ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Analyzer confuses Cargo dependency hosted in repo for a source artifact

Open bennati opened this issue 1 year ago • 3 comments

When running the analyzer (revision 2b230b8) on a Cargo project, a dependency which is hosted in a git repo is identified as source artifact. The analyzer result contains the following:

"source_artifact" : {
          "url" : "https://repo.com/lib.git",
          "hash" : {
            "value" : "123abc",
            "algorithm" : "SHA-1"
          }
        },
        "vcs" : {
          "type" : "Git",
          "url" : "https://repo.com/lib.git",
          "revision" : "",
          "path" : ""
        },

Attached are the analyzer results generated by a minimal reproducible example, as well as the source code of the minimal project and library. sources.zip analyzer-result.json

bennati avatar Feb 14 '24 14:02 bennati

@bennati, can you please try again with the current main of ORT, as recently several Cargo improvements were merged?

sschuberth avatar Apr 09 '24 14:04 sschuberth

Hi @sschuberth I tested again and the issue is still there

bennati avatar Apr 19 '24 13:04 bennati

I had some problems reproducing the issue with your provided data, something was missing IIRC. Could you set up an example repository that works out of the box?

sschuberth avatar Apr 19 '24 15:04 sschuberth