FOSSA license scanning was introduced when the KubeVirt project entered the CNCF sandbox. It scans all relevant project dependencies for licensing issues. CNCF offers FOSSA usage free of charge for all CNCF projects.
Currently, FOSSA license scanning happens in two situations: on every push to a PR branch and on every push to the kubevirt/kubevirt default branch.
Job definitions are located in kubevirt/project-infra:
To view the scan results, you need to look at the job log file, where near the bottom of the file you'll find a direct link to the check results.
To run the license scan you need a FOSSA API key stored in a file. Please have a look at the FOSSA CLI quick start guide.
This token you put into a file and start the analysis like this:
export FOSSA_TOKEN_FILE=<path to your token file>
./hack/fossa.shConfiguration of FOSSA license scan for KubeVirt project is allowed for KubeVirt FOSSA team members. Please ask one of the maintainers for access in case you need it.