Open swastkk opened 1 month ago
Hi I am new to contribution and would Like to work on this issue, could you please elaborate
Hey @Ripoohann Actually this issue involves the scanning of a Monorepo that contains various Rubygem packages and as #3792 states the Package Level Summary is to be computed, and under that we are calculating the license_clarity_score
and populating the various top level package attributes like copyright, holder, other_license_expression, notice_text
So We are facing issue in this Monorepo and further in rubygem package ecosystem where we are not tagging the key_files
properly that consequently helps in calculation of that license clarity score and package attributes that needs to be populated well. So we need to implement something in the Datafile handler that can help to tag the key_files properly.
Description
The Ruby Package Ecosystem miss to tag the
key_files
properly that affects the proper attributes population at Package Level and further thelicense_clarity_score
Example
While scanning https://github.com/inspec/inspec/archive/refs/tags/v6.8.2.zip , got the
license_clarity_score
as 0 with LICENSE atinspec-bin/LICENSE
and not at root is not tagged askey_file
https://rubygems.org/gems/inspec-bin
Consequently the package attributes like copyright, holder, etc are not populated well and got the
license_clarity_score
as 0