search

nexB / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/nexB/scancode-toolkit/releases/
2.02k stars 534 forks source link

Reported rule URLs refer to `develop` branch instead of corresponding tagged release #3808

Open stefan6419846 opened 2 weeks ago

stefan6419846 commented 2 weeks ago

Description

In the generated YAML report, the rule URL refers to the develop branch instead of the tagged release if used from a release.

How To Reproduce

Running scancode -l --license-text setup.py --info --url --copyright --yaml setup.yaml on a file generates a YAML report which includes

rule_url: https://github.com/nexB/scancode-toolkit/tree/develop/src/licensedcode/data/rules/apache-2.0_1251.RULE

This is misleading as the rule might have changed when the report has been generated with an older ScanCode Toolkit version or even deleted, thus making the reference more or less obsolete/fragile.

System configuration

pombredanne commented 1 week ago

@stefan6419846 good point! We have since then evolved a rule to deprecate but never delete or repurpose existing rules. But pointing to a specific tag or commit would be a good thing.