Software projects must not infringe the copyright or violate the license terms and conditions of third parties. Failure to ensure legal correctness may result in lawsuits and/or negative publicity for the organization with unpredictable material or immaterial damages.
Make use of provided CI/CD components that perform legal scans:
- AutoCompliance: Software Composition Analysis (SCA) and basic legal clearance
The trust utility assumes that it is being invoked from within the root
directory of a software project. In this location, GitLab looks for a file
called .gitlab-ci.yml.
We look for the existence of a file named .gitlab-ci.yml and that it
includes the "AutoCompliance" CI/CD component.
- Get started with GitLab CI/CD
- HRI-EU network: CI/CD components overview