git-legal scans the libraries used by your project and flags potential compliance and compatibility issues, optionally based on policies that you configure.
To enable the git-legal engine, add the following to your .codeclimate.yml configuration file:
plugins: git-legal: enabled: true
The free community version of the git.legal engine allows you to allow or disallow the two categories of licenses that are most often of concern: Strong Copyleft and Affero Copyleft. These categories are disallowed by default - and unless your project is itself licensed under GPL or Affero GPL, you most likely want to keep these defaults.
You can change these policy settings directly in your .codeclimate.yml file:
plugins: git-legal: enabled: true config: allow_affero_copyleft: false allow_strong_copyleft: false
If you have subscription to git.legal pro (please contact [email protected] for trial license), you may further customize the policy settings for your specific needs:
plugins: git-legal: enabled: true config: allow_affero_copyleft: false allow_strong_copyleft: false allow_weak_copyleft: false # you may disallow permissive licenses if you want to explicitly approve ALL libraries allow_permissive: true # all standard license names and abbreviations (with or without version numbers) are recognized for your explicit whitelist/blacklists license_whitelist: ["LGPL-2.1", "BSD"] license_blacklist: ["Apache"] # by default, libraries not found in standard library repositories (rubygems.org, npm, etc) are permitted, as they're likely your own works, but you may wish to be more stringent and explicitly approve these allow_unknown_libraries: true
Updated about a year ago