Configuring Conditional Policy Rules

Policy rules can be customized with certain conditions to make sure FOSSA only flags issues when appropriate.

There are currently 3 types of conditions that can be customized:

  1. Code location.
    Filter licenses by whether they’re in your own code or in a dependency. This is useful for licenses like MPL, which only apply if you modify the code — if you don’t manually edit your dependencies, it’s safe to allow MPL-licensed code.

  2. Project name. Filter projects by whether their names contain a substring. This is useful if your organization has a naming convention for internal packages (e.g. acme- or @acme/) so you can allow code that you own to use licenses you would normally disallow.

  3. Linking type. Filter dependencies by how they’re linked to your project. This is useful for licenses like LGPL, where linkage matters. We currently infer linkage on a language and build system basis, and we’re working on pulling linking data from full builds.