Open hanna-modica opened 3 years ago
Thanks. Another rules that could benefit from a more restrictive minimum coverage of ~ 90 (e.g. 90% of the words are required to match)
{
"key": "epl-1.0",
"score": 40.0,
"name": "Eclipse Public License 1.0",
"short_name": "EPL 1.0",
"category": "Copyleft Limited",
"is_exception": false,
"owner": "Eclipse Foundation",
"homepage_url": "http://www.eclipse.org/legal/epl-v10.html",
"text_url": "http://www.eclipse.org/legal/epl-v10.html",
"reference_url": "https://scancode-licensedb.aboutcode.org/epl-1.0",
"scancode_text_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/epl-1.0.LICENSE",
"scancode_data_url": "https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/licenses/epl-1.0.yml",
"spdx_license_key": "EPL-1.0",
"spdx_url": "https://spdx.org/licenses/EPL-1.0",
"start_line": 28,
"end_line": 31,
"matched_rule": {
"identifier": "epl-1.0_or_lgpl-2.1-plus_4.RULE",
"license_expression": "epl-1.0 OR lgpl-2.1-plus",
"licenses": [
"epl-1.0",
"lgpl-2.1-plus"
],
"is_license_text": false,
"is_license_notice": false,
"is_license_reference": false,
"is_license_tag": true,
"is_license_intro": false,
"matcher": "3-seq",
"rule_length": 50,
"matched_length": 20,
"match_coverage": 40.0,
"rule_relevance": 100
},
"matched_text": "licenses>\n <license>\n <name>Eclipse Public License - [Version] 1.0</name>\n <url>http://www.eclipse.org/org/documents/epl-v10.php</url>"
},
Note though that when using the --package
option, I get a correct detection (because it is aware of the POM data structure):
"packages": [
{
"type": "maven",
"namespace": "org.eclipse.hawkbit",
"name": "hawkbit-parent",
"version": "0.3.0-SNAPSHOT",
"qualifiers": {},
"subpath": null,
"primary_language": "Java",
"description": "hawkBit :: Parent",
"release_date": null,
"parties": [
{
"type": "person",
"role": "developper",
"name": null,
"email": "kai.zimmermann@microsoft.com",
"url": null
},
{
"type": "person",
"role": "developper",
"name": null,
"email": "Jeroen.Laverman@bosch.io",
"url": null
},
{
"type": "person",
"role": "developper",
"name": null,
"email": null,
"url": null
},
{
"type": "person",
"role": "developper",
"name": null,
"email": "Dominic.Schabel@bosch.io",
"url": null
},
{
"type": "person",
"role": "developper",
"name": null,
"email": "Stefan.Behl@bosch.io",
"url": null
}
],
"keywords": [],
"homepage_url": null,
"download_url": null,
"size": null,
"sha1": null,
"md5": null,
"sha256": null,
"sha512": null,
"bug_tracking_url": null,
"code_view_url": "https://github.com/eclipse/hawkbit.git",
"vcs_url": "git+https://github.com/eclipse/hawkbit.git",
"copyright": null,
"license_expression": "epl-1.0",
"declared_license": [
{
"name": "Eclipse Public License - Version 1.0",
"url": "http://www.eclipse.org/org/documents/epl-v10.php",
"comments": null,
"distribution": null
}
],
"notice_text": null,
"root_path": null,
"dependencies": [
{
"purl": "pkg:maven/com.vaadin/vaadin-bom",
"requirement": "8.12.3",
"scope": "import",
"is_runtime": true,
"is_optional": false,
"is_resolved": false
},
{
"purl": "pkg:maven/org.springframework.cloud/spring-cloud-dependencies",
"requirement": "Hoxton.SR7",
"scope": "import",
"is_runtime": true,
"is_optional": false,
"is_resolved": false
}
],
"contains_source_code": null,
"source_packages": [
"pkg:maven/org.eclipse.hawkbit/hawkbit-parent@0.3.0-SNAPSHOT?classifier=sources"
],
"extra_data": {},
"purl": "pkg:maven/org.eclipse.hawkbit/hawkbit-parent@0.3.0-SNAPSHOT",
"repository_homepage_url": "https://repo1.maven.org/maven2/org/eclipse/hawkbit/hawkbit-parent/0.3.0-SNAPSHOT/",
"repository_download_url": "https://repo1.maven.org/maven2/org/eclipse/hawkbit/hawkbit-parent/0.3.0-SNAPSHOT/hawkbit-parent-0.3.0-SNAPSHOT.jar",
"api_data_url": "https://repo1.maven.org/maven2/org/eclipse/hawkbit/hawkbit-parent/0.3.0-SNAPSHOT/hawkbit-parent-0.3.0-SNAPSHOT.pom"
}
]
Description
ScanCode reports wrong license in Eclipse Hawkbit pom.xml file, although it states Eclipse Public License v1.0.
Examples:
How To Reproduce
Scan https://github.com/eclipse/hawkbit with ScanCode
System configuration
The scan was done on Linux with the OSS Review Toolkit https://github.com/oss-review-toolkit/ort/ using ScanCode as the scanner.