search

aboutcode-org / scancode.io

ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
https://scancodeio.readthedocs.io
Apache License 2.0
109 stars 83 forks source link

License Policy and Compliance Alert not working with scan_codebase but working with scan_package #784

Closed prakyathr closed 1 year ago

prakyathr commented 1 year ago

I am currently testing the functionality of Compliance Alert as it is one of the main requirements for OSS license scanning automation in my Organization. So, I was using the examples provided in the documentation using policies.yml and scan_codebase pipeline with cuckoo-filter package to test it out. However, I was never able to get the alerts configured in the policies.yml file.

license_policies:
  - license_key: mit
    label: Approved License
    compliance_alert: ""
  - license_key: mpl-2.0
    label: Restricted License
    compliance_alert: warning
  - license_key: gpl-3.0
    label: Prohibited License
    compliance_alert: error
  - license_key: cc-by-nc-sa-4.0
    label: Prohibited License
    compliance_alert: error

image image

However, when I use scan_package pipeline for the same package, the License policy and Compliance alert is working as expected. image

This is an expected output?

According to the documentation, license policy should be working for scan_codebase.

ScanCode.io: 32.3.0 ScanCode-toolkit: 32.0.4

tdruez commented 1 year ago

@prakyathr Thanks for reporting the issue.

The fix https://github.com/nexB/scancode.io/pull/786 has been merged in the main branch. Could you try again with the latest changes and confirm everything is now working as expected. Thanks!

prakyathr commented 1 year ago

@tdruez It is working now. Thanks for the fix.. image