Fast, portable and reliable dependency analysis for any codebase. Supports license & vulnerability scanning for large monoliths. Language-agnostic; integrates with 20+ build systems.
# In fossa-cli, with this branch checked out:
make install-dev
# in the directory with the fossa-deps file from above:
fossa-dev report attribution --format json > ~/tmp/report-cli-dev-core-master.json
# Compare the two. There should be no changes
diff ~/tmp/report-cli-master-core-master.json ~/tmp/report-cli-dev-core-master.json
"copyrightsByLicense": {
"MIT": [
"1996, 1998, 1999, 2001 Red Hat, Inc."
]
},
After:
"copyrightsByLicense": {
"MIT": [
"1996, 1998, 1999, 2001 Red Hat, Inc.",
"1996, 1998, 2001, 2002 Red Hat, Inc.",
"2001 John Beniton",
"2002 Ranjit Mathew",
"1996, 1998 Red Hat, Inc.",
"1996-2003 Red Hat, Inc.",
"2002 Bo Thorsen",
"2002 Roger Sayle"
]
[x] I added tests for this PR's change (or explained in the PR description why tests don't make sense).
[ ] If this PR introduced a user-visible change, I added documentation into docs/.
[ ] If this PR added docs, I added links as appropriate to the user manual's ToC in docs/README.ms and gave consideration to how discoverable or not my documentation is.
[ ] If this change is externally visible, I updated Changelog.md. If this PR did not mark a release, I added my changes into an # Unreleased section at the top.
[ ] If I made changes to .fossa.yml or fossa-deps.{json.yml}, I updated docs/references/files/*.schema.json AND I have updated example files used by fossa init command. You may also need to update these if you have added/removed new dependency type (e.g. pip) or analysis target type (e.g. poetry).
[ ] If I made changes to a subcommand's options, I updated docs/references/subcommands/<subcommand>.md.
Overview
https://teamfossa.slack.com/archives/C0155DTGWB1/p1721159453386859
As part of https://fossa.atlassian.net/browse/CORE-3105, we need to include a
includeCopyrightList=true
query param when we're getting a JSON attribution report.This PR adds that.
Acceptance criteria
Testing plan
Use the fossa-deps.yml from the ticket:
Run
fossa analyze
and thenfossa report attribution --format json
against current core. Compare the output to the results from this branch.Now run against core locally, but with the branch from https://github.com/fossas/FOSSA/pull/13269 checked out:
Note the difference in the copyrights.
Before:
After:
Risks
This is very low risk
Metrics
N/A
References
Checklist
docs/
.docs/README.ms
and gave consideration to how discoverable or not my documentation is.Changelog.md
. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top..fossa.yml
orfossa-deps.{json.yml}
, I updateddocs/references/files/*.schema.json
AND I have updated example files used byfossa init
command. You may also need to update these if you have added/removed new dependency type (e.g.pip
) or analysis target type (e.g.poetry
).docs/references/subcommands/<subcommand>.md
.