.0
	- Condor-1.1
	- Crossword
	- oCAL-1.0
	- oCAL-1.0-Combined-Work-Exception
	- CrystalStacker
	- diffmark
	- DOC
	- EFL-1.0
	- EFL-2.0
	- oEUPL-1.0
	- oEUPL-1.1
	- oEUPL-1.2
	- Fair
	- FSFUL
	- FSFULLR
	- Giftware
	- HPND
	- IJG
	- Leptonica
	- LPL-1.0
	- LPL-1.02
	- MirOS
	- mpich2
	- NASA-1.3
	- NBPL-1.0
	- Newsletr
	- NLPL
	- NPOSL-3.0
	- NRL
	- OGTSL
	- OLDAP-1.1
	- OLDAP-1.2
	- OLDAP-1.3
	- OLDAP-1.4
	- oOSL-1.0
	- oOSL-1.1
	- oOSL-2.0
	- oOSL-2.1
	- oOSL-3.0
	- oParity-6.0.0
	- oPaity-7.0.0
	- psutils
	- Qhull
	- rdisc
	- RPSL-1.0
	- oRPL-1.1
	- oRPL-1.5
	- RSA-MD
	- SSPL-1.0
	- Spencer-86
	- Spencer-94
	- TU-Berlin-1.0
	- TU-Berlin-2.0
	- Vim
	- W3C-19980720
	- W3C-20150513
	- Wsuipa
	- WTFPL
	- xinetd
	- Zed
	- Zend-2.0
	- ZPL-1.1
	name: 'Dependency Review'
	on: [pull_request]

	permissions:
	contents: read

	jobs:
	dependency-review:
	runs-on: ubuntu-latest
	steps:
	- name: 'Checkout Repository'
	uses: actions/checkout@v3
	- name: 'Dependency Review'
	uses: actions/dependency-review-action@v3
	with:
	config-file: './.github/dependency-review-config.yml'