docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

scout: update licensing policy name and description 

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
This commit is contained in:
David Karlsson 2023-09-26 16:24:35 +02:00
parent 2d050d2fc9
commit 392ce76849
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/vale/Vocab/Technology/accept.txt vendored
View File

@ -1,3 +1,4 @@
AGPLv3
APIs? APIs?
ARM ARM
AWS AWS
@ -25,6 +26,7 @@ Fargate
Fedora Fedora
Flink Flink
GPG GPG
GPLv3
GRUB GRUB
GeoNetwork GeoNetwork
Git Git

8
content/scout/policy/_index.md
View File

@ -60,7 +60,7 @@ Docker Scout ships the following three out-of-the-box policies:
- [Critical and high vulnerabilities with fixes](#critical-and-high-vulnerabilities-with-fixes) - [Critical and high vulnerabilities with fixes](#critical-and-high-vulnerabilities-with-fixes)
- [Critical vulnerabilities](#critical-vulnerabilities) - [Critical vulnerabilities](#critical-vulnerabilities)
- [Packages with GPL3+ licenses](#packages-with-gpl3-licenses) - [Packages with AGPLv3, GPLv3 licenses](#packages-with-agplv3-gplv3-licenses)
These policies are turned on by default for Scout-enabled repositories. There's These policies are turned on by default for Scout-enabled repositories. There's
currently no way to turn off or configure these policies. currently no way to turn off or configure these policies.
@ -90,10 +90,12 @@ more critical vulnerabilities.
This policy flags all critical vulnerabilities, whether or not there's a fix This policy flags all critical vulnerabilities, whether or not there's a fix
version available. version available.
### Packages with GPL3+ licenses ### Packages with AGPLv3, GPLv3 licenses
This policy requires that your artifacts don't contain packages distributed This policy requires that your artifacts don't contain packages distributed
under a GPL3+ [copyleft](https://en.wikipedia.org/wiki/Copyleft) license. under an AGPLv3 or GPLv3 license. These licenses are protective
[copyleft](https://en.wikipedia.org/wiki/Copyleft), and may be unsuitable for
use in your software because of the restrictions they enforce.
This policy is unfulfilled if your artifacts contain one or more packages with This policy is unfulfilled if your artifacts contain one or more packages with
a violating license. a violating license.

6
content/scout/policy/view.md
View File

@ -72,9 +72,9 @@ version that removes the vulnerability, when a fix version is available. To fix
the issue, upgrade the package version to the fix version. the issue, upgrade the package version to the fix version.
For licensing-related policies, the list shows all packages whose license For licensing-related policies, the list shows all packages whose license
doesn't meet the policy criteria. To fix the issue, look for an alternative doesn't meet the policy criteria. To fix the issue, find a way to remove the
package distributed under a more appropriate license, or cut the dependency by dependency to the violating package, for example by looking for an alternative
reimplementing the functionality in your own code. package distributed under a more appropriate license.
## CLI ## CLI