Merge pull request #19593 from dvdksn/scout-policy-copyleft-allowlist

scout policy copyleft allowlist
2024-03-11 11:19:08 +01:00 · 2024-03-11 11:19:08 +01:00 · d6de5de66c
parent 222db4c9af 66894a3860
commit d6de5de66c
2 changed files with 4 additions and 12 deletions
--- a/content/scout/policy/_index.md
+++ b/content/scout/policy/_index.md
@ -113,8 +113,9 @@ unsuitable for use in your software because of the restrictions they enforce.
 This policy is unfulfilled if your artifacts contain one or more packages with
 a violating license.

-You can configure the list of licenses by creating a custom policy, see
-[Configure policies](./configure.md).
+You can configure the list of licenses that this policy should look out for,
+and add exceptions by specifying an allow-list (in the form of PURLs).
+See [Configure policies](./configure.md).

 ### Outdated base images

--- a/content/scout/policy/configure.md
+++ b/content/scout/policy/configure.md
@ -17,16 +17,7 @@ edit the display name and description of the new policy to help distinguish
 it from the default policy it's based on.

 The available configuration parameters for a policy depends on the default
-policy you used as a base for your custom policy. The following table lists the
-default policies that you can configure, and the available configuration
-parameters that you can use to create a custom policy.
-
-| Default policy                            | Configuration parameters |
-| ----------------------------------------- | ------------------------ |
-| All critical vulnerabilities              | Severities               |
-| Copyleft licenses                         | License names            |
-| Fixable critical and high vulnerabilities | Severities, age          |
-| High-profile vulnerabilities              | CVEs                     |
+policy you used as a base for your custom policy.

 To configure a policy: