ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Handle ScanCode findings that are actually references to other files

Open bennati opened this issue 1 year ago • 3 comments

Scanning a gitrepo project with the following manifest

<?xml version='1.0' encoding='UTF-8'?>
<manifest>
  <remote name="origin" fetch="../../../"/>
  <default revision="master" remote="origin" sync-c="true" sync-j="8"/>

  <project name="external/xz"/>
</manifest>

where folder external/xz contains only four files, named COPYING, COPYING.GPLv2, COPYING.GPLv3 and COPYING.LGPLv2.1 (see copying.zip )

ORT detects the following:

{
          "license" : "LGPL-2.1-only",
          "location" : {
            "path" : "COPYING",
            "start_line" : 1,
            "end_line" : 502
          }

And note that file 'COPYING' has 66 lines only, while 'COPYING.LGPLv2.1` has 502 lines

Here the scan-results file copying.json

bennati avatar Jan 29 '24 17:01 bennati

@bennati please check whether the issue is also reproducible with ScanCode alone.

sschuberth avatar Jan 29 '24 19:01 sschuberth

It's indeed an issue with scancode 32 https://github.com/nexB/scancode-toolkit/issues/3648 thanks!

bennati avatar Jan 30 '24 09:01 bennati

Scancode team says the detection is correct and it's a new feature that was recently instroduced to reference files (see linked P) So ORT should adapt and parse the report correctly, or ignore the report.

bennati avatar Feb 01 '24 09:02 bennati

This can be solved once https://github.com/oss-review-toolkit/ort/issues/8457 is done by then interpreting the new from_file field.

sschuberth avatar Mar 28 '24 08:03 sschuberth