My company has enabled this action at the org level, which is great. However, it's throwing up warnings because of missing/unknown license files in repos. I'd like a way to configure a company-specific license to be able to quiet these warnings.
Describe the solution you'd like
Some way to configure a license "source"(s), that isn't part of the standard SPDX list, possibly as a purl reference.
Describe alternatives you've considered
While dependency licenses could be ignored via allow-dependencies-licenses, this is unwieldy at the org level, and could be quite a large list.
Additional context
The current package is a custom github action referenced from inside the same org, so a way to ignore "dependencies from this org" would also work, but only for things referenced directly (and not from larger package ecosystems, like nuget/etc).
My company has enabled this action at the org level, which is great. However, it's throwing up warnings because of missing/unknown license files in repos. I'd like a way to configure a company-specific license to be able to quiet these warnings.
Describe the solution you'd like
Some way to configure a license "source"(s), that isn't part of the standard SPDX list, possibly as a purl reference.
Describe alternatives you've considered
While dependency licenses could be ignored via
allow-dependencies-licenses, this is unwieldy at the org level, and could be quite a large list.Additional context
The current package is a custom github action referenced from inside the same org, so a way to ignore "dependencies from this org" would also work, but only for things referenced directly (and not from larger package ecosystems, like nuget/etc).