search

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://aboutcode.org/scancode/
2.13k stars 551 forks source link

Reported rule URLs refer to `develop` branch instead of corresponding tagged release #3808

Open stefan6419846 opened 4 months ago

stefan6419846 commented 4 months ago

Description

In the generated YAML report, the rule URL refers to the develop branch instead of the tagged release if used from a release.

How To Reproduce

Running scancode -l --license-text setup.py --info --url --copyright --yaml setup.yaml on a file generates a YAML report which includes

rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_1251.RULE

This is misleading as the rule might have changed when the report has been generated with an older ScanCode Toolkit version or even deleted, thus making the reference more or less obsolete/fragile.

System configuration

pombredanne commented 4 months ago

@stefan6419846 good point! We have since then evolved a rule to deprecate but never delete or repurpose existing rules. But pointing to a specific tag or commit would be a good thing.