Initial commit

README.md

@@ -1,2 +1,6 @@
 # blueoak-to-dependency-review
 A GitHub Dependency Review compatible YAML file for https://blueoakcouncil.org/list
+
+### USE AT YOUR OWN RISK
+
+No assessment is done on these licenses during conversion, all assessment has been performed by Blue Oak Council. I, and my employer, accept no responsibilty whatsoever for your usage of this tool and its output.

convert.py

@@ -0,0 +1,19 @@
+import requests
+
+
+undesirable_ratings = ["Model", "Lead"]
+
+
+if __name__ == '__main__':
+  response = requests.get("https://blueoakcouncil.org/list.json")
+  if response.ok:
+    license_list = response.json()
+    real_license_list = [x for x in license_list["ratings"] if x["name"] not in undesirable_ratings]
+
+    with open("dist/blueoak-licenses.yml", "w") as f:
+      f.write("allow_licenses:\n")
+      for rating in real_license_list:
+        f.write(f"  # {rating['name']}\n")
+        f.write(f"  # {rating['notes']}\n")
+        for license in rating["licenses"]:
+          f.write(f"  - '{license['id']}'\n")

dist/blueoak-licenses.yml

@@ -0,0 +1,135 @@
+allow_licenses:
+  # Gold
+  # These licenses address patents explicitly, use robust language, and require only simple notice of license terms and copyright notices.
+  - 'BSD-2-Clause-Patent'
+  # Silver
+  # These licenses use robust language but either fail to address patents explicitly or require more than simple notice of license terms and copyright notices.
+  - 'ADSL'
+  - 'Apache-2.0'
+  - 'APAFML'
+  - 'BSD-1-Clause'
+  - 'BSD-2-Clause'
+  - 'BSD-2-Clause-FreeBSD'
+  - 'BSD-2-Clause-NetBSD'
+  - 'BSD-2-Clause-Views'
+  - 'BSL-1.0'
+  - 'DSDP'
+  - 'ECL-1.0'
+  - 'ECL-2.0'
+  - 'ImageMagick'
+  - 'ISC'
+  - 'Linux-OpenIB'
+  - 'MIT'
+  - 'MIT-Modern-Variant'
+  - 'MS-PL'
+  - 'MulanPSL-1.0'
+  - 'Mup'
+  - 'PostgreSQL'
+  - 'Spencer-99'
+  - 'UPL-1.0'
+  - 'Xerox'
+  # Bronze
+  # These licenses lack important but nonessential elements of permissive open software licenses or impose additional requirements or restrictions, such as BSD-style prohibitions against endorsement and promotion.
+  - '0BSD'
+  - 'AFL-1.1'
+  - 'AFL-1.2'
+  - 'AFL-2.0'
+  - 'AFL-2.1'
+  - 'AFL-3.0'
+  - 'AMDPLPA'
+  - 'AML'
+  - 'AMPAS'
+  - 'ANTLR-PD'
+  - 'ANTLR-PD-fallback'
+  - 'Apache-1.0'
+  - 'Apache-1.1'
+  - 'Artistic-2.0'
+  - 'Bahyph'
+  - 'Barr'
+  - 'BSD-3-Clause'
+  - 'BSD-3-Clause-Attribution'
+  - 'BSD-3-Clause-Clear'
+  - 'BSD-3-Clause-LBNL'
+  - 'BSD-3-Clause-Modification'
+  - 'BSD-3-Clause-No-Nuclear-License-2014'
+  - 'BSD-3-Clause-No-Nuclear-Warranty'
+  - 'BSD-3-Clause-Open-MPI'
+  - 'BSD-4-Clause'
+  - 'BSD-4-Clause-Shortened'
+  - 'BSD-4-Clause-UC'
+  - 'BSD-Source-Code'
+  - 'bzip2-1.0.5'
+  - 'bzip2-1.0.6'
+  - 'CC0-1.0'
+  - 'CNRI-Jython'
+  - 'CNRI-Python'
+  - 'CNRI-Python-GPL-Compatible'
+  - 'Cube'
+  - 'curl'
+  - 'eGenix'
+  - 'Entessa'
+  - 'FTL'
+  - 'HTMLTIDY'
+  - 'IBM-pibs'
+  - 'ICU'
+  - 'Info-ZIP'
+  - 'Intel'
+  - 'JasPer-2.0'
+  - 'Libpng'
+  - 'libpng-2.0'
+  - 'libtiff'
+  - 'LPPL-1.3c'
+  - 'MIT-0'
+  - 'MIT-advertising'
+  - 'MIT-open-group'
+  - 'MIT-CMU'
+  - 'MIT-enna'
+  - 'MIT-feh'
+  - 'MITNFA'
+  - 'MTLL'
+  - 'MulanPSL-2.0'
+  - 'Multics'
+  - 'Naumen'
+  - 'NCSA'
+  - 'Net-SNMP'
+  - 'NetCDF'
+  - 'NTP'
+  - 'OLDAP-2.0'
+  - 'OLDAP-2.0.1'
+  - 'OLDAP-2.1'
+  - 'OLDAP-2.2'
+  - 'OLDAP-2.2.1'
+  - 'OLDAP-2.2.2'
+  - 'OLDAP-2.3'
+  - 'OLDAP-2.4'
+  - 'OLDAP-2.5'
+  - 'OLDAP-2.6'
+  - 'OLDAP-2.7'
+  - 'OLDAP-2.8'
+  - 'OML'
+  - 'OpenSSL'
+  - 'PHP-3.0'
+  - 'PHP-3.01'
+  - 'Plexus'
+  - 'PSF-2.0'
+  - 'Python-2.0'
+  - 'Ruby'
+  - 'Saxpath'
+  - 'SGI-B-2.0'
+  - 'SMLNJ'
+  - 'SWL'
+  - 'TCL'
+  - 'TCP-wrappers'
+  - 'Unicode-DFS-2015'
+  - 'Unicode-DFS-2016'
+  - 'Unlicense'
+  - 'VSL-1.0'
+  - 'W3C'
+  - 'X11'
+  - 'XFree86-1.1'
+  - 'Xnet'
+  - 'xpp'
+  - 'Zlib'
+  - 'zlib-acknowledgement'
+  - 'ZPL-2.0'
+  - 'ZPL-2.1'

requirements.txt

@@ -0,0 +1,9 @@
+certifi==2023.7.22
+charset-normalizer==3.3.2
+distlib==0.3.7
+filelock==3.12.4
+idna==3.6
+pipenv==2023.10.3
+platformdirs==3.11.0
+requests==2.31.0
+urllib3==2.2.0