:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/nexB/scancode-toolkit/issues/3769
... here is a follow up enhancement: we could return a VCL URL that accounts for the workspace subpath: https://github.com/cloudflare/boring/#boring rather than https://github.com/cloudflare/boring/
As a follow up to https://github.com/nexB/scancode-toolkit/pull/3783/files#diff-4812cb137317475cf4bf00fabc4d9376a771d5fccc3dce5faca9787634897e16R31 for:
https://github.com/cloudflare/boring/#boring
rather thanhttps://github.com/cloudflare/boring/
See https://spdx.github.io/spdx-spec/v2.3/package-information/#77-package-download-location-field