fossa-cli icon indicating copy to clipboard operation
fossa-cli copied to clipboard
verified publisher icon fossas

fossa scan result does not respect with vendored-dependencies

Open ShengYanMei opened this issue 4 years ago • 4 comments

our fossa-deps like: ` vendored-dependencies:

  • name: core path: ./com.xxx.core/Runtime/xx/Plugins/Android/
  • name: cloud path: ./com.xxx.cloud/Runtime/xx/Android/Plugins/Android/ ` (All paths are in path list in .fossa.yml file.) But scan result only contains licenses in core, none licenses in cloud could be found in cloud. really weird, does anyone know why?

ShengYanMei avatar Oct 08 '21 09:10 ShengYanMei

Hi @ShengYanMei - This is likely occurring as you have same name for vendor-dependencies. Can you try it with different name:

name: corePluginAndroid
path: ./com.xxx.core/Runtime/xx/Plugins/Android/

name: cloudAndroidPluginAndroid
path: ./com.xxx.cloud/Runtime/xx/Android/Plugins/Android/

fyi, I will be transferring this issue to fossa-cli repository, as spectrometer code is migrated to fossa-cli for all future development.

meghfossa avatar Nov 15 '21 22:11 meghfossa

Hi @ShengYanMei - This is likely occurring as you have same name for vendor-dependencies. Can you try it with different name:

name: corePluginAndroid
path: ./com.xxx.core/Runtime/xx/Plugins/Android/

name: cloudAndroidPluginAndroid
path: ./com.xxx.cloud/Runtime/xx/Android/Plugins/Android/

fyi, I will be transferring this issue to fossa-cli repository, as spectrometer code is migrated to fossa-cli for all future development.

Hi @meghfossa , thanks for your reply first, but the vendor-dependencies's names are different, first is core, second is cloud, they are different.

And btw, this issue could be resolved by running analyze separated several times, in the first run, include core only, then the license in core could be detected as I wish, and run another round include cloud(second) only, then license in cloud could be detected, then run another round include these two dependencies, then the result will contain all licenses in both targets.

Though don't know why, but it works if I run analyze for each target, and the last run include all targets.

ShengYanMei avatar Nov 19 '21 10:11 ShengYanMei

@ShengYanMei yes you are correct - I misread the names on first response.

Can you provide debug bundle, this will help to diagnose the issue. You can do so by running: fossa analyze -o --debug (it will create fossa.debug.json.gz) in the cwd. I recommend you use latest CLI version.

It will include scan we performed on your file, directory, cmd output if any commands we may have ran! If you believe information from file reads, and command outputs are sensitive - you can email me the debug bundle at megh at fossa.com

To inspect the file, you can do:

gunzip fossa.debug.json.gz # extract the file
cat fossa.debug.json | jq > fossa.debug.json # format the json with jq
# inspect the file in code editor (file can be large)

meghfossa avatar Nov 19 '21 16:11 meghfossa

Hi @ShengYanMei are you still seeing this issue? If so can you please provide the fossa debug bundle as mentioned above?

zlav avatar May 20 '22 23:05 zlav