Thomas Steenbergen
Thomas Steenbergen
# TODO OSPO Ambassador Request This is an issue created to request to become an OSPO Ambassador. If you (as individual) are interested to apply, please make sure you have...
SCANOSS has a GRPC Vulnerability API which supports querying by package url (PURL) and including code repository package url. This makes it a very useful provider for C/C++ projects who...
Filling on behalf of @smkatash ### Describe the bug In ORT AOSD2.1 report, "selectedLicense" is BLANK for packages "NPM::source-map-support:0.5.21", "NPM:@jsverse:transloco:7.5.1", "NPM::uuid:11.1.0" despite of curation and license_choices defined in .ort.yml. ###...
In the [ORT community meeting of May 8th, 2025](https://github.com/oss-review-toolkit/ort/wiki/ORT-Community-Meeting) there was some confusion of how skipExcludes works for the Analyzer as a question to https://github.com/oss-review-toolkit/ort/commit/13960e9cfcc03c606dd837c50d661abf942d42f1 / PR https://github.com/oss-review-toolkit/ort/pull/10212. Propose we...
### Describe the bug Getting JavaScript heap out of memory when running analyzer over https://github.com/nl-design-system/utrecht ### To Reproduce Steps to reproduce the behavior: 1. git clone https://github.com/nl-design-system/utrecht.git 2. mkdir utrecht-ort...
The Evaluator library which evaluates scan results as OK or NOT OK against user-specified rules currently has no user documentation. At the time the Evaluator was added in https://github.com/heremaps/oss-review-toolkit/pull/1036 we...
Propose we implement two helper functions `getCurationFilePath(packageId: Identifier, fileExtension: String)` and `getPackageConfigurationsFilePath(packageId: Identifier)` which would respectively return the full path to curations file (curations.yml or curations/{Package Type}/{Package Namespace}/{Package Name}.{fileExtension}) or...
Whilst working on https://github.com/oss-review-toolkit/ort/issues/10123 I noticed how [Trivy](https://github.com/aquasecurity/trivy) uses [PackageURL](https://github.com/package-url/purl-spec) in the CycloneDX bom-ref field and places its own identifier into the `properties` field. If ORT adopts Package URL for...
### Describe the bug EvaluatedModel or WebApp report does not included resolved VCS revision for some packages where the VCS was scanned. Found this bug during the development https://github.com/oss-review-toolkit/ort/issues/4162 -...
We currently have v1, v1.00, v1.0.1 and v1.1.0 on Github action for ORT, no release tags on ort-ci-gitlab which is inconsistent. Propose we research community best practices, discuss in ORT...