|
323 | 323 | "components" |
324 | 324 | ] |
325 | 325 | }, |
| 326 | + "LicenseAllowListRequest": { |
| 327 | + "type": "object", |
| 328 | + "additionalProperties": false, |
| 329 | + "description": "", |
| 330 | + "properties": { |
| 331 | + "components": { |
| 332 | + "type": "array", |
| 333 | + "items": { |
| 334 | + "$ref": "#/components/schemas/SocketBatchPURLRequest" |
| 335 | + } |
| 336 | + }, |
| 337 | + "license_allow_list": { |
| 338 | + "$ref": "#/components/schemas/LicenseAllowList" |
| 339 | + } |
| 340 | + }, |
| 341 | + "required": [ |
| 342 | + "components", |
| 343 | + "license_allow_list" |
| 344 | + ] |
| 345 | + }, |
326 | 346 | "CDXManifestSchema": { |
327 | 347 | "type": "object", |
328 | 348 | "additionalProperties": false, |
|
1156 | 1176 | "purl" |
1157 | 1177 | ] |
1158 | 1178 | }, |
| 1179 | + "LicenseAllowList": { |
| 1180 | + "type": "object", |
| 1181 | + "additionalProperties": false, |
| 1182 | + "description": "", |
| 1183 | + "properties": { |
| 1184 | + "requiredApprovalSources": { |
| 1185 | + "type": "array", |
| 1186 | + "items": { |
| 1187 | + "type": "string", |
| 1188 | + "description": "", |
| 1189 | + "default": "" |
| 1190 | + } |
| 1191 | + }, |
| 1192 | + "allowedApprovalSources": { |
| 1193 | + "type": "array", |
| 1194 | + "items": { |
| 1195 | + "type": "string", |
| 1196 | + "description": "", |
| 1197 | + "default": "" |
| 1198 | + } |
| 1199 | + }, |
| 1200 | + "allowedFamilies": { |
| 1201 | + "type": "array", |
| 1202 | + "items": { |
| 1203 | + "type": "string", |
| 1204 | + "description": "", |
| 1205 | + "default": "" |
| 1206 | + } |
| 1207 | + }, |
| 1208 | + "allowedTiers": { |
| 1209 | + "type": "array", |
| 1210 | + "items": { |
| 1211 | + "type": "string", |
| 1212 | + "description": "", |
| 1213 | + "default": "" |
| 1214 | + } |
| 1215 | + }, |
| 1216 | + "allowedSpdxAtoms": { |
| 1217 | + "type": "array", |
| 1218 | + "items": { |
| 1219 | + "type": "string", |
| 1220 | + "description": "", |
| 1221 | + "default": "" |
| 1222 | + } |
| 1223 | + } |
| 1224 | + }, |
| 1225 | + "required": [ |
| 1226 | + "allowedApprovalSources", |
| 1227 | + "allowedFamilies", |
| 1228 | + "allowedSpdxAtoms", |
| 1229 | + "allowedTiers", |
| 1230 | + "requiredApprovalSources" |
| 1231 | + ] |
| 1232 | + }, |
1159 | 1233 | "CDXComponentSchema": { |
1160 | 1234 | "type": "object", |
1161 | 1235 | "additionalProperties": false, |
|
7272 | 7346 | "x-readme": {} |
7273 | 7347 | } |
7274 | 7348 | }, |
| 7349 | + "/license-policy": { |
| 7350 | + "post": { |
| 7351 | + "tags": [ |
| 7352 | + "Packages" |
| 7353 | + ], |
| 7354 | + "summary": "License Policy (Beta)", |
| 7355 | + "operationId": "licensePolicy", |
| 7356 | + "requestBody": { |
| 7357 | + "content": { |
| 7358 | + "application/json": { |
| 7359 | + "schema": { |
| 7360 | + "$ref": "#/components/schemas/LicenseAllowListRequest" |
| 7361 | + } |
| 7362 | + } |
| 7363 | + }, |
| 7364 | + "required": false |
| 7365 | + }, |
| 7366 | + "security": [ |
| 7367 | + { |
| 7368 | + "basicAuth": [ |
| 7369 | + "packages:list" |
| 7370 | + ] |
| 7371 | + } |
| 7372 | + ], |
| 7373 | + "description": "Diff the license information from a list of packages (as PURL strings) with a configurable license allow list.\nPackage URLs (PURLs) are an ecosystem agnostic way to identify packages.\n\n## Allow List Schema\n\n```json\n{\n requiredApprovalSources?: Array<\"fsf\" | \"osi\">,\n allowedApprovalSources?: Array<\"fsf\" | \"osi\">,\n allowedFamilies?: Array<\"copyleft\" | \"permissive\">,\n allowedTiers?: Array<PermissiveTier | CopyleftTier>,\n allowedSpdxAtoms?: Array<string>\n}\n```\n\nwhere\n\nPermissiveTier ::= \"model permissive\" | \"gold\" | \"silver\" | \"bronze\" | \"lead\"\nCopyleftTier ::= \"maximal copyleft\" | \"network copyleft\" | \"strong copyleft\" | \"weak copyleft\"\n\nreaders can learn more about [copyleft tiers](https://blueoakcouncil.org/copyleft) and [permissive tiers](https://blueoakcouncil.org/list) by reading the linked resources.\n\n## Return value\n\nThe returned values are objects containing information about license data from the requested\nPURLs which violates the allow list. The returned objects contain an spdx disjunction describing the\nlicense data for the violation, the provenance of that information, and a filepath to the source\nof the violation (if one is available; there may not be an available path for things like license information\ntaken from registry metdata). Returned objects have the following shape:\n```json\n{\n spdxDisj: string,\n provenance: string,\n filepath?: string,\n}\n```\n\n### Example request bodies:\n```json\n{\n \"components\": [\n {\n \"purl\": \"pkg:pypi/alt-aiohttp-cors@0.7.1?artifact_id=tar-gz\"\n },\n {\n \"purl\": \"pkg:npm/express@4.19.2\"\n }\n ],\n \"license_allow_list\": {\n \"allowedFamilies\": [\"permissive\"],\n \"allowedSpdxAtoms\": [\"GPL-1.0-only WITH Autoconf-exception-3.0\"]\n }\n}\n```\n\nThis endpoint consumes 100 units of your quota.\n\nThis endpoint requires the following org token scopes:\n- packages:list", |
| 7374 | + "responses": { |
| 7375 | + "200": { |
| 7376 | + "content": { |
| 7377 | + "application/x-ndjson": { |
| 7378 | + "schema": { |
| 7379 | + "type": "array", |
| 7380 | + "items": { |
| 7381 | + "type": "object", |
| 7382 | + "additionalProperties": false, |
| 7383 | + "description": "", |
| 7384 | + "properties": { |
| 7385 | + "spdxDisj": { |
| 7386 | + "type": "string", |
| 7387 | + "description": "", |
| 7388 | + "default": "" |
| 7389 | + }, |
| 7390 | + "provenance": { |
| 7391 | + "type": "string", |
| 7392 | + "description": "", |
| 7393 | + "default": "" |
| 7394 | + }, |
| 7395 | + "filepath": { |
| 7396 | + "type": "string", |
| 7397 | + "description": "", |
| 7398 | + "default": "" |
| 7399 | + }, |
| 7400 | + "purl": { |
| 7401 | + "type": "string", |
| 7402 | + "description": "", |
| 7403 | + "default": "" |
| 7404 | + } |
| 7405 | + }, |
| 7406 | + "required": [ |
| 7407 | + "filepath", |
| 7408 | + "provenance", |
| 7409 | + "purl", |
| 7410 | + "spdxDisj" |
| 7411 | + ] |
| 7412 | + } |
| 7413 | + } |
| 7414 | + } |
| 7415 | + }, |
| 7416 | + "description": "Socket issue lists and scores for all packages" |
| 7417 | + }, |
| 7418 | + "400": { |
| 7419 | + "$ref": "#/components/responses/SocketBadRequest" |
| 7420 | + }, |
| 7421 | + "401": { |
| 7422 | + "$ref": "#/components/responses/SocketUnauthorized" |
| 7423 | + }, |
| 7424 | + "403": { |
| 7425 | + "$ref": "#/components/responses/SocketForbidden" |
| 7426 | + }, |
| 7427 | + "404": { |
| 7428 | + "$ref": "#/components/responses/SocketNotFoundResponse" |
| 7429 | + }, |
| 7430 | + "429": { |
| 7431 | + "$ref": "#/components/responses/SocketTooManyRequestsResponse" |
| 7432 | + }, |
| 7433 | + "500": { |
| 7434 | + "$ref": "#/components/responses/SocketInternalServerError" |
| 7435 | + } |
| 7436 | + }, |
| 7437 | + "x-readme": {} |
| 7438 | + } |
| 7439 | + }, |
7275 | 7440 | "/orgs/{org_slug}/audit-log": { |
7276 | 7441 | "get": { |
7277 | 7442 | "tags": [ |
|
9643 | 9808 | "Dependencies" |
9644 | 9809 | ], |
9645 | 9810 | "summary": "Create a snapshot of all dependencies from manifest information", |
| 9811 | + "deprecated": true, |
9646 | 9812 | "operationId": "createDependenciesSnapshot", |
9647 | 9813 | "parameters": [ |
9648 | 9814 | { |
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments