git-legal scans the libraries used by your project and flags potential compliance and compatibility issues, optionally based on policies that you configure.
To enable the git-legal engine, add the following to your .codeclimate.yml configuration file:
engines git-legal enabledtrue ratings paths "Gemfile*" "*.gemspec" "package.json" "yarn.lock" "requirements.txt" "composer.*"
You can also enable the engine via the CLI with
codeclimate engines:enable git-legal.
More information about the CLI is available in the README here: https://github.com/codeclimate/codeclimate
The free community version of the git.legal engine allows you to allow or disallow the two categories of licenses that are most often of concern: Strong Copyleft and Affero Copyleft. These categories are disallowed by default - and unless your project is itself licensed under GPL or Affero GPL, you most likely want to keep these defaults.
You can change these policy settings directly in your .codeclimate.yml file:
engine git-legal enabledtrue config allow_affero_copyleftfalse allow_strong_copyleftfalse
If you have subscription to git.legal pro (please contact firstname.lastname@example.org for trial license), you may further customize the policy settings for your specific needs:
engine git-legal enabledtrue config allow_affero_copyleftfalse allow_strong_copyleftfalse allow_weak_copyleftfalse # you may disallow permissive licenses if you want to explicitly approve ALL libraries allow_permissivetrue # all standard license names and abbreviations (with or without version numbers) are recognized for your explicit whitelist/blacklists license_whitelist"LGPL-2.1" "BSD" license_blacklist"Apache" # by default, libraries not found in standard library repositories (rubygems.org, npm, etc) are permitted, as they're likely your own works, but you may wish to be more stringent and explicitly approve these allow_unknown_librariestrue