From 3df4ac7e35ff7a1f728326656c4655dc89dc9d18 Mon Sep 17 00:00:00 2001
From: Oliver Stolz <oliver.stolz@iml.fraunhofer.de>
Date: Wed, 19 Jun 2024 12:06:42 +0200
Subject: [PATCH 1/2] Add ORT configurations and instructions

- Add .ort.yml to fix mistakes made by the ORT scanner
- Add release note instructions
---
 .ort.yml  | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 README.md | 12 +++++++
 2 files changed, 105 insertions(+)
 create mode 100644 .ort.yml

diff --git a/.ort.yml b/.ort.yml
new file mode 100644
index 0000000..c621944
--- /dev/null
+++ b/.ort.yml
@@ -0,0 +1,93 @@
+# SPDX-FileCopyrightText: The PFDL VS Code Extension Contributors
+# SPDX-License-Identifier: CC0-1.0
+
+excludes:
+  scopes:
+  - pattern: "devDependencies"
+    reason: "DEV_DEPENDENCY_OF"
+    comment: "Packages for development only."
+  - pattern: "\\*\\*/node_modules/\\*\\*"
+    reason: "BUILD_TOOL_OF"
+    comment: "Packages for building the source code only."
+  - pattern: "\\*\\*/package-lock.json"
+    reason: "BUILD_TOOL_OF"
+    comment: "Autogenerated by npm, might contain missleading information."
+
+curations:
+  license_findings:
+  - path: "README.md"
+    start_lines: 254
+    line_count: 1
+    detected_license: "LGPL-2.0-or-later"
+    reason: "DOCUMENTATION_OF"
+    comment: "The scanner missmatches a License declaration in the documentation."
+    concluded_license: "MIT"
+
+  - path: "pfdl/README.md"
+    start_lines: 81
+    line_count: 1
+    detected_license: "NOASSERTION"
+    reason: "DOCUMENTATION_OF"
+    comment: "The scanner missmatches a License declaration in the documentation."
+    concluded_license: "MIT"
+
+  - path: "pfdl/README.md"
+    start_lines: 87
+    line_count: 1
+    detected_license: "NOASSERTION"
+    reason: "DOCUMENTATION_OF"
+    comment: "The scanner missmatches a License declaration in the documentation."
+    concluded_license: "MIT"
+
+  - path: "pfdl/**/*.py"
+    start_lines: 3
+    line_count: 2
+    detected_license: "LicenseRef-scancode-proprietary-license"
+    reason: "INCORRECT"
+    comment: "The scanner missmatches the license headers of various python files."
+    concluded_license: "MIT"
+
+package_configurations:
+  - id: "NPM::dotparser:1.1.1"
+    vcs:
+      type: "Git"
+      url: "https://github.com/anvaka/dotparser.git"
+      revision: "0756a293a56ada4c978a6a1aa4d315ecdac2944e"
+    path_excludes:
+    - pattern: "./package-lock.json"
+      reason: "BUILD_TOOL_OF"
+      comment: "Autogenerated by npm, contains missleading licensing information."
+  - id: "NPM::minimatch:3.1.2"
+    vcs:
+      type: "Git"
+      url: "https://github.com/isaacs/minimatch.git"
+      revision: "699c459443a6bd98f5b28197978f76e7f71467ac"
+    path_excludes:
+    - pattern: "./package-lock.json"
+      reason: "BUILD_TOOL_OF"
+      comment: "Autogenerated by npm, contains missleading licensing information."
+  - id: "NPM::cytoscape:3.27.0"
+    vcs:
+      type: "Git"
+      url: "https://github.com/cytoscape/cytoscape.js.git"
+      revision: "f8ffa3a95eff6fc2427beab110c23a22843681ff"
+    path_excludes:
+    - pattern: "./test/lib/*"
+      reason: "TEST_OF"
+      comment: "test code is missinterpreted."
+  - id: "PyPI::certifi:2024.6.2"
+    source_artifact_url: "https://files.pythonhosted.org/packages/07/b3/e02f4f397c81077ffc52a538e0aec464016f1860c472ed33bd2a1d220cc5/certifi-2024.6.2.tar.gz"
+    path_excludes:
+    - pattern: "certifi-2024.6.2/certifi/cacert.pem"
+      reason: "OTHER"
+      comment: "pem file is analysed for copyrights."
+  - id: "PyPI::requests:2.32.3"
+    vcs:
+      type: "Git"
+      url: "https://github.com/psf/requests.git"
+      revision: "0e322af87745eff34caffe4df68456ebc20d9068"
+    path_excludes:
+    - pattern: "docs/**/*"
+      reason: "DOCUMENTATION_OF"
+      comment: "Wrong licensing information were gained from documentation files."
+
diff --git a/README.md b/README.md
index 42c9488..27aa4eb 100644
--- a/README.md
+++ b/README.md
@@ -232,6 +232,18 @@ The program crashes and it has something to do with the Scheduler the extension
 > To display errors and to generate the code visualization, the extension calls the [Scheduler](https://github.com/iml130/pfdl). The Scheduler is still under development, so there may be bugs. If the extension crashes because of the Scheduler please open an issue in that repo.
 
 ## Release Notes
+For each release, a `.vsix` installation file for VS Code is provided, as well as a `bundle.js` source code file, containing the code that is responsible for the code visualization.
+
+Additionally, a license file is generated using the [OSS Review Toolkit (ORT)](http://oss-review-toolkit.org/ort/) to automatically conclude licenses and copyright information declared in the dependencies of this project (excluding `devDependencies` for npm). The file can be reproduced by following the [ORT installation guide](http://oss-review-toolkit.org/ort/docs/getting-started/installation) and running the following commands from inside the downloaded ORT repository:
+
+```
+cli/build/install/ort/bin/ort analyze -i path/to/pfdl-vs-code-extension -o path/to/output/directory 
+
+cli/build/install/ort/bin/ort -P ort.enableRepositoryPackageCurations=true -P ort.enableRepositoryPackageConfigurations=true -P ort.scanner.skipExcluded=true scan -i path/to/output/directory/analyzer-result.yml -o path/to/output/directory
+
+cli/build/install/ort/bin/ort report -f PdfTemplate -i path/to/output/directory/scan-result.yml -o path/to/output/directory
+```
+Note that the copyright information of this project found by ORT are not complete and had to be completed manually.
 
 ### v0.1.0
 

From 2fdaaceb711c6a092ba31f3bda1ea710e043c411 Mon Sep 17 00:00:00 2001
From: Oliver Stolz <oliver.stolz@iml.fraunhofer.de>
Date: Wed, 19 Jun 2024 12:28:06 +0200
Subject: [PATCH 2/2] Correct wording

---
 .ort.yml  | 2 +-
 README.md | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.ort.yml b/.ort.yml
index c621944..fd8c324 100644
--- a/.ort.yml
+++ b/.ort.yml
@@ -16,7 +16,7 @@ excludes:
 curations:
   license_findings:
   - path: "README.md"
-    start_lines: 254
+    start_lines: 256
     line_count: 1
     detected_license: "LGPL-2.0-or-later"
     reason: "DOCUMENTATION_OF"
diff --git a/README.md b/README.md
index 27aa4eb..05d12da 100644
--- a/README.md
+++ b/README.md
@@ -232,17 +232,19 @@ The program crashes and it has something to do with the Scheduler the extension
 > To display errors and to generate the code visualization, the extension calls the [Scheduler](https://github.com/iml130/pfdl). The Scheduler is still under development, so there may be bugs. If the extension crashes because of the Scheduler please open an issue in that repo.
 
 ## Release Notes
+
 For each release, a `.vsix` installation file for VS Code is provided, as well as a `bundle.js` source code file, containing the code that is responsible for the code visualization.
 
-Additionally, a license file is generated using the [OSS Review Toolkit (ORT)](http://oss-review-toolkit.org/ort/) to automatically conclude licenses and copyright information declared in the dependencies of this project (excluding `devDependencies` for npm). The file can be reproduced by following the [ORT installation guide](http://oss-review-toolkit.org/ort/docs/getting-started/installation) and running the following commands from inside the downloaded ORT repository:
+Additionally, a license file is generated using the [OSS Review Toolkit (ORT)](http://oss-review-toolkit.org/ort/) to automatically collect and summarize licenses and copyright information declared in the dependencies of this project (excluding `devDependencies` for npm). The file can be reproduced by following the [ORT installation guide](http://oss-review-toolkit.org/ort/docs/getting-started/installation) and running the following commands from inside the downloaded ORT repository:
 
 ```
-cli/build/install/ort/bin/ort analyze -i path/to/pfdl-vs-code-extension -o path/to/output/directory 
+cli/build/install/ort/bin/ort analyze -i path/to/pfdl-vs-code-extension -o path/to/output/directory
 
 cli/build/install/ort/bin/ort -P ort.enableRepositoryPackageCurations=true -P ort.enableRepositoryPackageConfigurations=true -P ort.scanner.skipExcluded=true scan -i path/to/output/directory/analyzer-result.yml -o path/to/output/directory
 
 cli/build/install/ort/bin/ort report -f PdfTemplate -i path/to/output/directory/scan-result.yml -o path/to/output/directory
 ```
+
 Note that the copyright information of this project found by ORT are not complete and had to be completed manually.
 
 ### v0.1.0