WIP: Update Sandbox application template to include question on whether a project uses a license that's not on the AllowList

[krook]

In order to get ahead of License Exception Requests down the road, the Exception Review Team would like to add a question about whether a project uses a dependency that will require an exception which in rare cases could mean that it's a dealbreaker. We may also provide a link to a tool like guac.sh where a scan report can be provided to inform the TOC's review.

• Draft proposed wording for the application GitHub issue template.
• Update the template.

[Increase4life]

. Provide a Link to a Dependency Scanning Tool (e.g., Guac.sh)
To streamline the process and ensure the team has the necessary tools to gather information, you can point to a tool like guac.sh (or similar) for scanning project dependencies and generating reports.

What Guac.sh Does:
Guac.sh can scan your project and list the licenses associated with your dependencies. You can then generate a report that the team can review to see if any dependencies might require an exception. You can include the following instructions in your documentation:

How to Generate a Dependency Scan Report:
Go to Guac.sh.
Upload your project’s dependency file.
Review the generated scan report to check for any dependencies with potential licensing exceptions.
Provide a link to the report for the team’s review.
Example of a sentence you could add to your documentation:

License Exception Review: Before finalizing your project, ensure that any third-party dependencies are compliant with licensing requirements. Use the tool Guac.sh to scan your project’s dependencies and generate a report. If any dependencies require a license exception, please list them in the form above and provide the scan report for further review.