Add license scan report and status #1345
Conversation
Signed off by: fossabot <badges@fossa.com>
github-actions
bot
added
documentation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds FOSSA badges to the README.md for license scanning and status, which is a good initiative for transparency. The changes are straightforward, primarily involving additions to the README file. I have one suggestion to enhance the clarity of the new 'License' section.
Summary of Findings
- README License Section Clarity: The new 'License' section in
README.md(lines 75-76) could be enhanced by explicitly stating the project's license (e.g., Apache 2.0) alongside the FOSSA badge. This would clarify that the section provides information about the project's own license, in addition to the FOSSA scan results for dependencies. - README Formatting: Missing EOF Newline: The
README.mdfile, after these changes, will be missing a newline character at the very end (after the FOSSA badge on line 76). It's a common convention for text files to end with a newline for better compatibility with various tools. (Severity:low, not commented per review settings).
Merge Readiness
This pull request is a positive step towards better license transparency by integrating FOSSA badges. There is one medium severity suggestion to improve the clarity of the newly added 'License' section in the README.md. Addressing this point would make the information more complete and easier for users to understand.
Therefore, I recommend that these changes be considered before merging. As an AI reviewer, I am not authorized to approve pull requests; please ensure this PR undergoes further human review and approval.
| ## License | ||
| [](https://app.fossa.com/projects/git%2Bgithub.com%2Fbootc-dev%2Fbootc?ref=badge_large) |
There was a problem hiding this comment.
The new 'License' section is a good addition, and the FOSSA badge provides valuable insight into dependency licenses. However, the section currently only contains the badge. To improve clarity for users seeking the project's own license terms, could we consider explicitly stating the project's license here?
For example, you could mention the primary license (e.g., Apache 2.0) and link to the LICENSE-APACHE file, then present the FOSSA badge as a report on dependency licenses. This would make the section more comprehensive.
| ## License | |
| [](https://app.fossa.com/projects/git%2Bgithub.com%2Fbootc-dev%2Fbootc?ref=badge_large) | |
| ## License | |
| This project is primarily licensed under the Apache License 2.0. For details, please see the [LICENSE-APACHE](./LICENSE-APACHE) file. | |
| For a scan of dependencies and their licenses, see the FOSSA report below: | |
| [](https://app.fossa.com/projects/git%2Bgithub.com%2Fbootc-dev%2Fbootc?ref=badge_large) |
|
This seemed to not pick up the Rust dependencies...need to figure that out |
Your FOSSA integration was successful! Attached in this PR is a badge and license report to track scan status in your README.
Below are docs for integrating FOSSA license checks into your CI: