-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix NoAssertion cases by using information in scancode results #1018
Fix NoAssertion cases by using information in scancode results #1018
Conversation
In scancode, packages[0].license_expression contains license information. This later becomes 'declared_license_expression' (see aboutcode-org/scancode-toolkit@ab677c6#diff-47cc909d82dee95ebbb1a3d3a8ed519ae75684072c8f4867b90056d66863f964). Based on documentation, 'declared_license_expression' is the 'primary license expression as determined from the declaration(s) of the authors of the package'. See https://www.nexb.com/scancode-license-clarity-scoring/ When the existing logic fails to normalize, try to derive license information from packages[0].license_expression. Test cases: https://clearlydefined.io/definitions/git/github/jknack/handlebars.java/683c5e885d5dcdf3d17b33e9667f3fb153952016 https://clearlydefined.io/definitions/git/github/jenkinsci/workflow-support-plugin/35e2736cfd5c56799eece176328906d92b6a0dd1 https://clearlydefined.io/definitions/git/github/jenkinsci/durable-task-plugin/e5d4fc08b0be935e03229e23e99a0c92a780da5a https://clearlydefined.io/definitions/git/github/jenkinsci/pipeline-input-step-plugin/d8a957db5be95ddfbf81f41a60b2f034000314b5 https://clearlydefined.io/definitions/git/github/alephium/extension-wallet/d876b08e0c23ba58bcadedcc5b2a1975af386e6b https://clearlydefined.io/definitions/git/github/zonyitoo/conhash-rs/779ed931b07c1a9b643dc14f62db29bf8102fd1b https://clearlydefined.io/definitions/git/github/saleor/saleor-cli/2996c750aafb302cb1edaa1689f2d75fb5372c09 https://clearlydefined.io/definitions/git/github/zowens/crc32c/dea9e9acdbf696dd52e8a62524f0d6a3cb57d105 https://clearlydefined.io/definitions/debsrc/debian/-/python-tenacity/8.0.1-1
@jeffwilcox @JamieMagee @elrayle The fixes were split from #999. Ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really great to see some of the NOASSERTIONs being addressed. I appreciate the commit comments and excellent test coverage. Made it easy to understand the changes and what they will cover.
Recent change utilizes packages[0].license_expression to derive license information. packages[0].license_expression sometimes contains partly unknown license inforamtion, e.g. "bsd-new AND unknown". In these cases, ignore package.license_expression containing NOASSERTION, and resort to the logic of figuring out the license based on root files.
Co-authored-by: E. Lynette Rayle <[email protected]>
@elrayle ready for review |
No description provided.