pombredanne
commented
2 years ago @MarcelBochtler Thanks! The good news is that this is already fixed in the develop branch:
$ wget https://raw.githubusercontent.com/flyway/flyway/fe24e96a51a6b4b43a56832d3258662ae71ef669/flyway-core/src/main/java/org/flywaydb/core/Flyway.java
$ scancode -l --license-text --license-text-diagnostics --yaml - Flyway.java
headers:
- tool_name: scancode-toolkit
tool_version: 31.0.0b1
options:
input:
- Flyway.java
--license: yes
--license-text: yes
--license-text-diagnostics: yes
--yaml: '-'
notice: |
Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.
start_timestamp: '2022-04-29T082733.637666'
end_timestamp: '2022-04-29T082736.333521'
output_format_version: 2.0.0
duration: '2.695866823196411'
message:
errors: []
warnings: []
extra_data:
system_environment:
operating_system: linux
cpu_architecture: 64
platform: Linux-4.15.0-176-generic-x86_64-with-glibc2.23
platform_version: '#185~16.04.1-Ubuntu SMP Mon Apr 4 10:41:35 UTC 2022'
python_version: "3.9.10 (main, Jan 29 2022, 10:01:49) \n[GCC 5.4.0 20160609]"
spdx_license_list_version: '3.16'
files_count: 1
files:
- path: Flyway.java
type: file
licenses:
- key: apache-2.0
score: '100.0'
name: Apache License 2.0
short_name: Apache 2.0
category: Permissive
is_exception: no
is_unknown: no
owner: Apache Software Foundation
homepage_url: http://www.apache.org/licenses/
text_url: http://www.apache.org/licenses/LICENSE-2.0
reference_url: https://scancode-licensedb.aboutcode.org/apache-2.0
scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/apache-2.0.LICENSE
scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/apache-2.0.yml
spdx_license_key: Apache-2.0
spdx_url: https://spdx.org/licenses/Apache-2.0
start_line: 4
end_line: 14
matched_rule:
identifier: apache-2.0_7.RULE
license_expression: apache-2.0
licenses:
- apache-2.0
referenced_filenames: []
is_license_text: no
is_license_notice: yes
is_license_reference: no
is_license_tag: no
is_license_intro: no
has_unknown: no
matcher: 2-aho
rule_length: 85
matched_length: 85
match_coverage: '100.0'
rule_relevance: 100
matched_text: |
Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
license_expressions:
- apache-2.0
percentage_of_license_text: '4.75'
scan_errors: []
and
$ wget https://raw.githubusercontent.com/flyway/flyway/fe24e96a51a6b4b43a56832d3258662ae71ef669/flyway-core/src/main/java/org/flywaydb/core/package-info.java
$ scancode -l --license-text --license-text-diagnostics --yaml - package-info.java
headers:
- tool_name: scancode-toolkit
tool_version: 31.0.0b1
options:
input:
- package-info.java
--license: yes
--license-text: yes
--license-text-diagnostics: yes
--yaml: '-'
notice: |
Generated with ScanCode and provided on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied. No content created from
ScanCode should be considered or used as legal advice. Consult an Attorney
for any legal advice.
ScanCode is a free software code scanning tool from nexB Inc. and others.
Visit https://github.com/nexB/scancode-toolkit/ for support and download.
start_timestamp: '2022-04-29T082741.565355'
end_timestamp: '2022-04-29T082743.957257'
output_format_version: 2.0.0
duration: '2.3919146060943604'
message:
errors: []
warnings: []
extra_data:
system_environment:
operating_system: linux
cpu_architecture: 64
platform: Linux-4.15.0-176-generic-x86_64-with-glibc2.23
platform_version: '#185~16.04.1-Ubuntu SMP Mon Apr 4 10:41:35 UTC 2022'
python_version: "3.9.10 (main, Jan 29 2022, 10:01:49) \n[GCC 5.4.0 20160609]"
spdx_license_list_version: '3.16'
files_count: 1
files:
- path: package-info.java
type: file
licenses:
- key: apache-2.0
score: '100.0'
name: Apache License 2.0
short_name: Apache 2.0
category: Permissive
is_exception: no
is_unknown: no
owner: Apache Software Foundation
homepage_url: http://www.apache.org/licenses/
text_url: http://www.apache.org/licenses/LICENSE-2.0
reference_url: https://scancode-licensedb.aboutcode.org/apache-2.0
scancode_text_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/apache-2.0.LICENSE
scancode_data_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/apache-2.0.yml
spdx_license_key: Apache-2.0
spdx_url: https://spdx.org/licenses/Apache-2.0
start_line: 4
end_line: 14
matched_rule:
identifier: apache-2.0_7.RULE
license_expression: apache-2.0
licenses:
- apache-2.0
referenced_filenames: []
is_license_text: no
is_license_notice: yes
is_license_reference: no
is_license_tag: no
is_license_intro: no
has_unknown: no
matcher: 2-aho
rule_length: 85
matched_length: 85
match_coverage: '100.0'
rule_relevance: 100
matched_text: |
Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
license_expressions:
- apache-2.0
percentage_of_license_text: '73.91'
scan_errors: []
Scanning done.
Summary: licenses with 1 process(es)
Errors count: 0
Scan Speed: 2.09 files/sec.
Initial counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Final counts: 1 resource(s): 1 file(s) and 0 directorie(s)
Timings:
scan_start: 2022-04-29T082741.565355
scan_end: 2022-04-29T082743.957257
setup_scan:licenses: 1.88s
setup: 1.88s
scan: 0.48s
total: 2.40s
Description
Scanning flyway-core with ScanCode 30.1.0 results in multiple findings of
LicenseRef-scancode-proprietary-licensewhich IMO are false-positives.The matched lines are in all
package-info.javafiles lines 14-17:https://github.com/flyway/flyway/blob/fe24e96a51a6b4b43a56832d3258662ae71ef669/flyway-core/src/main/java/org/flywaydb/core/package-info.java#L14-L17
Another
LicenseRef-scancode-proprietary-licensefinding which is also a false-positive finding is inorg/flywaydb/core/Flyway.javalines 350-366:https://github.com/flyway/flyway/blob/fe24e96a51a6b4b43a56832d3258662ae71ef669/flyway-core/src/main/java/org/flywaydb/core/Flyway.java#L350-L366
How To Reproduce
Scan flyway-core with ScanCode 30.1.0.
System configuration
I scanned flyway-core using the latest ORT version on Linux.