Add fsf-free and osi-approved options (#250)

Author: pboling

README.md

@@ -173,6 +173,22 @@ Note: License-Eye may query the RubyGems API to determine licenses when they are
 
 </details>
 
+### Global CLI flags
+
+The following flags are available for all commands:
+
+| Flag name     | Short name | Description                                                           |
+|---------------|------------|-----------------------------------------------------------------------|
+| `--verbosity` | `-v`       | Set log level (debug, info, warn, error, fatal, panic). Default: info |
+| `--config`    | `-c`       | Path to the configuration file. Default: .licenserc.yaml              |
+
+Examples:
+
+```bash
+license-eye --verbosity debug --config .licenserc.yaml header check
+license-eye -v warn -c path/to/.licenserc.yaml dep resolve
+```
+
 ### Docker Image
 
 For Bash, users can execute the following command,
@@ -296,7 +312,7 @@ INFO Totally checked 20 files, valid: 10, invalid: 10, ignored: 0, fixed: 10
 
 This command assists human audits of the dependencies licenses. It's exit code is always 0.
 
-It supports two flags:
+It supports three flags, in addition to the [global](#global-cli-flags) ones:
 
 | Flag name   | Short name | Description                                                                                                                            |
 |-------------|------------|----------------------------------------------------------------------------------------------------------------------------------------|
@@ -672,6 +688,20 @@ the command will exit with status code 1 and fail the command.
 license-eye -c test/testdata/.licenserc_for_test_check.yaml dep check
 ```
 
+It supports three flags, in addition to the [global](#global-cli-flags) ones:
+
+| Flag name           | Short name | Description                                                                                                                                       |
+|---------------------|------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| `--weak-compatible` | `-w`       | Treat weak-compatible licenses as compatible during checks. Use with caution and manually confirm the usage conditions for such licenses are met. |
+| `--fsf-free`        | `-f`       | Only consider licenses marked as FSF Free/Libre when determining compatibility. Non‑FSF‑free licenses are treated as incompatible.                |
+| `--osi-approved`    | `-o`       | Only consider OSI‑approved licenses when determining compatibility. Non‑OSI‑approved licenses are treated as incompatible.                        |
+
+Example using weak-compatible mode:
+
+```bash
+license-eye -c test/testdata/.licenserc_for_test_check.yaml dep check -w
+```
+
 <details>
 <summary>Dependency Check Result</summary>
 
@@ -779,6 +809,8 @@ dependency: # <16>
       version: dependency-version # <20>
       license: Apache-2.0 # <21>
   threshold: 75 # <22>
+  require_fsf_free: false # <26>
+  require_osi_approved: false # <27>
   excludes: # <23>
     - name: dependency-name # the same format as <19>
       version: dependency-version # the same format as <20>
@@ -819,6 +851,8 @@ header:
 23. The dependencies that should be excluded when analyzing the licenses, this is useful when you declare the dependencies in `pom.xml` with `compile` scope but don't distribute them in package. (Note that non-`compile` scope dependencies are automatically excluded so you don't need to put them here).
 24. The transitive dependencies brought by <23> should be recursively excluded when analyzing the licenses, currently only maven project supports this.
 25. The copyright year of the work, if it's empty, it will be set to the current year. If you don't want to update the license year anually, you can set this to the year of the first publication of your work, such as `1994`, or `1994-2023`.
+26. When `require_fsf_free` is true, only dependency licenses marked as FSF Free/Libre in the built-in compatibility matrices are considered compatible. Licenses not marked FSF-free will be treated as incompatible even if otherwise listed as compatible. This can also be enabled via the CLI flag `--fsf-free` (`-f`).
+27. When `require_osi_approved` is true, only dependency licenses marked as OSI-approved in the built-in compatibility matrices are considered compatible. Licenses not marked OSI-approved will be treated as incompatible even if otherwise listed as compatible. This can also be enabled via the CLI flag `--osi-approved` (`-o`).
 
 **NOTE**: When the `SPDX-ID` is Apache-2.0 and the owner is Apache Software foundation, the content would be [a dedicated license](https://www.apache.org/legal/src-headers.html#headers) specified by the ASF, otherwise, the license would be [the standard one](https://www.apache.org/foundation/license-faq.html#Apply-My-Software).
 

assets/compatibility/0BSD.yaml

@@ -78,3 +78,6 @@ weak-compatible:
   - OSL-3.0
   - Ruby
   - SPL-1.0
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AAL.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AAL license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AAL.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: false
+osi-approved: true

assets/compatibility/AFL-1.1.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AFL-1.1 license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AFL-1.1.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AFL-1.2.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AFL-1.2 license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AFL-1.2.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AFL-2.0.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AFL-2.0 license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AFL-2.0.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AFL-2.1.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AFL-2.1 license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AFL-2.1.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AFL-3.0.yaml

@@ -78,3 +78,6 @@ weak-compatible:
   - OSL-3.0
   - Ruby
   - SPL-1.0
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AGPL-3.0-only.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AGPL-3.0-only license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AGPL-3.0-only.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true

assets/compatibility/AGPL-3.0-or-later.yaml

@@ -0,0 +1,39 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Compatibility matrix derived from:
+# https://www.apache.org/legal/resolved.html
+# Category A (permissive) licenses are compatible with each other.
+# Category A (permissive) licenses are weak-compatible with Category B (weak copyleft).
+# Category B (weak copyleft) licenses are weak-compatible with Category A (permissive).
+# Category B (weak copyleft) licenses are compatible with each other.
+
+# Compatibility matrix for the AGPL-3.0-or-later license.
+# Category: Neither Category A nor Category B
+# SPDX: https://spdx.org/licenses/AGPL-3.0-or-later.html
+
+compatible:
+  - Unknown
+
+incompatible:
+  - Unknown
+
+weak-compatible:
+  - Unknown
+
+fsf-free: true
+osi-approved: true