Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ScanCode Toolkit version #502

Open
qtomlinson opened this issue Nov 21, 2022 · 4 comments
Open

Update ScanCode Toolkit version #502

qtomlinson opened this issue Nov 21, 2022 · 4 comments

Comments

@qtomlinson
Copy link
Collaborator

In the scancode result, warning is reported:

"OUTDATED": "WARNING: Outdated ScanCode Toolkit version! You are using an outdated version of ScanCode Toolkit: 30.1.0 released on: 2021-09-24. A new version is available with important improvements including bug and security fixes, updated license, copyright and package detection, and improved scanning accuracy. Please download and install the latest version of ScanCode. Visit https://github.com/nexB/scancode-toolkit/releases for details."
This was referenced Oct 13, 2023
Open
Open
@elrayle
Copy link
Collaborator

elrayle commented Oct 13, 2023
edited
Loading

ClearlyDefined/crawler is 2 major versions behind on nexB/scancode-toolkit (referred to generically as scancode). There have been output format changes in at least one of the updates. ClearlyDefined/service processes raw tool output and needs to be updated to work with the latest scancode output format.

Related Work

@elrayle elrayle mentioned this issue Oct 13, 2023
Open
@qtomlinson qtomlinson mentioned this issue Nov 15, 2023
Open
@qtomlinson
Copy link
Collaborator Author

Changes needed:
Crawler:

  • Command-line options in config/cdConfig.js
  • Dockerfile and DevDockerfile

Service:

  • providers/summary/scancode.js needs to be modified to extract the ScanCode output to the summary.

Test cases:

  • Cases in point 1. These licenses have been verified.
  • Another interesting case to cover is when the license from the package summary differs from the license from the root files. For example, composer/packagist/mmucklo/krumo/0.7.0 (see definitionServiceTest).

Other considerations:

  • Memory requirements for the newer version compared to the version in use. Is any adjustment to the configuration of our infrastructure necessary?

@lumaxis
Copy link
Contributor

lumaxis commented Dec 8, 2023

Thank you @qtomlinson! I started looking into this and will report back with any findings 🙂

@qtomlinson
Copy link
Collaborator Author

@lumaxis For cases where the license of the package differs from the license of the root files (e.g., composer/packagist/mmucklo/krumo/0.7.0), it is interesting to discover the new behavior, which may be different or better than what we currently have.

@lumaxis lumaxis mentioned this issue Feb 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lumaxis @elrayle @qtomlinson