This repository contains a configuration file for GitHub's Dependency Review action. It defines the set of allowed licenses for open source dependencies used across projects in our organization.
The goal of this repository is to centralize and standardize license policies. By explicitly listing allowed licenses, we ensure consistent license compliance and reduce legal risk when integrating third-party software.
- Path:
.github/dependency-review-config.yml - Type: GitHub Advanced Security policy configuration
- Purpose: Defines a whitelist of open source licenses that are permitted in the projects using this config.
To use this configuration in your own repository, add the following to your GitHub Actions workflow:
- uses: actions/dependency-review-action@v4
with:
config-file: 'hpi-schul-cloud/dependency-review-config/.github/dependency-review-config.yml@main'License Policy
The configuration explicitly lists licenses that have been reviewed and approved. Typical examples include:
- MIT
- Apache-2.0
- BSD-2-Clause
- BSD-3-Clause
- ISC
For the complete list, see the contents of the .github/dependency-review-config.yml file.