Skip to content

v1.41.0

Latest
Latest

Choose a tag to compare

View all tags
@isasmendiagus isasmendiagus released this 17 Nov 16:17
· 5 commits to main since this release
v1.41.0
a42511a
This commit was signed with the committer’s verified signature.
isasmendiagus Agustin Isasmendi
GPG key ID: DDEA0A31E52E334A
Verified
Learn about vigilant mode.

What's Changed

Added

  • Added --license-sources (-ls) option to copyleft inspection
    • Filter which license sources to check (component_declared, license_file, file_header, file_spdx_tag, scancode)
    • Supports both -ls source1 source2 and -ls source1 -ls source2 syntax

Changed

  • Switched to OSADL authoritative copyleft license data

    • Copyleft detection now uses OSADL (Open Source Automation Development Lab) checklist data
    • Adds missing -or-later license variants (GPL-2.0-or-later, GPL-3.0-or-later, LGPL-2.1-or-later, etc.)
    • Expands copyleft coverage from 21 to 32 licenses
    • Custom include/exclude/explicit filters still use legacy behavior for backward compatibility
    • Dataset attribution added to README (CC-BY-4.0 license)

  • Copyleft inspection now defaults to component-level licenses only (component_declared, license_file)

    • Reduces noise from file-level license detections (file_header, scancode)
    • Use -ls to override and check specific sources

Fixed

  • Fixed the terminal cursor disappearing after aborting scan with Ctrl+C

Full Changelog: v1.40.1...v1.41.0

Assets 2
Loading