Add dependency scan configuration file

Joonas Hiltunen · Joonas Hiltunen · commit f0ce3591165f · 2025-12-22T10:26:28.000+02:00
diff --git a/.github/dependency-scan-config.yaml b/.github/dependency-scan-config.yaml
@@ -0,0 +1,95 @@
+fail-on-severity: low
+show-openssf-scorecard: true
+license-check: true
+vulnerability-check: true
+comment-summary-in-pr: always
+
+# List of explicitly allowed licenses for EUPL 1.2 Inbound Compatibility
+# (Allows importing these libraries into a EUPL 1.2 project)
+allow-licenses:
+  # ==========================================
+  # 1. Public domain / no-attribution
+  # ==========================================
+  - CC0-1.0
+  - Unlicense
+  - WTFPL
+  - 0BSD
+
+  # ==========================================
+  # 2. Standard permissive
+  # ==========================================
+  - MIT
+  - Apache-2.0
+  - ISC
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - Zlib
+
+  # ==========================================
+  # 3. Weak copyleft
+  # ==========================================
+  - MPL-1.1
+  - MPL-2.0
+  - CDDL-1.0
+  - EPL-1.0
+  - EPL-2.0
+  - CECILL-2.1
+
+  # ==========================================
+  # 4. Library Copyleft (LGPL)
+  # Explicitly Compatible via EUPL Appendix
+  # ==========================================
+  - LGPL-2.1-only
+  - LGPL-2.1-or-later
+  - LGPL-3.0-only
+  - LGPL-3.0-or-later
+
+  # ==========================================
+  # 5. EUPL
+  # ==========================================
+  - EUPL-1.0
+  - EUPL-1.1
+  - EUPL-1.2
+
+  # ==========================================
+  # 6. Other / Niche permissive licenses
+  # ==========================================
+
+  - AAL
+  - AFL-3.0
+  - Apache-1.1
+  - APL-1.0
+  - APSL-2.0
+  - Artistic-1.0-Perl
+  - Artistic-2.0
+  - BSL-1.0
+  - CATOSL-1.1
+  - CPAL-1.0
+  - CUA-OPL-1.0
+  - ECL-2.0
+  - EFL-2.0
+  - Entessa
+  - EUDatagrid
+  - Fair
+  - LPPL-1.3c
+  - LPL-1.02
+  - MirOS
+  - Motosoto
+  - Multics
+  - NASA-1.3
+  - NCSA
+  - NTP
+  - Naumen
+  - Nokia
+  - PostgreSQL
+  - PSF-2.0
+  - RPSL-1.0
+  - RSCPL
+  - SimPL-2.0
+  - Sleepycat
+  - SPL-1.0
+  - VSL-1.0
+  - W3C
+  - W3C-20150513
+  - Xnet
+  - ZPL-2.0
