Closed apfelkraut closed 4 years ago
The problem here is that the --scopes
parameter of the scanner got introduced very early when there was no other way of excluding dependencies. The behavior is now inconsistent and the only component uses that parameter is the scanner, while the other components like the evaluator and the reporter looks at excludes instead.
I think it would be best to remove the --scopes
parameter and replace it with a new --ignore-excluded
parameter that disables scanning of excluded dependencies. This would be more consistent with the other tools.
@sschuberth What's your opinion on this?
I like that idea basically, @mnonnenmacher, esp. if --scopes
is currently broken, see #2206. But I'll look at the latter issue anyway to eventually fix it before we remove it, so that if we ever revert to it, we'll revert to a working state.
@apfelkraut, the --scopes
option for the scanner has now been replaced with a --skip-excluded
option, see https://github.com/heremaps/oss-review-toolkit/pull/2271. Does that fulfill your use-case?
Absolutely. Thanks a lot!
Meanwhile and based on your feedback I was mainly working with excluding certain scopes via the project specific .ort.yml
file, because in the end I only wanted to see licenses within the NoticeByPackage that are really part of the shippable product.
I think this change allows a considerable reduction in scanning time if one can now excludes those scopes also from being scanned. In a project with no cached scanner results and 500+ dependencies, this means a significant amount of time.
PREREQUISITES
SUMMARY
STEPS TO REPRODUCE
cli/build/install/ort/bin/ort --debug analyze -i [mime-types-path]/ -o [mime-types-path]/ort --allow-dynamic-versions
cli/build/install/ort/bin/ort --debug scan -i [mime-types-path]/ort/analyzer-result.yml -o [mime-types-path]/ort --scopes dependencies
cli/build/install/ort/bin/ort --debug report -f NoticeByPackage -i [mime-types-path]/ort/scan-result.yml -o [mime-types-path]/ort
cli/build/install/ort/bin/ort --debug scan -i [mime-types-path]/ort/analyzer-result.yml -o [mime-types-path]/ort_full
cli/build/install/ort/bin/ort --debug report -f NoticeByPackage -i [mime-types-path]/ort_full/scan-result.yml -o [mime-types-path]/ort_full
CURRENT BEHAVIOR Variant A:
Variant B:
EXPECTED BEHAVIOR
REPORTED ERRORS Variant A:
Variant B:
19:52:46.108 [main] ERROR com.here.ort.reporter.reporters.NoticeByPackageProcessor - No license information was added for package NPM::jsonify:0.0.0.