kibana/.fossa.yml
Tyler Smalley 0b6674edf5
Adds FOSSA CLI configuration file (#70137)
FOSSA analysis by default checks for dependencies in the following order:

1. Parse output from `npm ls --json --production` - Runs if npm exists on the system and provides an accurate list of all dependencies needed to build the production project.
2. Parse `package.json` - Runs if `package.json` can be successfully parsed into a dependency graph.
3. Run yarn list --json - This command verifies through yarn what the actual dependencies which are installed on the system are. This strategy runs with `NODE_ENV=production` by default to find production dependencies.
4. Parse `yarn.lock` - Detects dependencies based on the yarn lockfile.
5. Parse `npm-shrinkwrap.json` - Detects dependencies based on the lockfile.
6. Parse `package-lock.json` - Detects dependencies based on the lockfile.

Since our dependencies specified in `package.json` use compatible version matching (`^`), the reported version would often not be what the `yarn.lock` is currently specified to use. Because of this, we are defining a single module with a strategy on `yarn.lock`. Our `yarn.lock` file includes all dependencies.

Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
2020-07-02 08:37:37 -07:00

16 lines
292 B
YAML
Executable file

# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
# Visit https://fossa.com to learn more
version: 2
cli:
server: https://app.fossa.com
fetcher: custom
project: kibana
analyze:
modules:
- name: kibana
type: nodejs
strategy: yarn.lock
target: .
path: .