Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix NoAssertion cases by using information in scancode results #1018

Merged

Conversation

qtomlinson
Copy link
Collaborator

No description provided.

In scancode, packages[0].license_expression contains license information. This later becomes 'declared_license_expression' (see aboutcode-org/scancode-toolkit@ab677c6#diff-47cc909d82dee95ebbb1a3d3a8ed519ae75684072c8f4867b90056d66863f964).  Based on documentation, 'declared_license_expression' is the 'primary license expression as determined from the declaration(s) of the authors of the package'. See https://www.nexb.com/scancode-license-clarity-scoring/

When the existing logic fails to normalize, try to derive license information from packages[0].license_expression.

Test cases:
https://clearlydefined.io/definitions/git/github/jknack/handlebars.java/683c5e885d5dcdf3d17b33e9667f3fb153952016
https://clearlydefined.io/definitions/git/github/jenkinsci/workflow-support-plugin/35e2736cfd5c56799eece176328906d92b6a0dd1
https://clearlydefined.io/definitions/git/github/jenkinsci/durable-task-plugin/e5d4fc08b0be935e03229e23e99a0c92a780da5a
https://clearlydefined.io/definitions/git/github/jenkinsci/pipeline-input-step-plugin/d8a957db5be95ddfbf81f41a60b2f034000314b5
https://clearlydefined.io/definitions/git/github/alephium/extension-wallet/d876b08e0c23ba58bcadedcc5b2a1975af386e6b
https://clearlydefined.io/definitions/git/github/zonyitoo/conhash-rs/779ed931b07c1a9b643dc14f62db29bf8102fd1b
https://clearlydefined.io/definitions/git/github/saleor/saleor-cli/2996c750aafb302cb1edaa1689f2d75fb5372c09
https://clearlydefined.io/definitions/git/github/zowens/crc32c/dea9e9acdbf696dd52e8a62524f0d6a3cb57d105
https://clearlydefined.io/definitions/debsrc/debian/-/python-tenacity/8.0.1-1
@qtomlinson
Copy link
Collaborator Author

@jeffwilcox @JamieMagee @elrayle The fixes were split from #999. Ready for review.

@qtomlinson qtomlinson marked this pull request as ready for review November 17, 2023 23:55
@qtomlinson qtomlinson requested a review from elrayle November 22, 2023 21:31
Copy link
Collaborator

@elrayle elrayle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really great to see some of the NOASSERTIONs being addressed. I appreciate the commit comments and excellent test coverage. Made it easy to understand the changes and what they will cover.

providers/summary/scancode.js Show resolved Hide resolved
@qtomlinson qtomlinson marked this pull request as draft November 28, 2023 22:15
qtomlinson and others added 3 commits December 7, 2023 09:39
Recent change utilizes packages[0].license_expression to derive license information. packages[0].license_expression sometimes contains partly unknown license inforamtion, e.g. "bsd-new AND unknown".  In these cases, ignore package.license_expression containing NOASSERTION, and resort to the logic of figuring out the license based on root files.
Co-authored-by: E. Lynette Rayle <[email protected]>
@qtomlinson qtomlinson marked this pull request as ready for review December 7, 2023 18:24
@qtomlinson
Copy link
Collaborator Author

@elrayle ready for review

@qtomlinson qtomlinson merged commit 0e02529 into clearlydefined:master Jan 2, 2024
2 checks passed
@qtomlinson qtomlinson deleted the qt/fix-scancode-summary branch January 2, 2024 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants