Sebastian Schuberth
Sebastian Schuberth
As this sounds like an awesome project to simplify the [Maven dependency analysis](https://github.com/oss-review-toolkit/ort/blob/main/plugins/package-managers/maven/src/main/kotlin/utils/MavenSupport.kt) in the [OSS Review Toolkit](https://oss-review-toolkit.org/) (ORT), I'm interested in an example on how to use the MIMA...
I'm loading [this config](https://github.com/oss-review-toolkit/ort/blob/main/model/src/main/resources/reference.yml) with `loader.loadConfig(prefix = "ort")` where val loader = ConfigLoaderBuilder.default() .addEnvironmentSource() .addPropertySources(sources) .withContextResolverMode(ContextResolverMode.SkipUnresolved) .withDecodeMode(DecodeMode.Strict) .build() which leads to ``` ConfigException: Failed to load ORT configuration: Config value...
--- - [x] `CHANGELOG.md`'s "Unreleased" section has been updated, if applicable.
See https://github.com/wix/Detox/blob/301e2fe48e2702c21fb801ab7809ae2630965b73/.gitmodules#L9 Using the same syntax as in line 3 would allow a recursive clone anonymously.
I could not find an example for requesting a specific version of a nix package, so I assume it's not possible currently, and that always the latest version is used....
Aren't copyrights also visible in the web app report? Or isn't that at least planned? Anyway, independently of where copyrights are shown *right now*, I agree that this should be...
In addition to the [OSADL compatibility matrix](https://www.osadl.org/Access-to-raw-data.oss-compliance-raw-data-access.0.html), we could also add @oscarvalenzuelab's [OSPAC](https://github.com/SemClone/ospac) as a preset to use for the [evaluator](https://oss-review-toolkit.org/ort/#evaluator)'s policy engine. This is about checking the feasibility, i.e....
Previously, only ORT's `concludedLicense` from a package curation was taken into account. However, if solely detected license findings were cleared via license finding curations from package configurations, that did not...
See https://github.com/oss-review-toolkit/ort/blob/21ba6f9c41dd1968b0ad5d2d081cea32c55cd9a5/clients/vulnerable-code/src/main/kotlin/VulnerableCodeService.kt#L41-L44 [API v2](https://public.vulnerablecode.io/api/v2/) [seems to be](https://aboutcode-org.slack.com/archives/C095N97GRME/p1762327038679309?thread_ts=1762275537.323519&cid=C095N97GRME) stable by now. It is also what https://public.vulnerablecode.io/api/docs/ uses.
Sometimes we [see](https://github.com/oss-review-toolkit/ort/actions/runs/19532467906/job/55918463221#step:7:1397) `ScannerIntegrationFunTest > Scanning a subset of the packages corresponding to a single VCS should > return the expected ORT result` failing due to a missing file list...