scancode-toolkit
scancode-toolkit copied to clipboard
nexB
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
### Description Because I cannot reopen issue I am turning my comment in #3536 into a separate issue. @pombredanne Currently the license at https://github.com/CERTCC/labyrinth/blob/main/LICENSE is recognized as the "vince license",...
### Description While scanning an 3.1.4 version of OpenSSL 3.1.4, i realized that some files are matched "openssl-ssleay" but those files clearly state "Apache 2.0" when checked manually ### How...
Please use the text at https://dune-project.org/about/license/ to create a RULE that points to `gcc-linking-exception-2.0` (often referred to as the runtime exception). https://scancode-licensedb.aboutcode.org/gcc-linking-exception-2.0.html The text on the DUNE page is basically...
The goal is to make sure the files of the packages are properly assigned. - https://github.com/fossology/fossology/tree/master/src is a good example. - The binary at https://github.com/fossology/fossology/releases/download/4.4.0/FOSSology-4.4.0-debian-buster.tar.gz has a `fossology-common_4.4.0-1_amd64.deb` with a...
`yarn.lock` file doesn't explicitly identify the devDependencies and regular dependencies. Therefore, use the associated `package.json` file to correctly determine the scope of the packages present in the yarn.lock file
### Tasks * [x] Reviewed [contribution guidelines](https://github.com/nexB/scancode-toolkit/blob/develop/CONTRIBUTING.rst) * [x] PR is descriptively titled 📑 and links the original issue above 🔗 * [ ] Tests pass -- look for a...
## Short Description We do not support all go.mod features such as replace directives in go.mod files and we should. See: - https://github.com/golang/gofrontend/tree/d04b024021bb7dbaa434a6d902bd12beb08e315f/libgo/go/golang.org/x/mod/modfile - https://go.dev/ref/mod#go-mod-file - and https://github.com/nexB/scancode-toolkit/blob/develop/src/packagedcode/go_mod.py And an...
## Short Description There are some features we may not support in https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json?v=true - hidden lockfiles https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json?v=true#hidden-lockfiles - various non versions versions https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json?v=true#dependencies including all these: bundled dependencies, registry sources,...
Hello Scancode Team, I wanted to generate SBOM for my kong source code using scancode tool. But the output generated from the tool contains very few component (may be just...
Reproduce: Scan the following text locations with ScanCode 31.2.4: |Incorrect detection | Text location |--------------------|------------------------------| |GPL-2.0-only AND LicenseRef-scancode-proprietary-license |https://github.com/PrismJS/prism/blob/703881e14bf7530b180fad6052e535d0085315cd/prism.js#L19 | | MIT OR CECILL-C | https://github.com/kpdecker/jsdiff/blame/3b654c2ed7d5262ed9946de841ad8dae990286c7/README.md#L209-L211 | | LicenseRef-scancode-st-mcd-2.0 AND...
