feat(license): Support for deep license scanning for finding concluded licenses #7344
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Added Support for deep license scanning to find concluded licenses. This feature is an extension to the existing license scanning support to find the concluded licenses. Current implementation only checks the manifest files and gets the declared licenses found for each package. With this deep license scanning, it also scans all other files found in the package directory, applies google license classifier on the file content and gets the license findings. This feature is useful from a license persona, where they are mainly concerned about all the licenses that can be found in the given image/filesystem.
Currently Adding support for NodeJS and dotnet languages as part of this PR. Can be extended to other languages as well.
Features:
Limitations:
Before,
{ "ID": "[email protected]", "Name": "harmony-reflect", "Identifier": { "PURL": "pkg:npm/[email protected]", "UID": "1e2a0faf8c98eb2e" }, "Version": "1.6.2", "Licenses": [ "Apache-2.0", "MPL-1.1" ], "Indirect": true, "Relationship": "indirect", "Layer": {}, "Locations": [ { "StartLine": 12321, "EndLine": 12326 } ] },
After
{ "ID": "[email protected]", "Name": "harmony-reflect", "Identifier": { "PURL": "pkg:npm/[email protected]", "UID": "1e2a0faf8c98eb2e" }, "Version": "1.6.2", "Licenses": [ "Apache-2.0", "MPL-1.1" ], "ConcludedLicenses": [ { "Name": "Apache-2.0", "Type": "header", "IsDeclared": false, "FilePath": "node_modules/harmony-reflect/reflect.js", "LicenseTextChecksum": "ebc83a1acf7dd9ea52c518980ecd82e2e0688f4aa1aa27cb3350a722d86c6380" } ], "Indirect": true, "Relationship": "indirect", "Layer": {}, "Locations": [ { "StartLine": 12321, "EndLine": 12326 } ] },
Checklist