scancode-toolkit
scancode-toolkit copied to clipboard
nexB
:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nl...
### Describe the bug ScanCode times out on scanning the file `https://github.com/ElinamLLC/SharpVectors/blob/master/Source/SharpVectorModel/Compressions/Brotli/Dictionary.cs` which contains exceedingly long strings. I cannot see another reason why this might happen. ### To Reproduce ```xml...
See https://src.fedoraproject.org/rpms/supertuxkart/blob/rawhide/f/supertuxkart.spec#_17 `License: GPL-2.0-or-later AND GPL-3.0-or-only AND CC-BY-1.0 AND CC-BY-3.0 AND CC-BY-4.0 AND OFL-1.1 AND Apache-2.0 AND Zlib` `GPL-3.0-or-only` is not a valid SPDX identifier. We should treat this as...
Seen at https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/usb/gadget/function/rndis.c?h=v4.19.64 (and also newer kernel versions) ``` // SPDX-License-Identifier: GPL-2.0 /* * RNDIS MSG parser * * Authors: Benedikt Spranger, Pengutronix * Robert Schwebel, Pengutronix * * This...
The database already contains LicenseRef-scancode-ietf . This seems to be the license for much IETF content but there are sometimes other licenses as well. Example: Punicode (https://datatracker.ietf.org/doc/html/rfc3492) seems to be...
The license text found in plenty of NPM packages, e.g. [^1], is detected as `BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang`. This is wrong, because the actual license text is `google-patent-license` plus some polymer...
See https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/Documentation/process/license-rules.rst there are a couple detection inaccuracies we should add rules for these.
BSD licenses commonly have a non-endorsement clause prohibit to use the holder name. It would be great to: 1. Have a way to tag the text or text region as...
The following text from the linux kernel at https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/sound/drivers/opl3/opl3_lib.c: ``` // SPDX-License-Identifier: GPL-2.0-or-later /* * Copyright (c) by Jaroslav Kysela , * Hannu Savolainen 1993-1996, * Rob Hooft * *...
Sometimes we get `Foo, Inc` and `Foo, Inc.` reported as different holders. (Note the trailing dot) We should normalize these as they are the same holders.
See https://github.com/projectcalico/calico/blob/4ac717de1f4032ddce7112f74d2becc4062c9c49/felix/bpf-apache/filter.c#L102 We are detecting OK... but we could do even better, like handling these as special tags or as packages: > char ____license[] __attribute__((section("license"))) = "Apache-2.0"; See also: -...