Releases: codelake-dev/licscan-action
Releases · codelake-dev/licscan-action
v1.0.0
licscan GitHub Action v1.0.0
Official GitHub Action for licscan — open-source license & EU CRA compliance scanner.
What it does
- Scans your project for dependency licenses across 7 ecosystems (Go, Node, PHP, Python, Ruby, Rust, Java)
- Enforces a deny/warn policy via
.licscan.yml - Posts a Markdown report as a PR comment
- Optionally emits EU CRA evidence (PDF + CycloneDX JSON)
- Uploads report + SBOM as workflow artifact
Quick start
- uses: codelake-dev/licscan-action@v1
with:
fail-on-violation: true
pr-comment: true
cra: trueInputs
| Input | Default | Description |
|---|---|---|
path |
. |
Project directory to scan |
format |
table |
Log output format (table, json, html, markdown, cyclonedx, spdx) |
fail-on-violation |
true |
Exit 1 on policy deny |
pr-comment |
true |
Post markdown report as PR comment |
cra |
false |
Emit EU CRA evidence (PDF + JSON) |
upload-artifact |
true |
Upload report as workflow artifact |
Outputs
| Output | Description |
|---|---|
report-path |
Path to the generated markdown report |
total |
Total dependencies scanned |
denied |
Dependencies denied by policy |
warned |
Dependencies in warn list |
Links
- licscan CLI — Apache 2.0
- licscan.dev — Landing page
- Documentation