SCTK detecting mongodb-sspl-1.0 in the OpenSearch README incorrectly #3923
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A recent scan of the OpenSearch source package available from https://github.com/opensearch-project/OpenSearch/archive/refs/tags/2.16.0.tar.gz returned the overall license of apache-2.0 correctly, but it incorrectly reports finding mongodb-sspl-1.0 in the README.md file, probably because of this bit:
**OpenSearch** is [a community-driven, open source fork](https://aws.amazon.com/blogs/opensource/introducing-opensearch/) of [Elasticsearch](https://en.wikipedia.org/wiki/Elasticsearch) and [Kibana](https://en.wikipedia.org/wiki/Kibana) following the [license change](https://blog.opensource.org/the-sspl-is-not-an-open-source-license/) in early 2021. We're looking to sustain (and evolve!) a search and analytics suite for the multitude of businesses who are dependent on the rights granted by the original, [Apache v2.0 License](LICENSE.txt).This is unfortunate because the overall licensing is clearly apache-2.0. Scan results attached.
OpenSearch-2.16.0.tar.gz_scan.zip
OpenSearch-2.16.0.tar.gz_scan.zip
The text was updated successfully, but these errors were encountered: