SLScan not generating licence compliance report

[shubhdeeprajput]

Thanks for the great tool. Helps a lot! We have started using SLScan for licence compliance and open source vunerability management purpose. But, we are facing an issue: SLScan is not generating licence compliance report. Tested for Go and python but no report generated. I am sharing the part from CI file:

`slscan: stage: slscan image: shiftleft/sast-scan:latest script:

• scan --src ${CI_PROJECT_DIR} --out_dir ${CI_PROJECT_DIR}/reports --build artifacts: name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME" paths:
  • $CI_PROJECT_DIR/reports/ when: always`

Are we doing everything alright or has anyone encountered this issue. If yes, kindly help us out!

[prabhu]

@shubhdeeprajput The environment variable FETCH_LICENSE must be set to true as explained in the docs.

https://slscan.io/en/latest/getting-started/#environment-variables

[shubhdeeprajput]

@prabhu Thanks for the quick reply. We tried and are now getting some json file contaning licence information. Not sure if thats how the report should be generated. Can you provide me sample report of licence compliance. I am attaching mine here for your reference. license-go.zip

[prabhu]

@shubhdeeprajput Are you not seeing an HTML version of this report?

[shubhdeeprajput]

@prabhu Yes we are not getting any HTML version of this report. Also, for some repos, license report is generating and for some, its not. We tested on Go and python repos. Are we missing something? (Other than FETCH_LICENSE variable, ofcourse!)

[prabhu]

@shubhdeeprajput Must be a bug where the HTML conversion depends on sast or dep-scan results being non-empty, would be my guess. I am no longer maintaining this project, so happy to take any PR.