License Scan report
Project: cncf
Subproject: kubernetes
Snapshot on: 2022-10-13 (show repos)
Subproject: kubernetes
Snapshot on: 2022-10-13 (show repos)
| api | 0184bd88 |
| apiextensions-apiserver | 8e0697bd |
| apimachinery | 78d003cc |
| apiserver | db8c02bd |
| autoscaler | 37c4ff15 |
| cli-runtime | 15cac502 |
| client-go | e6d958c7 |
| cloud-provider | bb1e9049 |
| cloud-provider-alibaba-cloud | daddcdf1 |
| cloud-provider-aws | eb83663f |
| cloud-provider-gcp | ae91c1fc |
| cloud-provider-openstack | 95e2de61 |
| cloud-provider-sample | c8fd0d35 |
| cloud-provider-vsphere | 138e46b8 |
| cluster-bootstrap | da0ababf |
| code-generator | 27bd7d92 |
| component-base | c77c317a |
| controller-manager | ac40a7a7 |
| cri-api | f378c7a5 |
| csi-api | 94ac839b |
| csi-translation-lib | 28ddbc55 |
| dashboard | 6e3ef1f9 |
| dns | 06504f29 |
| examples | 8c357b6f |
| gengo | fad74ee6 |
| git-sync | 34c33c72 |
| ingress-gce | bfe6bcf9 |
| ingress-nginx | f89bd6d3 |
| klog | cb9292a1 |
| kms | bf322548 |
| kompose | a4413b25 |
| kops | f204fb6f |
| kube-aggregator | aeee0d22 |
| kube-controller-manager | b0a7eb1b |
| kube-openapi | 172d655c |
| kube-proxy | 11b16693 |
| kube-scheduler | ea562c3d |
| kube-state-metrics | 12402a56 |
| kubeadm | 43768f47 |
| kubectl | bb0ea31c |
| kubelet | f1a3fb17 |
| kubernetes | be5ed7bd |
| legacy-cloud-providers | 9033c75a |
| metrics | 61675827 |
| minikube | 438f6e54 |
| mount-utils | 0141062e |
| node-api | 03155dcb |
| node-problem-detector | 2f959a77 |
| perf-tests | c2651e8d |
| publishing-bot | f74abaea |
| release | 77744ef6 |
| repo-infra | 201dcad9 |
| sample-apiserver | 0f2da5bf |
| sample-cli-plugin | 7bd4795d |
| sample-controller | cfaf8d4d |
| test-infra | 654386a2 |
| utils | cfd413dd |
Key findings:
| Finding #1 |
| Priority: Very High |
|
This file contains a license notice originating from a non-OSS SDK from NVIDIA. It permits use of the software, but does not appear to permit modification, redistribution, etc. This file should likely be removed from the repo.
|
| 6 files (show files) |
|
kubernetes-2022-10-13.zip/autoscaler/cluster-autoscaler/vendor/github.com/mindprince/gonvml/NVML_NOTICE
kubernetes-2022-10-13.zip/autoscaler/cluster-autoscaler/vendor/github.com/mindprince/gonvml/nvml.h kubernetes-2022-10-13.zip/autoscaler/vertical-pod-autoscaler/e2e/vendor/github.com/mindprince/gonvml/NVML_NOTICE kubernetes-2022-10-13.zip/autoscaler/vertical-pod-autoscaler/e2e/vendor/github.com/mindprince/gonvml/nvml.h kubernetes-2022-10-13.zip/kubernetes/vendor/github.com/mindprince/gonvml/NVML_NOTICE kubernetes-2022-10-13.zip/kubernetes/vendor/github.com/mindprince/gonvml/nvml.h |
| Finding #2 |
| Priority: Very High |
|
This code is under the GPL license and could contaminate the entire codebase, it must be removed from the repo.
|
| 6 files (show files) |
|
kubernetes-2022-10-13.zip/minikube/deploy/iso/minikube-iso/package/crun/crun.mk
kubernetes-2022-10-13.zip/minikube/deploy/iso/minikube-iso/package/pahole/pahole.mk kubernetes-2022-10-13.zip/minikube/deploy/iso/minikube-iso/package/sysdig/sysdig.mk kubernetes-2022-10-13.zip/autoscaler/cluster-autoscaler/vendor/github.com/cilium/ebpf/syscalls.go kubernetes-2022-10-13.zip/autoscaler/vertical-pod-autoscaler/e2e/vendor/github.com/cilium/ebpf/syscalls.go kubernetes-2022-10-13.zip/kubernetes/vendor/github.com/cilium/ebpf/syscalls.go |
| Finding #3 |
| Priority: High |
|
Parts of Heketi are released under Apache, GPL, or LGPL. If you are only using Apache licnesed code you will need to carefully remove everything under GPL or LGPL. Otherwise you will need to be certain it is only used as a dynamically linked library with no combined code.
|
| 1 file (show files) |
|
kubernetes-2022-10-13.zip/autoscaler/cluster-autoscaler/vendor/github.com/heketi/heketi/COPYING-GPLV2
|
| Finding #4 |
| Priority: Medium |
|
This code is under the MPL-2.0 license which is weak copyleft. Be sure that it is used only as dynamic libraries, to be safe if it's not required remove it from your repo.
|
| 25 files (show files) |
|
kubernetes-2022-10-13.zip/autoscaler/addon-resizer/vendor/github.com/hashicorp/golang-lru/LICENSE
kubernetes-2022-10-13.zip/csi-api/vendor/github.com/hashicorp/golang-lru/LICENSE kubernetes-2022-10-13.zip/dns/vendor/github.com/hashicorp/golang-lru/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/errwrap/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-cleanhttp/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-immutable-radix/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-multierror/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-plugin/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-retryablehttp/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-rootcerts/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-secure-stdlib/mlock/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-secure-stdlib/parseutil/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-secure-stdlib/strutil/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-sockaddr/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-uuid/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/go-version/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/golang-lru/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/hcl/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/hcl/v2/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/memberlist/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/vault/api/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/vault/sdk/LICENSE kubernetes-2022-10-13.zip/kops/vendor/github.com/hashicorp/yamux/LICENSE kubernetes-2022-10-13.zip/node-problem-detector/vendor/github.com/hashicorp/errwrap/LICENSE kubernetes-2022-10-13.zip/node-problem-detector/vendor/github.com/hashicorp/go-multierror/LICENSE |
| Finding #5 |
| Priority: Low |
|
This file lists the license as "Apache", but doesn't specify which version. Could this be updated to "Apache-2.0" in order to be clearer?
|
| 4 files (show files) |
|
kubernetes-2022-10-13.zip/minikube/installers/linux/archlinux-driver/.SRCINFO
kubernetes-2022-10-13.zip/minikube/installers/linux/archlinux-driver/PKGBUILD kubernetes-2022-10-13.zip/minikube/installers/linux/archlinux/.SRCINFO kubernetes-2022-10-13.zip/minikube/installers/linux/archlinux/PKGBUILD |
License summary:
| Project Licenses: | ||||
| Apache-2.0 | 61352 | |||
| Apache-2.0 AND CC-BY-4.0 | 4 | |||
| Apache-2.0 OR CC-BY-4.0 | 2 | |||
| Apache-2.0 OR LGPL-3.0+ | 18 | |||
| Apache-2.0 OR BSD-3-Clause | 1 | |||
| Apache-2.0 OR UPL-1.0 | 922 | |||
| Non-OSS: | ||||
| LicenseRef-NVIDIA-use-1 | 6 | |||
| LicenseRef-Microsoft-possibility | 8 | |||
| LicenseRef-RSA-possibility | 2 | |||
| Copyleft: | ||||
| Apache-2.0 AND GPL-3.0+ | 1 | |||
| Apache-2.0 AND GPL-2.0 AND LGPL-3.0+ AND LicenseRef-Dual-license AND LicenseRef-Python | 1 | |||
| GPL-2.0 | 5 | |||
| GPL-2.0-or-later | 17 | |||
| LGPL-3.0-or-later | 3 | |||
| Weak Copyleft: | ||||
| Apache-2.0 AND CC-BY-4.0 AND CC-BY-SA-4.0 | 5 | |||
| Apache-2.0 AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0 | 1 | |||
| CC-BY-SA-4.0 | 6 | |||
| LGPL-3.0 | 1 | |||
| MPL-2.0 | 25 | |||
| Fix license statement: | ||||
| Apache (no version specified) | 37 | |||
| Attribution: | ||||
| (OpenSSL OR Cryptogams) AND BSD (version unspecified) | 3 | |||
| Apache-2.0 AND BSD (version unspecified) | 23 | |||
| Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT | 1 | |||
| Apache-2.0 AND BSD-3-Clause | 12 | |||
| Apache-2.0 AND BSD-3-Clause AND MIT | 1 | |||
| Apache-2.0 AND CC-BY (version unspecified) | 3 | |||
| Apache-2.0 AND MIT | 37 | |||
| Apache-2.0 AND MIT AND Unicode-DFS-2016 | 1 | |||
| Apache-2.0 AND PHP-3.0 | 1 | |||
| 0BSD | 104 | |||
| BSD-2-Clause | 48 | |||
| BSD-3-Clause | 1273 | |||
| BSD-3-Clause AND MIT | 22 | |||
| ISC | 16 | |||
| LicenseRef-BSD | 8104 | |||
| MIT | 1782 | |||
| MIT AND BSD (version unspecified) | 7 | |||
| CC-BY-4.0 AND MIT | 1 | |||
| MIT OR GPL-3.0 | 1 | |||
| Python | 12 | |||
| Other: | ||||
| LicenseRef-Google-Patents-Notice-GRPC-1 | 1 | |||
| LicenseRef-Google-Patents-Notice-Golang-1 | 140 | |||
| LicenseRef-Public-domain | 6 | |||
| LicenseRef-Non-commercial | 2 | |||
| LicenseRef-Restricted-rights | 1 | |||
| LicenseRef-Not-for-sale | 1 | |||
| No license found: | ||||
| No license found in file | 18751 | |||
| No license found in file - excluded file extension | 3267 | |||
| No license found in file - third party directory | 18237 | |||
| TOTAL | 114275 | |||
Counts are numbers of files detected in the scanned repos.
Please contact the provider of this report with any questions, comments, etc. regarding its contents.