Closed tsteenbe closed 3 years ago
MoveTK is just the public example - per spec for this it's not required to have project.spdx.yml for a project. Requiring to have project.spdx.yml would break some of our and other ORT user's use cases.
From discussion with @tsteenbe on Friday: Idea:
resolveDefintionFiles()
in the analyzer -> create a new function in PackageManager that runs before this and can implement definition file specific rulesSpdxDocumentFile
this would be -> if project.spdx.yml
exist, delete allpackage.spd.yml
, otherwise keep themSpdxDocumentFile
resolveDependencies
: delete discarding of the package.spdx.yml
and return package.spdx,yml
information if it is a definition file. EDIT: such a function exists already in ### "mapDefinitionFiles()" -> mapping will just be adapted to above described desired result.
@tsteenbe do you by any chance still have an analyzer result file from an old MoveTK project that shows how you would expect the results to look?
@neubs-bsi Sure, here you go movetk-november-30-2020-analyzer-result.json.zip
Previously for the MoveTK project (https://github.com/heremaps/movetk) the report would show SpdxDocumentFile entries and now the Analyzer logs shows the below:
This regression in functionality was introduced in https://github.com/oss-review-toolkit/ort/pull/3846 but per the https://github.com/spdx/spdx-spec/issues/439 this should work.