-
Notifications
You must be signed in to change notification settings - Fork 83
-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generated scan results should show the version of scancode-toolkit that was used #670
Comments
@pombredanne please comment on the best place to put this information. |
Maybe a new entry in the header, such as:
Suggestion for naming the |
how about |
or or a purl? |
Signed-off-by: Thomas Druez <tdruez@nexb.com>
|
Is top level really the best place to add this information? What I am seeing in the output is this:
and I think it makes much more sense to record the versions of the used tools in each individual pipeline entry in the I would also suggest using the exact same field names as scancode-toolkit uses:
or perhaps even include the verbatim scancode headers, including the options with which scancode was run, which are now completely missing from the scancode.io results (judging by the output that was posted here). As an example I did a short (partial) scan of a package and the headers of the JSON look like this:
This output gives me a lot more information than the one from scancode.io related to for example the I also noticed that there are some different fields for what basically amounts to the same data in the two formats such as |
@armijnhemel I think we cannot really separate the ScanCode toolkit version from a ScanCode.io version as they are closely tied to and you cannot just switch a ScanCode TK version this way. We cannot also configure the SCTK arguments: instead these are baked in the code of a pipeline. But we should surely come with an harmonized header format and could also provide more details. |
We should also include more environment details such as version of various tools in symbols collection, OS, etc. We already do some of this in ScanCode Toolkit results |
I was not able to find in the generated scan results the version of scancode-toolkit that was used in a recent scan from SCIO 32.1.0. That information would be very useful in the generated scan results. (If it is already there, please advise where I can see it.)
Example scan results attached.
slint-1.0.0.tar.gz_scan.json.zip
The text was updated successfully, but these errors were encountered: