>.
* New decision table structure `LicenseAssignmentV2` with additional condition `origin`.
Old structure deprecated but still supported.
From 3866e5917a147a327197ed4258a6f9d75ab8fc7f Mon Sep 17 00:00:00 2001
From: pgarus <35223024+pgarus97@users.noreply.github.com>
Date: Mon, 5 Sep 2022 09:49:38 +0200
Subject: [PATCH 005/139] deprecated usage of npm-license-checker reader and
added documentation (#127)
Co-authored-by: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
---
.../NpmLicenseCrawlerReader.java | 10 +++-
documentation/master-solicitor.asciidoc | 49 ++++++++++---------
2 files changed, 36 insertions(+), 23 deletions(-)
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
index 6099037c..4b303d7d 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
@@ -25,10 +25,16 @@
import com.devonfw.tools.solicitor.model.masterdata.UsagePattern;
import com.devonfw.tools.solicitor.reader.AbstractReader;
import com.devonfw.tools.solicitor.reader.Reader;
+import com.devonfw.tools.solicitor.reader.npmlicensechecker.NpmLicenseCheckerReader;
/**
* A {@link Reader} which reads data produced by the NPM
* License Crawler.
+ *
+ * This reader requires a specific version of license-checker which is not released in the official npm repositories but is only
+ * available via Github. This might result in difficulties in environments which have only limited access to internet resources.
+ * Additionally, developer dependencies cannot be excluded as the --production option seemingly does not work properly.
+ * Use {@link NpmLicenseCheckerReader} instead.
*/
@Component
public class NpmLicenseCrawlerReader extends AbstractReader implements Reader {
@@ -62,7 +68,9 @@ public Set getSupportedTypes() {
@Override
public void readInventory(String type, String sourceUrl, Application application, UsagePattern usagePattern,
String repoType, Map configuration) {
-
+ this.deprecationChecker.check(true,
+ "Use of Reader of type '"+ SUPPORTED_TYPE +"' is deprecated, use 'npm-license-checker' instead. See https://github.com/devonfw/solicitor/issues/125");
+
if (SUPPORTED_TYPE_DEPRECATED.equals(type)) {
this.deprecationChecker.check(true, "Use of type 'npm' is deprecated. Change type in config to '" + SUPPORTED_TYPE
+ "'. See https://github.com/devonfw/solicitor/issues/62");
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 63127628..6ab2d6d9 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -605,75 +605,77 @@ WARNING: The CSV reader currently does not fill the attribute `packageUrl`. Any
=== NPM
-For NPM based projects either the NPM License Crawler (https://www.npmjs.com/package/npm-license-crawler) or the NPM License Checker (https://www.npmjs.com/package/license-checker) might be used. The NPM License Crawler can process several node packages in one run.
+For NPM based projects, the NPM License Checker (https://www.npmjs.com/package/license-checker) plugin can be used. The NPM License Crawler plugin is deprecated.
-==== NPM License Crawler
+==== NPM License Checker
-To install the NPM License Crawler the following command needs to be executed.
+To install the NPM License Checker the following command needs to be executed.
----
-npm i npm-license-crawler -g
+npm i license-checker -g
----
-To get the licenses, the crawler needs to be executed like the following example
+To get the licenses, the checker needs to be executed like the following example. We require JSON output here with "--json" and developer dependencies can/should be excluded with "--production".
----
-npm-license-crawler --dependencies --csv licenses.csv
+license-checker --production --json > /path/to/licenses.json
----
-The export should look like the following (The csv file is "," separated)
+The export should look like the following
[source]
----
-include::files/licenses.csv[]
+include::files/licensesNpmLicenseChecker.json[]
----
-Source: https://www.npmjs.com/package/npm-license-crawler
+Source: https://www.npmjs.com/package/license-checker
In _Solicitor_ the data is read with the following part of the config
----
"readers" : [ {
- "type" : "npm-license-crawler-csv",
- "source" : "file:path/to/licenses.csv",
+ "type" : "npm-license-checker",
+ "source" : "file:path/to/licenses.json",
"usagePattern" : "DYNAMIC_LINKING",
"repoType" : "npm"
} ]
----
-==== NPM License Checker
+==== NPM License Crawler
-To install the NPM License Checker the following command needs to be executed.
+WARNING: This reader is deprecated and should no longer be used. It requires a specific dependency (license-checker) which is not available on official npm repositories anymore and scans additional developer dependencies. Use <> (with --production option) instead. See <>.
+
+To install the NPM License Crawler the following command needs to be executed.
----
-npm i license-checker -g
+npm i npm-license-crawler -g
----
-To get the licenses, the checker needs to be executed like the following example (we require JSON output here)
+To get the licenses, the crawler needs to be executed like the following example
----
-license-checker --json > /path/to/licenses.json
+npm-license-crawler --dependencies --csv licenses.csv
----
-The export should look like the following
+The export should look like the following (The csv file is "," separated)
[source]
----
-include::files/licensesNpmLicenseChecker.json[]
+include::files/licenses.csv[]
----
-Source: https://www.npmjs.com/package/license-checker
+Source: https://www.npmjs.com/package/npm-license-crawler
In _Solicitor_ the data is read with the following part of the config
----
"readers" : [ {
- "type" : "npm-license-checker",
- "source" : "file:path/to/licenses.json",
+ "type" : "npm-license-crawler-csv",
+ "source" : "file:path/to/licenses.csv",
"usagePattern" : "DYNAMIC_LINKING",
"repoType" : "npm"
} ]
@@ -1246,8 +1248,9 @@ wrong/misleading output) the first stage of deprecation will be skipped.
=== List of Deprecated Features
The following features are deprecated via the above mechanism:
+* Reader of type "npm-license-crawler-csv" (use Reader of type "npm-license-checker" instead); Stage 1 from Version 1.4.0 on; see https://github.com/devonfw/solicitor/issues/125
* Reader of type "gradle" (use Reader of type "gradle2" instead); Stage 2 from Version 1.0.5 on; see https://github.com/devonfw/solicitor/issues/58
-* Reader of type "npm" (use type "npm-license-crawler-csv" instead); Stage 1 from Version 1.0.8 on; see https://github.com/devonfw/solicitor/issues/62
+* Reader of type "npm"; Stage 1 from Version 1.0.8 on; see https://github.com/devonfw/solicitor/issues/62
* "REGEX:" prefix notation in rule templates (use "(REGEX)" suffix instead); Stage 1 from Version 1.3.0 on; see https://github.com/devonfw/solicitor/issues/78
* Use of `LicenseAssignmentProject.xls` decision table (use `LicenseAssignmentV2Project.xls` instead); Stage 1 from Version 1.4.0 on
@@ -1486,6 +1489,8 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar >.
* New decision table structure `LicenseAssignmentV2` with additional condition `origin`.
From 02cc175972697eb0767f94c5f97afaa65a855f14 Mon Sep 17 00:00:00 2001
From: pgarus <35223024+pgarus97@users.noreply.github.com>
Date: Mon, 5 Sep 2022 09:55:27 +0200
Subject: [PATCH 006/139] Scancode Release v31 Integration (#128)
* added check for new scancode API in result json for copyright scans
* added changelog for new scancode API integration
Co-authored-by: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
---
.../tools/solicitor/scancode/ScancodeFileAdapter.java | 8 ++++++--
documentation/master-solicitor.asciidoc | 1 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java b/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java
index 791948b5..3db81035 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java
@@ -153,7 +153,11 @@ private ComponentScancodeInfos determineScancodeInformation(String packageUrl) t
+ this.packageURLHandler.pathFor(packageUrl) + "/" + file.get("path").asText(), 100.0);
}
for (JsonNode cr : file.get("copyrights")) {
- componentScancodeInfos.addCopyright(cr.get("value").asText());
+ if(cr.has("copyright")) {
+ componentScancodeInfos.addCopyright(cr.get("copyright").asText());
+ } else {
+ componentScancodeInfos.addCopyright(cr.get("value").asText());
+ }
}
for (JsonNode li : file.get("licenses")) {
@@ -248,7 +252,7 @@ private void applyCurations(String packageUrl, ComponentScancodeInfos componentS
*
* @param packageUrl package url of the package
* @param licenseFilePath the original path or URL
- * @return the adjustes patjh or url as a url
+ * @return the adjusted path or url as a url
*/
private String normalizeLicenseUrl(String packageUrl, String licenseFilePath) {
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 6ab2d6d9..a1bd7361 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1489,6 +1489,7 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar
Date: Mon, 5 Sep 2022 14:03:37 +0200
Subject: [PATCH 007/139] ORT Reader Implementation (#123)
* [WIP] first functionality of OrtReader implemented (can create inventories)
* added id resolution
* added documentation and cleaned code
* added ort reader tests and fixed example json
Co-authored-by: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
---
README.md | 1 +
.../tools/solicitor/reader/ort/OrtReader.java | 108 +++++++++++++++++
.../solicitor/reader/ort/OrtReaderTests.java | 92 +++++++++++++++
core/src/test/resources/analyzer-result.json | 110 ++++++++++++++++++
documentation/files/analyzer-result.json | 110 ++++++++++++++++++
documentation/master-solicitor.asciidoc | 53 ++++++++-
6 files changed, 470 insertions(+), 4 deletions(-)
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
create mode 100644 core/src/test/java/com/devonfw/tools/solicitor/reader/ort/OrtReaderTests.java
create mode 100644 core/src/test/resources/analyzer-result.json
create mode 100644 documentation/files/analyzer-result.json
diff --git a/README.md b/README.md
index 5ec054f4..d85b6254 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,7 @@ for the project. Text or spreadsheet (Excel) based reports might be created to d
* Yarn
* Pip
* CSV (e.g. for manual entry of data)
+ * OSS Review Toolkit - Analyzer (ORT)
* Rules processing (using Drools Rule Engine) controls the the different phases:
* Normalizing / Enhancing of license information
* Handling of multilicensing (including selection of applicable licenses) and re-licensing
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
new file mode 100644
index 00000000..45aea82a
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
@@ -0,0 +1,108 @@
+/**
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.devonfw.tools.solicitor.reader.ort;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.springframework.stereotype.Component;
+
+import com.devonfw.tools.solicitor.common.SolicitorRuntimeException;
+import com.devonfw.tools.solicitor.model.inventory.ApplicationComponent;
+import com.devonfw.tools.solicitor.model.masterdata.Application;
+import com.devonfw.tools.solicitor.model.masterdata.UsagePattern;
+import com.devonfw.tools.solicitor.reader.AbstractReader;
+import com.devonfw.tools.solicitor.reader.Reader;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+
+/**
+ * A {@link Reader} which reads data generated by the ORT-Analyzer component.
+ */
+@Component
+public class OrtReader extends AbstractReader implements Reader {
+
+ /**
+ * The supported type of this {@link Reader}.
+ */
+ public static final String SUPPORTED_TYPE = "ort";
+
+ /** {@inheritDoc} */
+ @Override
+ public Set getSupportedTypes() {
+
+ return Collections.singleton(SUPPORTED_TYPE);
+ }
+
+ /** {@inheritDoc} */
+ @SuppressWarnings("rawtypes")
+ @Override
+ public void readInventory(String type, String sourceUrl, Application application, UsagePattern usagePattern,
+ String repoType, Map configuration) {
+
+ int componentCount = 0;
+ int licenseCount = 0;
+
+ // According to tutorial https://github.com/FasterXML/jackson-databind/
+ ObjectMapper mapper = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT);
+ try {
+ Map l = mapper.readValue(this.inputStreamFactory.createInputStreamFor(sourceUrl), Map.class);
+ Map analyzer = (Map) l.get("analyzer");
+ Map result = (Map) analyzer.get("result");
+ List packages = (List) result.get("packages");
+
+ for (int i = 0; i < packages.size(); i++) {
+ Map iterator = (Map) packages.get(i);
+ Map singlePackage = (Map) iterator.get("package");
+ String id = (String) singlePackage.get("id");
+ Map vcsProcessed = (Map) singlePackage.get("vcs_processed");
+ String repo = (String) vcsProcessed.get("url");
+ String pURL = (String) singlePackage.get("purl");
+
+ String homePage = (String) singlePackage.get("homepage_url");
+ if (homePage == null || homePage.isEmpty()) {
+ homePage = repo;
+ }
+
+ ApplicationComponent appComponent = getModelFactory().newApplicationComponent();
+ appComponent.setApplication(application);
+ componentCount++;
+
+ // resolve id into groupId/artifactId/version/repoType
+ String[] resolvedId = id.split(":");
+ String trueRepoType = resolvedId[0];
+ String groupId = resolvedId[1];
+ String artifactId = resolvedId[2];
+ String version = resolvedId[3];
+
+ appComponent.setGroupId(groupId);
+ appComponent.setArtifactId(artifactId);
+ appComponent.setVersion(version);
+ appComponent.setUsagePattern(usagePattern);
+ appComponent.setOssHomepage(homePage);
+ appComponent.setRepoType(trueRepoType);
+ appComponent.setPackageUrl(pURL);
+
+ // manage multiple declared licenses
+ List lic = (List) singlePackage.get("declared_licenses");
+ if (lic.isEmpty()) {
+ // add empty raw license if no license info attached
+ addRawLicense(appComponent, null, null, sourceUrl);
+ } else {
+ for (Object cl : lic) {
+ licenseCount++;
+ addRawLicense(appComponent, cl.toString(), null, sourceUrl);
+ }
+ }
+ doLogging(sourceUrl, application, componentCount, licenseCount);
+ }
+ } catch (IOException e) {
+ throw new SolicitorRuntimeException("Could not read ort license inventory source '" + sourceUrl + "'", e);
+ }
+ }
+}
diff --git a/core/src/test/java/com/devonfw/tools/solicitor/reader/ort/OrtReaderTests.java b/core/src/test/java/com/devonfw/tools/solicitor/reader/ort/OrtReaderTests.java
new file mode 100644
index 00000000..29179aab
--- /dev/null
+++ b/core/src/test/java/com/devonfw/tools/solicitor/reader/ort/OrtReaderTests.java
@@ -0,0 +1,92 @@
+/**
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package com.devonfw.tools.solicitor.reader.ort;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.List;
+
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.devonfw.tools.solicitor.common.FileInputStreamFactory;
+import com.devonfw.tools.solicitor.model.ModelFactory;
+import com.devonfw.tools.solicitor.model.impl.ModelFactoryImpl;
+import com.devonfw.tools.solicitor.model.inventory.ApplicationComponent;
+import com.devonfw.tools.solicitor.model.masterdata.Application;
+import com.devonfw.tools.solicitor.model.masterdata.UsagePattern;
+
+public class OrtReaderTests {
+ private static final Logger LOG = LoggerFactory.getLogger(OrtReaderTests.class);
+
+ Application application;
+
+ public OrtReaderTests() {
+
+ ModelFactory modelFactory = new ModelFactoryImpl();
+
+ this.application = modelFactory.newApplication("testApp", "0.0.0.TEST", "1.1.2111", "http://bla.com", "Python");
+ OrtReader pr = new OrtReader();
+ pr.setModelFactory(modelFactory);
+ pr.setInputStreamFactory(new FileInputStreamFactory());
+ pr.readInventory("ort", "src/test/resources/analyzer-result.json", this.application, UsagePattern.DYNAMIC_LINKING, "ort",
+ null);
+
+ }
+
+ @Test
+ public void findArtifact() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("testArtifactId") && //
+ ap.getVersion().equals("testVersion")) {
+ found = true;
+ assertEquals("pkg:maven/testGroupId/testArtifactId@testVersion", ap.getPackageUrl());
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
+ @Test
+ public void readFileAndCheckSize() {
+
+ LOG.info(this.application.toString());
+ assertEquals(1, this.application.getApplicationComponents().size());
+ }
+
+ @Test
+ public void testFindLicenseIfSingle() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("testArtifactId") && ap.getRawLicenses().get(0).getDeclaredLicense().equals("Apache License, Version 2.0")) {
+ found = true;
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
+ @Test
+ public void testHomepageWhichIsGiven() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("testArtifactId") && ap.getOssHomepage().equals("https://test.com/test")) {
+ found = true;
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
+}
diff --git a/core/src/test/resources/analyzer-result.json b/core/src/test/resources/analyzer-result.json
new file mode 100644
index 00000000..22a7f571
--- /dev/null
+++ b/core/src/test/resources/analyzer-result.json
@@ -0,0 +1,110 @@
+{
+ "repository" : {
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "config" : { }
+ },
+ "analyzer" : {
+ "start_time" : "testStartTime",
+ "end_time" : "testEndTime",
+ "environment" : {
+ "ort_version" : "23ca00df86",
+ "java_version" : "11.0.15",
+ "os" : "Linux",
+ "processors" : 4,
+ "max_memory" : 1631584256,
+ "variables" : {
+ "JAVA_HOME" : "/opt/java/openjdk",
+ "ANDROID_HOME" : "/opt/android-sdk",
+ "GOPATH" : "/tmp/go"
+ },
+ "tool_versions" : {
+ "NPM" : "8.5.0"
+ }
+ },
+ "config" : {
+ "allow_dynamic_versions" : false
+ },
+ "result" : {
+ "projects" : [ {
+ "id" : "Maven:groupId:artifactId:version",
+ "definition_file_path" : "",
+ "declared_licenses" : [ ],
+ "declared_licenses_processed" : { },
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "homepage_url" : "",
+ "scope_names" : [ "compile" ]
+ }],
+ "packages" : [ {
+ "package" : {
+ "id" : "Maven:testGroupId:testArtifactId:testVersion",
+ "purl" : "pkg:maven/testGroupId/testArtifactId@testVersion",
+ "authors" : [ "testAuthor" ],
+ "declared_licenses" : [ "Apache License, Version 2.0" ],
+ "declared_licenses_processed" : {
+ "spdx_expression" : "Apache-2.0",
+ "mapped" : {
+ "Apache License, Version 2.0" : "Apache-2.0"
+ }
+ },
+ "description" : "testDescription",
+ "homepage_url" : "https://test.com/test",
+ "binary_artifact" : {
+ "url" : "https://repo.maven.apache.org/maven2/testGroupId/testArtifactId/testVersion/testArtifactId-testVersion.jar",
+ "hash" : {
+ "value" : "testHash",
+ "algorithm" : "SHA-1"
+ }
+ },
+ "source_artifact" : {
+ "url" : "https://repo.maven.apache.org/maven2/testGroupId/testArtifactId/testVersion/testArtifactId-testVersion-sources.jar",
+ "hash" : {
+ "value" : "testHash2",
+ "algorithm" : "SHA-1"
+ }
+ },
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "Git",
+ "url" : "https://github.com/testproject.git",
+ "revision" : "",
+ "path" : "testproject"
+ }
+ },
+ "curations" : [ ]
+ } ],
+ "issues" : {},
+ "dependency_graphs" : {},
+ "has_issues" : true
+ }
+ },
+ "scanner" : null,
+ "advisor" : null,
+ "evaluator" : null
+}
\ No newline at end of file
diff --git a/documentation/files/analyzer-result.json b/documentation/files/analyzer-result.json
new file mode 100644
index 00000000..22a7f571
--- /dev/null
+++ b/documentation/files/analyzer-result.json
@@ -0,0 +1,110 @@
+{
+ "repository" : {
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "config" : { }
+ },
+ "analyzer" : {
+ "start_time" : "testStartTime",
+ "end_time" : "testEndTime",
+ "environment" : {
+ "ort_version" : "23ca00df86",
+ "java_version" : "11.0.15",
+ "os" : "Linux",
+ "processors" : 4,
+ "max_memory" : 1631584256,
+ "variables" : {
+ "JAVA_HOME" : "/opt/java/openjdk",
+ "ANDROID_HOME" : "/opt/android-sdk",
+ "GOPATH" : "/tmp/go"
+ },
+ "tool_versions" : {
+ "NPM" : "8.5.0"
+ }
+ },
+ "config" : {
+ "allow_dynamic_versions" : false
+ },
+ "result" : {
+ "projects" : [ {
+ "id" : "Maven:groupId:artifactId:version",
+ "definition_file_path" : "",
+ "declared_licenses" : [ ],
+ "declared_licenses_processed" : { },
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "homepage_url" : "",
+ "scope_names" : [ "compile" ]
+ }],
+ "packages" : [ {
+ "package" : {
+ "id" : "Maven:testGroupId:testArtifactId:testVersion",
+ "purl" : "pkg:maven/testGroupId/testArtifactId@testVersion",
+ "authors" : [ "testAuthor" ],
+ "declared_licenses" : [ "Apache License, Version 2.0" ],
+ "declared_licenses_processed" : {
+ "spdx_expression" : "Apache-2.0",
+ "mapped" : {
+ "Apache License, Version 2.0" : "Apache-2.0"
+ }
+ },
+ "description" : "testDescription",
+ "homepage_url" : "https://test.com/test",
+ "binary_artifact" : {
+ "url" : "https://repo.maven.apache.org/maven2/testGroupId/testArtifactId/testVersion/testArtifactId-testVersion.jar",
+ "hash" : {
+ "value" : "testHash",
+ "algorithm" : "SHA-1"
+ }
+ },
+ "source_artifact" : {
+ "url" : "https://repo.maven.apache.org/maven2/testGroupId/testArtifactId/testVersion/testArtifactId-testVersion-sources.jar",
+ "hash" : {
+ "value" : "testHash2",
+ "algorithm" : "SHA-1"
+ }
+ },
+ "vcs" : {
+ "type" : "",
+ "url" : "",
+ "revision" : "",
+ "path" : ""
+ },
+ "vcs_processed" : {
+ "type" : "Git",
+ "url" : "https://github.com/testproject.git",
+ "revision" : "",
+ "path" : "testproject"
+ }
+ },
+ "curations" : [ ]
+ } ],
+ "issues" : {},
+ "dependency_graphs" : {},
+ "has_issues" : true
+ }
+ },
+ "scanner" : null,
+ "advisor" : null,
+ "evaluator" : null
+}
\ No newline at end of file
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index a1bd7361..1ff67838 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -344,7 +344,7 @@ Within this section the different applications (=deliverables) of the engagement
<6> the type of reader; for possible values see <>
<7> location of the source file to read (ResourceLoader-URL)
<8> usage pattern; possible values: DYNAMIC_LINKING, STATIC_LINKING, STANDALONE_PRODUCT
-<9> repoType: Repository to download the sources from: currently possible values: maven, npm; if omitted then "maven" will be taken as default
+<9> repoType: Repository to download the sources from: currently possible values: maven, npm, pip, yarn, ort; if omitted then "maven" will be taken as default
<10> _placeholder patterns might be used here_
@@ -601,7 +601,7 @@ These configurations may also be used to overwrite options of a https://commons.
Important: In case that a component has multiple licenses attached, there needs to be a separate
line in the csv file for each license.
-WARNING: The CSV reader currently does not fill the attribute `packageUrl`. Any functionality/reporting based on this attribute will be disfunctional for data read bythe CSV reader.
+WARNING: The CSV reader currently does not fill the attribute `packageUrl`. Any functionality/reporting based on this attribute will be disfunctional for data read by the CSV reader.
=== NPM
@@ -683,7 +683,7 @@ In _Solicitor_ the data is read with the following part of the config
=== Yarn
-To generate the input file required for Solicitor yarn needs to be executed with the following command within the directory that contains the project's package.json (we require JSON output here):
+To generate the input file required for Solicitor, yarn needs to be executed with the following command within the directory that contains the project's package.json (we require JSON output here):
----
yarn licenses list --json > /path/to/yarnlicenses.json
@@ -712,7 +712,7 @@ In _Solicitor_ the data is read with the following part of the config
=== Pip
-To generate the input file required for Solicitor one has follow two steps:
+To generate the input file required for Solicitor, one has to follow two steps:
* Capsulate software with all relevant dependencies/requirements in a virtual environment (venv)
* Install the pip-licenses plugin within this virtual environment
@@ -743,6 +743,50 @@ In _Solicitor_ the data is read with the following part of the config
} ]
----
+=== OSS Review Toolkit (ORT)
+
+In order to use the https://github.com/oss-review-toolkit/ort#analyzer[analyzer library of ORT], one must first install the software and run it to generate the result file.
+The detailed way on installing ORT can be found https://github.com/oss-review-toolkit/ort#installation[here] and a tutorial on how to run the analyzer library can be found https://github.com/oss-review-toolkit/ort/blob/main/docs/getting-started.md#4-run-the-analyzer-on-mime-types[here].
+
+Usually, the command to run the analyzer and get extract the result file from a project looks like this:
+----
+docker run -v C:\\path\\to\\project/:/project ort --info analyze -f JSON -i /project -o /project/ort/analyzer
+----
+
+Note that this command only works for the installation via https://www.docker.com/[Docker] and that we require JSON as the output format. For other installation methods, you need to adjust the command accordingly.
+
+It might also be necessary to set up a customized configuration for the analyzer. This can be achieved through a configuration file. The default path for that is the .ort/config/ directory below the current user's home directory. We can place a ort.conf file there, in which we can declare various configurations e.g. allowing dynamic versions in npm components via
+----
+analyzer {
+ allowDynamicVersions = true
+}
+----
+
+Further information about the configuration file can be found https://github.com/oss-review-toolkit/ort#configuration[here].
+
+The result file should look like the following
+
+[source]
+----
+include::files/analyzer-result.json[]
+
+----
+
+Source: https://github.com/oss-review-toolkit/ort#analyzer
+
+In _Solicitor_ the data is read with the following part of the config
+
+----
+"readers" : [ {
+ "type" : "ort",
+ "source" : "file:path/to/analyzer-result.json",
+ "usagePattern" : "DYNAMIC_LINKING",
+ "repoType" : "ort"
+} ]
+----
+
+WARNING: The ORT reader currently does not yet fill the attribute `licenseUrl`. Any functionality/reporting based on this attribute will be disfunctional for data read by the ORT reader.
+
=== Gradle (Windows)
For the export of the licenses from a Gradle based project the Gradle License Plugin is used.
@@ -1489,6 +1533,7 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar >.
* Added support for API changes of new scancode release (v31) https://github.com/nexB/scancode-toolkit/releases/tag/v31.0.1.
* https://github.com/devonfw/solicitor/issues/124: Added documentation of '--production' option for npm-license-checker plugin.
* https://github.com/devonfw/solicitor/issues/125: Deprecated usage of npm-license-crawler.
From e0fc84c567ceca875ccb2eaab951dff9571a6612 Mon Sep 17 00:00:00 2001
From: malkam <108339027+mahmoudAlkam@users.noreply.github.com>
Date: Thu, 27 Oct 2022 17:11:18 +0200
Subject: [PATCH 008/139] Update master-solicitor.asciidoc (#132)
Adapt NPM reader (Static Linking instead of Dynamic Linking )
---
documentation/master-solicitor.asciidoc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 1ff67838..056a44cb 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -638,7 +638,7 @@ In _Solicitor_ the data is read with the following part of the config
"readers" : [ {
"type" : "npm-license-checker",
"source" : "file:path/to/licenses.json",
- "usagePattern" : "DYNAMIC_LINKING",
+ "usagePattern" : "STATIC_LINKING",
"repoType" : "npm"
} ]
----
@@ -676,7 +676,7 @@ In _Solicitor_ the data is read with the following part of the config
"readers" : [ {
"type" : "npm-license-crawler-csv",
"source" : "file:path/to/licenses.csv",
- "usagePattern" : "DYNAMIC_LINKING",
+ "usagePattern" : "STATIC_LINKING",
"repoType" : "npm"
} ]
----
From 3d3fa1274a1cb9026e3885f5fbe3ff8b9fb23ccd Mon Sep 17 00:00:00 2001
From: pgarus <35223024+pgarus97@users.noreply.github.com>
Date: Thu, 27 Oct 2022 17:13:08 +0200
Subject: [PATCH 009/139] Fixed bug in which guessedLicenseUrl and
guessedLicenseUrlAuditInfo were not filled correctly in aggregated inventory
(#133)
---
.../sql/normalizedlicenses_aggregated_applications.sql | 6 ++++++
documentation/master-solicitor.asciidoc | 1 +
2 files changed, 7 insertions(+)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql b/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
index 8f77e968..8f6a0da8 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
@@ -27,6 +27,8 @@ select
"effectiveNormalizedLicenseType",
"effectiveNormalizedLicense",
"effectiveNormalizedLicenseUrl",
+ "guessedLicenseUrl",
+ "guessedLicenseUrlAuditInfo",
"legalPreApproved",
"copyLeft",
"licenseCompliance",
@@ -58,6 +60,8 @@ from (
l."effectiveNormalizedLicenseType",
l."effectiveNormalizedLicense",
l."effectiveNormalizedLicenseUrl",
+ l."guessedLicenseUrl",
+ l."guessedLicenseUrlAuditInfo",
l."legalPreApproved",
l."copyLeft",
l."licenseCompliance",
@@ -91,6 +95,8 @@ from (
"effectiveNormalizedLicenseType",
"effectiveNormalizedLicense",
"effectiveNormalizedLicenseUrl",
+ "guessedLicenseUrl",
+ "guessedLicenseUrlAuditInfo",
"legalPreApproved",
"copyLeft",
"licenseCompliance",
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 056a44cb..a9c1fe07 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1533,6 +1533,7 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar >.
* Added support for API changes of new scancode release (v31) https://github.com/nexB/scancode-toolkit/releases/tag/v31.0.1.
* https://github.com/devonfw/solicitor/issues/124: Added documentation of '--production' option for npm-license-checker plugin.
From d420d81a5832c6002cc42e50e512106dcbbd11e8 Mon Sep 17 00:00:00 2001
From: pgarus <35223024+pgarus97@users.noreply.github.com>
Date: Thu, 27 Oct 2022 17:19:02 +0200
Subject: [PATCH 010/139] Spellcheck Extension: Support for run-together word
formats like camel case (Issue #129) (#134)
* added camelcase support in spellcheck and fixed first batch of spelling errors
* increased run together words limit to 4
* decreased minimal word length to 2
* added project specific words to dictionary file
* increased run-together word limit to 5, added changelog and final dictionary fix
Co-authored-by: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
---
.spellcheck.yml | 3 ++
documentation/master-solicitor.asciidoc | 69 +++++++++++++------------
solicitor.dict | 39 +++++++++++---
3 files changed, 71 insertions(+), 40 deletions(-)
diff --git a/.spellcheck.yml b/.spellcheck.yml
index 4b283463..a7a60359 100644
--- a/.spellcheck.yml
+++ b/.spellcheck.yml
@@ -3,6 +3,9 @@ matrix:
aspell:
lang: en
d: en_US
+ run-together: true
+ run-together-limit: 5
+ run-together-min: 2
sources:
- documentation/*.asciidoc
dictionary:
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index a9c1fe07..51072022 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -11,7 +11,7 @@
SPDX-License-Identifier: Apache-2.0
== Introduction
-Todays software projects often make use of large amounts of Open Source software. Being
+Today's software projects often make use of large amounts of Open Source software. Being
compliant with the license obligations of the used software components is a prerequisite for every such project. This results in different requirements that the project might need to fulfill. Those requirements can be grouped into two main categories:
* Things that need to be done to actually fulfill license obligations
@@ -26,14 +26,14 @@ While working on these easy looking tasks, they might get complex due to various
* The number of open source components might be quite large (>> 100 for a typical webapplication based on state of the art programming frameworks)
* Agile development and rapid changes of used components result in frequent changes of the inventory
-* Open Source usage scenarios and license obligations might be OK in one context (e.g. in the relation between a software developer and his client) but might be completely inacceptable in another context (e.g. when the client distributes the same software to end customers)
-* Legal interpretation of license conditions often differ from organisation to organisation and result in different compliance rules to be respected.
+* Open Source usage scenarios and license obligations might be OK in one context (e.g. in the relation between a software developer and his client) but might be completely unacceptable in another context (e.g. when the client distributes the same software to end customers)
+* Legal interpretation of license conditions often differ from organization to organization and result in different compliance rules to be respected.
* License information for components is often not available in a standardized form which would allow automatic processing
* Tools for supporting the license management processes are often specific to a technology or build tool and do not support all aspects of OSS license management.
Of course there are specific commercial tool suites which address the IP rights and license domain. But due to high complexity and license costs those tools are out of reach for most projects - at least for permanent use.
-_Solicitor_ tries to address some of the issues hightlighted above. In its initial version it is a tool for programmatically executing a process which was originally defined as an Excel-supported manual process.
+_Solicitor_ tries to address some of the issues highlighted above. In its initial version it is a tool for programmatically executing a process which was originally defined as an Excel-supported manual process.
When running _Solicitor_ three subsequent processing steps are executed:
@@ -67,7 +67,7 @@ In the _normalization_ step the license information is completed and unified.
Information not contained in the raw data is added.
Where possible the applicable licenses are expressed by https://spdx.org/[SPDX-IDs].
-Many open source compontents are available via multi licensing models.
+Many open source components are available via multi licensing models.
Within _qualification_ the finally applicable licenses are selected.
In the _legal assessment_ the compliance of applicable licenses will be checked based on generic rules defined in company wide policies and possibly project specific project specific extensions.
@@ -82,7 +82,7 @@ image:solution.png[width=100%,scaledwidth=100%]
There are three major technical components: The _reader_ and _writer_ components are performing import and export of data. The business logic - doing _normalization_, _qualification_ and _legal assessment_ is done by a _rule engine_. Rules are mainly defined via _decision tables_. _Solicitor_ comes with a starting set of rules for _normalization_ and _qualification_ but these rulesets need to be extended within the projects. Rules for legal evaluation need to be completely defined by the user.
-_Solicitor_ is working without additional persisted data: When being executed it generates the output direcly from the read input data after processing the business rules.
+_Solicitor_ is working without additional persisted data: When being executed it generates the output directly from the read input data after processing the business rules.
=== Data Model
@@ -121,7 +121,7 @@ The internal business data model consists of 6 entities:
| engagementType | EngagementType | the engagement type; possible values: INTERN, EXTERN
| clientName | String | name of the client
| goToMarketModel | GoToMarketModel | the go-to-market-model; possible values: LICENSE
-| contractAllowsOss | boolean | does the contract explicitely allow OSS?
+| contractAllowsOss | boolean | does the contract explicitly allow OSS?
| ossPolicyFollowed | boolean | is the companies OSS policy followed?
| customerProvidesOss | boolean | does the customer provide the OSS?
|===
@@ -242,13 +242,13 @@ To get an overview of the available command line options use
[listing]
java -jar solicitor.jar -h
-.Adressing of resources
+.Addressing of resources
****
-For unique adressing of resources *to be read* (configuration files, input data, rule templates and decision tables) _Solicitor_ makes use of the Spring ResourceLoader functionality, see https://docs.spring.io/spring-framework/docs/current/spring-framework-reference/core.html#resources-resourceloader . This allows to load from the classpath, the filesystem or even via http get.
+For unique addressing of resources *to be read* (configuration files, input data, rule templates and decision tables) _Solicitor_ makes use of the Spring ResourceLoader functionality, see https://docs.spring.io/spring-framework/docs/current/spring-framework-reference/core.html#resources-resourceloader . This allows to load from the classpath, the filesystem or even via http get.
If you want to reference a file in the filesystem you need to write it as follows: `file:path/to/file.txt`
-Note that this only applies to resources being read. Output files are adressed without that prefix.
+Note that this only applies to resources being read. Output files are addressed without that prefix.
****
=== Project Configuration File
@@ -286,7 +286,7 @@ should be given relative to the location of the configuration file this might be
using the special placeholder `${cfgdir}` as described in the following.
==== Placeholders within the configuration file
-Within certain parts of the configuration file (path and filenames) special placeholders might be used to parameterize the configuration. These areas are explicitely marked in the following
+Within certain parts of the configuration file (path and filenames) special placeholders might be used to parameterize the configuration. These areas are explicitly marked in the following
description.
These placeholders are available:
@@ -315,12 +315,12 @@ The leading section of the config file defines some metadata and the engagement
<4> the engagement type; possible values: INTERN, EXTERN
<5> name of the client (any string)
<6> the go-to-market-model; possible values: LICENSE
-<7> does the contract explicitely allow OSS? (boolean)
+<7> does the contract explicitly allow OSS? (boolean)
<8> is the companies OSS policy followed? (boolean)
<9> does the customer provide the OSS? (boolean)
==== Applications
-Within this section the different applications (=deliverables) of the engagement are defined. Furtheron for each application at least one reader needs to be defined which imports the component and license information.
+Within this section the different applications (=deliverables) of the engagement are defined. Furthermore, for each application at least one reader needs to be defined which imports the component and license information.
[listing]
"applications" : [ {
@@ -375,7 +375,7 @@ They are defined as a sequence of rule templates and corresponding XLS (or CSV)
"ruleSource" : "classpath:samples/LegalEvaluationSample.xls",
"templateSource" : "classpath:com/.../rules/rule_templates/LegalEvaluation.drt",
"ruleGroup" : "LegalEvaluation",
- "decription" : "final legal evaluation based on the rules defined by legal"
+ "description" : "final legal evaluation based on the rules defined by legal"
} ],
<1> type of the rule; only possible value: `dt` which stands for "decision table"
@@ -383,7 +383,7 @@ They are defined as a sequence of rule templates and corresponding XLS (or CSV)
data (given by `ruleSource`) does not exist; if set to `false` a missing XLS/CSV table will result
in program termination
<3> location of the tabular decision table data. This might either point directly to the XLS or CSV file
-or only give the resource name without suffix. In this case _Solictor_ will dynamically test for existing
+or only give the resource name without suffix. In this case _Solicitor_ will dynamically test for existing
resources by appending suffixes _xls_ and _csv_.
<4> location of the drools rule template to be used to define the rules together with the decision table data
<5> id of the group of rules; used to reference it e.g. when doing logging
@@ -449,7 +449,7 @@ To simplify setting up a new project _Solicitor_ provides an option to create a
java -jar solicitor.jar -wiz some/directory/path
Besides the necessary configuration file this includes also empty XLS or CSV files for defining project
-specific rules which amend the builtin rules. Furtheron a sample `license.xml` file is provided to
+specific rules which amend the builtin rules. Furthermore, a sample `license.xml` file is provided to
directly enable execution of solicitor and check functionality.
This configuration then serves as starting point for project specific configuration.
@@ -917,7 +917,7 @@ is defined by the sequence of declaration in the config file. Processing of the
be finished when there are no more rules to fire in that group. Processing of the next group will then start. Rule groups which have been finished processing will not be resumed even if rules within that group might have been activated again due to changes of the facts.
=== Extended comparison syntax
-By default any condtions given in the fields of decision tables are simple textual comparisons: The condition
+By default any conditions given in the fields of decision tables are simple textual comparisons: The condition
is true if the property of the model is identical to the given value in the XLS (or CSV) sheet.
Depending on the configuration of the rule templates for some fields, an extended syntax might be available. For those fields the following syntax applies:
@@ -940,8 +940,8 @@ In this phase the license data imported via the readers is cleaned and normalize
The phase itself consists of two decision tables / rule groups:
-==== Decision Table: Explicitely setting Licenses
-With this decision table is is possible to explicitely assign NormalizedLicenses to components. This will be used if the imported RawLicense data is either incomplete or incorrect. Items which have been processed by rules of this group will not be reprocessed by the next rule group.
+==== Decision Table: Explicitly setting Licenses
+With this decision table is is possible to explicitly assign NormalizedLicenses to components. This will be used if the imported RawLicense data is either incomplete or incorrect. Items which have been processed by rules of this group will not be reprocessed by the next rule group.
Decision table data: `LicenseAssignmentV2*.xls/csv`
@@ -950,7 +950,7 @@ Decision table data: `LicenseAssignmentV2*.xls/csv`
** `Engagement.engagementName`
** `Application.applicationName`
** `ApplicationComponent.groupId` icon:magic[]
-** `ApplicationCompomnent.artifactId` icon:magic[]
+** `ApplicationComponent.artifactId` icon:magic[]
** `ApplicationComponent.version` icon:magic[]
** `RawLicense.origin` icon:magic[] (new with "V2" version of rules)
** `RawLicense.declaredLicense` icon:magic[]
@@ -993,7 +993,7 @@ Within this phase the actually applicable licenses will be selected for each com
This phase consists of two decision tables.
==== Choosing specific License in case of Multi-Licensing
-This group of rules has the speciality that it might match to a group of NormalizedLicenses associated to an ApplicationComponent. In case that multiple licenses are associated to an ApplicationComponent one of them might be selected as "effective" license and the others might be marked as `Ignored`.
+This group of rules has the specialty that it might match to a group of NormalizedLicenses associated to an ApplicationComponent. In case that multiple licenses are associated to an ApplicationComponent one of them might be selected as "effective" license and the others might be marked as `Ignored`.
Decision table data: `MultiLicenseSelection*.xls/csv`
@@ -1036,10 +1036,10 @@ icon:magic[]: On these fields the <> might be used
=== Phase 3: Legal evaluation
-The third phase ist the legal evaluation of the licenses and the check, whether OSS usage is according to defined legal policies. Again this phase comprises two decision tables.
+The third phase is the legal evaluation of the licenses and the check, whether OSS usage is according to defined legal policies. Again this phase comprises two decision tables.
==== Pre-Evaluation based on common rules
-Within the pre evaluation the license info is checked against standard OSS usage policies. This roughly qualifies the usage and might already determine licenses which are OK in any case or which need to be further evaluated. Furtheron they qualify whether the license text or source code needs to be included in the distribution. The rules in this decision table are only based on the `effectiveNormalizedLicense` and do not consider any project, application of component information.
+Within the pre evaluation the license info is checked against standard OSS usage policies. This roughly qualifies the usage and might already determine licenses which are OK in any case or which need to be further evaluated. Furthermore, they qualify whether the license text or source code needs to be included in the distribution. The rules in this decision table are only based on the `effectiveNormalizedLicense` and do not consider any project, application of component information.
Decision table data: `LegalPreEvaluation*.xls/csv`
@@ -1088,7 +1088,7 @@ groups to be processed in sequence. When using the builtin default base configur
To use your own rule data there are three approaches:
* Include your own `rules` section in the project configuration file (so not inheriting from the builtin base configuration file) and reference your own decision tables there.
-* Create your own "Solicitor Extension" which might completely redefine/replace the buitin `Solicitor` setup including all decision tables and the base configuration file. See <> for details.
+* Create your own "Solicitor Extension" which might completely redefine/replace the builtin `Solicitor` setup including all decision tables and the base configuration file. See <> for details.
* Make use of the optional project specific decision tables which are defined in the default base configuration: For every builtin decision table there is an optional external decision table (expected in the filesystem) which will be checked for existence. If such external decision table exists it will be processed first - before processing the builtin decision table. Thus is it possible to amend / override the builtin rules by project specific rules. When you create the starter configuration of your project as described in <>, those project specific decision tables are automatically created.
== Reporting and Creating output documents
@@ -1127,14 +1127,14 @@ is done:
* a `rowCount` column is added to the result which gives the position of the entry in the result set (starting with 1).
* Columns named `ID_` are replaced with columns named `OBJ_`. The fields of those columns are filled with the corresponding original model objects (java objects).
-WARNING: The result table column `OBJ_` gives access to the native Solicitor data model (java objects), e.g. in the Velocity writer. As this breaks the decoupling done via the SQL database using this feature is explicitely discouraged. It should only be used with high caution and in exceptional situations. The feature might be discontinued in future versions without prior notice.
+WARNING: The result table column `OBJ_` gives access to the native Solicitor data model (java objects), e.g. in the Velocity writer. As this breaks the decoupling done via the SQL database using this feature is explicitly discouraged. It should only be used with high caution and in exceptional situations. The feature might be discontinued in future versions without prior notice.
=== Determining difference to previously stored model
When using the command line option `-d` _Solicitor_ can determine difference information between two different data models (e.g. the difference between the licenses of the current release and a former release.) The difference is calculated on the result of the above described SQL statements:
* First the internal reporting database is created for the current data model and all defined SQL statements are executed
-* Then the internal database is recreated for the "old" data model and all defined SQL stements are executed again
+* Then the internal database is recreated for the "old" data model and all defined SQL statements are executed again
* Finally for each defined result table the difference between the current result and the "old" result
is calculated
@@ -1148,7 +1148,7 @@ The correlation algorithm will first try to match rows using `CORR_KEY_0`. It wi
* there are no unmatched "new" rows OR
* there are no unmatched "old" rows
-The result of the correlation / difference calulation is stored in the reporting table data structure. For each row the status is accessible if
+The result of the correlation / difference calculation is stored in the reporting table data structure. For each row the status is accessible if
* The row is "new" (did not exist in the old data)
* The row is unchanged (no changes in the field values representing the properties of the _Solicitor_ data model)
@@ -1159,7 +1159,7 @@ For each field of "changed" or "unchanged" rows the following status is availabl
* Field is "changed"
* Field is "unchanged"
-For each field of such rows it is furtheron possible to access the new and the old field value.
+For each field of such rows it is further on possible to access the new and the old field value.
=== Sample SQL statement
@@ -1175,7 +1175,7 @@ NOTE: Above example also shows how the case sensitive column names have to be ha
=== Writers
-The above dscribed SQL processing is identical for all Writers. Writers only differ in the
+The above described SQL processing is identical for all Writers. Writers only differ in the
way how the output document is created based on a template and the reporting table data
obtained by the SQL transformation.
@@ -1188,7 +1188,7 @@ directly put to the into Velocity Context.
For further information see the
* Velocity Documentation
-* The _Solicitor_ JavaDoc (which also includes datails on how to access the diff information for rows and fields of reporting data tables)
+* The _Solicitor_ JavaDoc (which also includes details on how to access the diff information for rows and fields of reporting data tables)
* The samples included in _Solicitor_
==== Excel Writer
@@ -1206,7 +1206,7 @@ reporting data tables as defined in the Writer configuration like e.g.:
Whenever such a string is found in a cell this indicates that this row is a template row. For each entry in the respective resporting data table a copy of this row is created and the attribute replacement will be done with the data from that reporting table. (The pattern `\#...#` will be removed when copying.)
===== Attribute replacement
-Within each row which was copied in the previous step the templating logic searches for the string pattern `$someAttributeName$` where `someAttributeName` corresponds to the column names of the reporting table. Any such occurence is replaced with the corresponding data value.
+Within each row which was copied in the previous step the templating logic searches for the string pattern `$someAttributeName$` where `someAttributeName` corresponds to the column names of the reporting table. Any such occurrence is replaced with the corresponding data value.
===== Representation of Diff Information
In case that a difference processing (new vs. old model data) was done this will be represented
@@ -1311,7 +1311,7 @@ The general workflow when integrating with ScanCode consists of the following 3
. Execute _Solicitor_ in a "classic" way i.e. just based on the data provided via the Readers as described in
<>. Besides the normal reports/documents generated this will also
create scripts for downloading the needed OSS source codes and run Scancode.
-. Download source codes and run ScanCode by executing the generated scripts. The downloadad sources and ScanCode results will be saved to a directory tree in the local filesytem.
+. Download source codes and run ScanCode by executing the generated scripts. The downloaded sources and ScanCode results will be saved to a directory tree in the local filesystem.
. Execute _Solicitor_ a second time. For all ApplicationComponents where ScanCode information is available
(stored in the local directory tree) the license data as obtained from the Readers is replaced by this information. The data model is enriched with the found copyright and notice file information. Reports (see <>) are now based on the ScanCode data (where available).
@@ -1396,7 +1396,7 @@ artifacts:
<5> URL pointing to license text.
<6> Copyrights to set. Optional. If defined then all found copyrights will be replaced by the list of copyrights given here.
<7> A single copyright.
-<8> Another copyright. Note that due to YAML syntax any string containing `:` needs to be enclosed with parantheses
+<8> Another copyright. Note that due to YAML syntax any string containing `:` needs to be enclosed with parentheses
<9> Further packages to follow.
==== Decision table rules
@@ -1487,7 +1487,7 @@ The template is part of the <> and requires S
== Extending Solicitor
`Solicitor` comes with a sample rule data set and sample reporting templates. In general it will
be required to correct, supplement and extend this data sets and templates. This can be done straightforward
-by creating copies of the appropriate resources (rule data XLS/CSV and template files), adopting them and furtheron referencing those copies instead of the original resources from the project configuration file.
+by creating copies of the appropriate resources (rule data XLS/CSV and template files), adopting them and further on referencing those copies instead of the original resources from the project configuration file.
Even though this approach is possible it will result in hard to maintain configurations,
especially in the case of multiple projects using `Solicitor` in parallel.
@@ -1533,6 +1533,7 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar >.
* Added support for API changes of new scancode release (v31) https://github.com/nexB/scancode-toolkit/releases/tag/v31.0.1.
diff --git a/solicitor.dict b/solicitor.dict
index f209a4c5..5df7788b 100644
--- a/solicitor.dict
+++ b/solicitor.dict
@@ -1,9 +1,36 @@
-guessedLicenseContent
-guessedLicenseUrl
-guessedLicenseUrlAuditInfo
-infos
-licenseurls
scancode
-ScancodeDownloadScript
SOLI
vm
+Capsulate
+Dloader
+Dpropertyname
+Dsome
+RHS
+Unlicense
+WTFPL
+Zlib
+Zope
+cfgdir
+conf
+deliverables
+drt
+dt
+ec
+eug
+fas
+gradle
+http
+licenseRefUrl
+licenseToIgnoreN
+licenseurls
+linux
+natively
+nd
+ort
+oss
+sql
+url
+urls
+velo
+venv
+zA
\ No newline at end of file
From 2ca6caece0b001e5dfeb67642181f9245191b41a Mon Sep 17 00:00:00 2001
From: duph97
Date: Tue, 1 Nov 2022 16:52:28 +0100
Subject: [PATCH 011/139] added LicenseNameMapping rules (#126)
* added LicenseNameMapping rules.
* deleted redundant bouncy castle rule
---
.../rules/LicenseNameMappingSample.xls | Bin 77312 -> 77824 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls b/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls
index e8789b0671b5e1da506e5d9bbf1209461ddfab02..ac99dcb1df9b179fe0ca5581bda71cc8ec26347f 100644
GIT binary patch
delta 14014
zcmaKz30Razn#bz{L`1*?ltxe*6>wAp1y4}g8$}Mq`{WRhh~g2icyxQ4s8J}TjTact
zcxxMPq0KRwHJQm~XE(`g4#^}tGnq`1apu|CnLLwm-=n&^Yxa3op0B&BzW4vDf4x=p
zebpc6`ZUDV9C9rrsMUTU#6O-rdv?GR88j`Z!|^kreaBz_*!tt0=G5qKKemG5w2I+^
zB0E!|?-~;{(ZKvuny1fvyxf<&?hQ)}D
zVX91TB_e6eyW2eTJN+V}Lyp*FoWtgWy+WXM%;fTnhG!xKKFku`H--Ik{KWqg
zFRm5;Kk<`%@i9JrV7zB`YS;EL>*hib^n7wzc~#}A9U@A+(@xe7KGJ;1W57f
za#Wsogmg4seo|3rCa?(;aZM5u*QaINAy^e*_%ugg7!1j`l*#9VN2G+-Mb-R9#{lN7ti$RIZ=yR<)=1!piO;;SLch5AFHddfVgNTN5;{
zSZoLVj{^DwYXaw~uM`BOnYt7Vr4_mq0wqYX(zOti#Ot0J`#S_#S7migY@3zplm#my
zPh6FUYKB@X2oc_IPsE9l$oF{kw~bg
z*Kg=`;K9teH4tkBg^Jd&9P`LnYbMHV2m8hsh@YwR5&C?DI{*Gb`
zzb-YhKSj1DXj|#5iv?fqx|9_ALOKymCr&6tv_?cL#Furc$=xY3h9Y6+k}teYabjXr
zWV$;wxhq9>ph%eW6xl&Xc2JQU+`W<$D6%6(!m6RjjykfVihS3d8fmABi!NH&g@v-$k+}Hr)bB)Y(N#e$CX)NZa^4XbV9(kk-v=cRq7!yH
zQK5i#4YVuZp5rMgVhDvMQRqAsnxsRMROm;?Q?kTh3hhdvJ5^{`9op6CUsvj1h3tF6
zmgTLavF=7f9P4f*x&jC;1zvHwDdDCQwiGXSusaElsusKJ7P~8R_fN#d^Q=sU7@U>4
z?<3dQdfFhv7X6tDzB?R@n~rO)Jyhs7^}g}@3B;hyp=9$XqzjRW4QO*<0}RS=I?6|D
zJ1DXjMV6|_UOKXuihREzCCA0k-V|D{LVN4b-W&?`I3~Sm6yWA88pRJ*Z_ktFAFU2)
zPz2j9ZZnNQWwPj0>@44MOVcu3+-Z7=^kJo=lHB$o<#njTs6N_4AHzZ)X30mVY*`|Q
zW>7i_(O)`=-U9@e0%uUV5=Nemn=^uR8CsV?x}PguhS6Y#Hjm5nrNW9$jg?AjW
zGU@otQTb0`uv
zy3|CDj?6Kd$e||uQNDb`Mw;?HhFTp;tT8h2y#KyB)KCu96KxnP#aL1fBjsAC!;uTcy4-O4p!xdi)2j1pn;`}3WX9YGTW{uHaj
zU-H$$IZxl$_69k`IO>Ljx-nU`>d>t^j8+}gD(>9zlIg&?<{5tSZ&o&Z{lIKC^Sx&{
zzzW6h6>K=biYPn70am2<-NOMkUQCpIuh_C&dE{aQxhPS>5!%HF!^H@8AvayIIRy(x
zl5mm|j?}`DhH#{|kEtDr_UX!pvklz4ctl4L3p
zakXM-fetNDq4zO#JcSlgC|)Qqv`~i@a;T@}jrgEQrWR4?dYOJRcCfFbMY^MnV5NvU
zItCuU;AI^j2SI0Dyljg}y-qrB`tQ=kT8)ht>w(0nifLkt_@z2e_>wtMTb#%iAr8|p
zky-NTO;~C?GLuO70t6s_k`_)fgp&*tlk`~O+6EKNyj?CK7B*BuoL{PDOAJ;Cv7A1y
zB^rj8E9?=&CTrMag8jRKO*UYY4P%ovYl>nO(*RB(mJ8~zlT(n#(|n2nn?kUSGU=8r
z%fZU2q}-yEQ+0Z#8p5ecxD%IU1sQNC-;45+~gRY)#okc&++@veVD%`lWRbjt9F4W^&{&m`q$#h2=FcaD9Y!Yr%!r59l+Yrt++|SnT=YS5}d&?a-
z#B+#+GjR@a{sYc(DeyWyhgb!^Cg*6_T!x8Bl*G9NOIOC`YGZQ^V{-|1Mn1Y1m&v+$
zq=UzpH0$PR-8@4#Pw67>cW%cwcK_|Y*pq$#Mo?BWf2k}b-Z8~1)x1)JSE_hPjj#vi
zNnA$4o=RAzg=L1YObM5Q&^3{IUQR;%5`{@E*TQl`SgwQ*8*MXP++qa@@k=8LE3~k}
z5LU2INBQmm^PvW3BAb{`tX?v`$-kMKZz$*Mfx|5}C>^YHCXMWx}Q(qL6;
z7Vg1uMlovvvUF)
z?4-2Zf&ExSJY+2*)&a#@WEfc_oVWov11DMJOYUNZi4q#&#ROZZq8963EjD0_$=GZi
z<=Y%R$1DfW&*zBcR#DISpJqPCFq!x$&dK-qB`j>_E8Y?i7KooJ;Sz0PiD6<1m>5sL
zc)<=Wf$Z?Es)|_+<
zTxu9xYVeijbpX$@p1+_cup)Q;8ywm8~&Tda>L4UZDj>3#S}{Z3R2>CUmT(pWCe#|
zh0(1Q#QI7Oe={zVbt_4SUvW{lQtMV4x|K?|?@gQ2#llr29IS+^v~ZOnT*X2iZhWf*R1Ca*7L+l{Yr=VV5=GCnoOBkO|bs5=q-N^R~t4~>+Iw2A8>xK
zjWwj~tN3fQjWvdiHO!Ka-hxL>+~iskW-8%YEnI5|*D7J;+qRhw7Oo>hco5{a`CY)1y17^h=7|Y!kt5%d0>2&y7unbdy%%1`PXD;lNI8CMD))GgbTXgoef)29hnoddBN-Vs1ViLA$)>ebHl~}31ENlfBU&gmF
zOt7(S1nVqwf9@Z|ZHA3)+QxQPdfCQyQsN~SZEV*zwi`CKGfQ6oxh==VGkOOJFJG2RWsI!BfgOA>+yz>K{od7Bj?gNxRJ-G
z7d7j}K$a6u;4aBG*e~kAeu-gXh6Cj<5e!$_O9c8)ILoELb@!6NdP%eJ=`hSf2ebBQ
z)*j)+->ZJAV0!|ci9H5vkB04Kn2TY1HEb^#`%JO+8mzqrYp-VQo4~MA-l*;)*ad~y
zN5I!~DX^#e2-v94;f3O%to{)8|GYY0CR8E>VESGr6ejFt!`I6i!%@Cl>3+~*!uT20
zeqa@f@8lOB`fn-w4ds655$`K;FO16BwBQer3;bq?Z66>PpX*X!hYk?$H~Ji|d7Mx9
zh^7YKf$4=LWdWv!pr=)64M9)oQXsU3p|buXo72uIt~JE9B)+7?wMK4g4M(-q!zPGC
zN4VF+UNTb}Oi9d(iYXNno?qyd!#^(rWC83F3z)Ey)!ei1|6L4x{HchE3;&|n^<
z$>mEO-U@*!X7{7{$Y;9(eu#SXXm9S0=>kMHX3qA3_
ziU@LgS?MNavQoOW(rqZ+x({f~t*6sr(1CyN403UpSV@X?ShEfrti!}g#kqvA!;}yl
zwO1JCU}LWktegDcli2>g2ZgT~HeS&-jD%h)n+szDV=;%M&ETG-6^;XyFM%c!GsG%6Dm~hZ-2m2Hud=6YF1~4n5Zs
z>xnJ}_Ml!&!&^i<1+1rh;I1e<26sjNM>dWi{PCCP!c*r7Vlq6kolHLyMBrIC=ZX8g
zm(|K;wGm-KZQ*a7%AQ2a(kF9Uj-~SJShj9a?H`^*$*AT~>kif3l}VpRTleVoKD|Dm
z*N61lNUu$DXmh6=FE8c>>a4E^4LWfRM&cSMaTtXghX%Sqmz{(nWX&;$CeTR&MME8q
zz)1}{X@E{@5J&k&;8kY1coXs}unNU*<M1>;@fr?1!F@YTy!P_sm$9)vKc}@4Q*xS9a)xDI
zmYpG42dKl&p3x~eW2EGa262=xC1;uCDyQ_GC0310`;C8PpEZ)CQ*aJn@_1ESCb4ecou}
zyiPW5Bp}(|xzy9wh&2uBko=nV`&yu1C!D~gH&uuEw&J))!I7IsunPp6uA(kz*o8ot
zxL~j@fHB_IXhz^)?G1lS6By8
zIMc6q62FGOp1H~fyqxB%1d5eUf9L-*&8sZ)#C{zS6eZZ`HHx#zzTfy4(lrBrjq%qR
z?_&IQl690TzV*wl8?x)3dEfkKW#3?#SU@?xK{Cwh4eHuuILoELS$RYG{N($HpsZ5%
z=^&r8lY1vh*)4bL{*J
zuGh8m*NJdbIe(of9$msEfPF^F>qN=E1x1)<4Q%HYfp9O69l53L+%oLkB0Kq>Cx3;G
zxLA3cl=(_|TPtrH%G<0|7H-ohjK0GbybQWSpm7RxM}zJdpgRN_uRwR;8|BGoPc3*P
zJVE?}Hnw*e>f(+6U4s5mLGNnlU4pKHdK~Dx1bwQbe3#aH%(C-e^V}oWb4qiMSik0y
zQ`|FL-Xma@0^ZYW`#u9*We)r`?tKE{Z_LreeIh)s@b`(ZS`qGR!UHBa%4tDAAi{ol
z8bjmuK=!9g^-!}O8mx!JdRs@)&BO_NQ~WB2
z*DX#~BRN|Fb=bE?f_Bjw{0Sr
zKMY3_H(GVDeXpXe)qGLxZVI;IoetV-`CsvGV@A+^tC%)VUT7;+JcC#Gr#4uR;Nw5n
zVZs9IaG&mlI>?2cAJ%!vJ1#ivp_jcoAuV1bvtIJ<5A)4JY!qOn40}W{TsjDQq!aPT
zU_Bxht_6-l77oN)pdKN1Kz)agpor7A2laVaPA!=!iEdmC9UJdH(H(kMA8qXpE)gYM
zKQ_ktH28+N!KINMtee5LqLxcw>8DnX`$Q`%={6+5ZUsvr>D299n-yXO?-TntvLeoU
zFLAoCqjSu~-y(RiZ-~KV)>S48A>=2^+SDpXfMr2zsP?z2P
z@&7z!ghbSJvDR66?)6=)4K48IUnM_SnC~8yXgz>hXn$k}{BJ9p;Y=_bc>;f>E<}v`
zQCBP0z1(i?wxaoS+azm|JEp5;b00{uw!6LfsdrcFAY=<-o$j06pkjJAYqk}|g7>;v
z%dJTMT-*z?^j$A&5az2Vj6+fn%h?L|me^Wr_rzptKMcSZ$<{7+NGgC_DbU7t{FIPt
qEwWlN25KYR$C9jJ?!}QXvqF1V?Qb{quu4Oqr(tK)EK3$Ias4m-bJs!u
delta 13023
zcmZvj2Y6J+wa3q_BrJg%AR!4P5CSB6F`^h#79l_sAz?7RNTS6uV#jt|Uy7ZAEho?K#pESs66H&zZ)-
zZz3P6#{KZfvqm(4UaLzRsRPk(M4ij~`@?a;d(lfGRGKc1O>Gzh`xFLvfSRrOV6#{S
zxp3EG4>!{nV;f1AexKj1k4x468ykbi5@VBed>p+i#&@0L;>^1-<{iO$hhgjEXpG9Z
z3=T_em>V9xj=PFuNiis_Xd6$8Vewr=p?AmAVC&C5qGDtITpxKUOHdR34KP=Igf
zKTmCD9V9^%^uXgy0H*10(y~(5Mkm4AXo-;D#W3$Dr^Y5?#SzE$<0z4BBP&5djQv$$HFF@-=fR_gY6gLL=C=cKgR&Cc1fO$;;4(07!Sp8#C`Tkt#cf7UiK#tR;;%fD84gX{L}_lzinEvR}7mf%+rB6m0lRd@p`NH6dx!`p`1jZRyVv2KX|H0e@-%=(
zc(N6+u|`7F8xHqqQ3UUr{#e@|Yx+MpOuV!J{hkxZ&W5gDsz(B5SO9TGmSANGMphlj
zY1fM*6FCwmm<=S_$V3zQIFKEmIgdjdbLdIk<46jQHsVN5Tw6ZggpWt-b$tBL5pNk7G-Vr&5<5OY;@LdQU@0
z!ya7JwX>O*#yVQ9L`kzw)5NKvr128iYollh5DQNTV$}(&IkRw)Gpo5}H5V41;%uq8
z18a^~E`i}$MX<~=Hr9e+dv%xNDZbE3Y~d(dSY^5>y)v)qs4Rl-8yo4?M!J(yIOc9!y0QTFzCy$mYmWo-MAv9S16^HjYidjyIS!^^?cdJaD0)u$)HY}WMgl(*_jU#L$LK_vD?zVUY
z3tb|U)|Od6&{dV;+O&0)ZLu~oMeRfh1K347Rz~VSR8k3|s_=9j%pKX>@unF#+uF+(
zdwMK|dO0+QLrY9(jt$K*p(m=c?QNIk*ft95?;}jX~
zbt*gCJBLT_$Q^XMq;s&N9lfI&eZ#4ocKvx)J8>kaH(thcM&|{v1Y7su@2WF22&#`CDINbHI=KrT#My#UcHD*Gd3x~K
za1pw25q4kD#`PtKtP4klRw?dVDDPTvPg|@4C^xJgmes>y^)|Wh(=6SMarZE_r@0iva3@9=+n%EK=kXNuWc3_8Mn&k!
zRz9|^`uFdi%$$pTG%-DqDK`ST9@CT#@jh;dh+GEt)6>s|XC{}WxV2(wuALd&rIFO1
z&sKV|vcHMyWvkN5sY)+l>5tB(=7I=&vk-S|jPGrQy&Yk1BW!U#ZSqhaun+5Sr^dQI
zR@cYT^r7N=7H|v6c?+vAvxeyX=fg|6ucPd1)5gsvr#*~aJj2Ri`oZ~>nW3fp
zjH7(UDyf82>*1{I$I6x1rn&3K{&8PuTJ`6ypYU|ih16`2VV`C3PzgEde;e7~DN}zQVyuk{Esp_sgyy(_Sp%3gPB*?7UaSKgBCj3(9(<#`
z5G5DQ;?t2j@j(M0K4)+Oaxogr$jzo0gKaSeb1_~v0}N(lI4ZPq^MqAW%J%ZCy*%dp
z#HjP?vwV=}!18Qm>BOMhOj-yrB@4Zrlwsz(RI6jDdso
zy6SemP$t9d;P~jrnT+Dt;T%irkn$aF6B+IdJlq+0xMfiiRF#p;Dqt3!AH*sk)+ElU
zz=6>nxd1}O3M_1dz(9wG@
zQH`M>p<`_57!LiJ2^}M$!N4=2#Yw$b$Zn8^eJ8u7PD}p
z5f)ovu_G)Np^XYHa=J{?bQZCRvCQ)8`?tgQj%DrLJn&M3$5nB#cN^~Tva>wlc%f1I$iuO@A>cpc9=JRN!Ijkmh-j&8i;VZ3$!
zyzwBX&-2V$s~^>b^M2k@K5vy1Lg2&|3d2t5(l^6poZ{G+VwF=xSu2ZpDl0qcD{qF&IMq>3
zwaRIt^pE9YOk*YO=BXIdYy#7q1f~f~x4N5}>z5&?vyh%>NI2aJr#r&wM)>00v^W`X
z2J1TM{ddDj&Ty>GuvTY^Rj(*#va+*&a5tq(=&Ci-QO;x~-RpnXnC|snzQq^o`xVK-
z-rv3AiLVt>36r|&N8bx?UP>HNiS$cMydQg|Re#l$I;>L5DicU9m*;ajEnE>^*T71|Z#}hY;oy@~((4p7Qv77qWj@J?;KQ)#HA!-&OxPIx9Euj
zm6c`ee=d(n%b4mnm;Gzos-OH^aiYJtpX#fX({7$4p2y-(jd-3@fO$?D^U#dk*5->D
zzwqWey!p)g%<$&dtA2J19Nq%t$@b|5;dy1Y
zUtr!Q{fF;|SL_Rp@&)VUMNz`@T;~^A*$0o&3V4y7P{m)Ymlm~Xhw+t-3b|NlTnK9+
zvDyPYFcEB_g)MYo3k9aH{UFun7v&;$LC;GhTx5ld9N{9z#Ufja#p0q?YO$DE^z2Nm
z#g?_$VJ&7>VJM}=7DgXu;4<`&=khFJ7(KrdY>9;}abQbKMkjxmI>j$8ma?#i5iYgD
zrH*i^lhIOZVwso#F|mwUJ$2)^!sp*IN4d-@UlOHPlrOO|S5JQ{eBpn|QNCoAbj`%X
zYel)7mH2fEC%)YJU+(x{ZW90Kt+eSflP|N5P9IuDFSG6!wpD*+zsy=XFQ~LHqYpXt
zR^Soz0TXxvRxs~*J^1Z#?kiYHdkj*pu*z3NSt-v>udwp4E`K|m`zx$GY?QCq-02$#
z9MdbxS6O+-M7?Trf7QwTRblBTZ{tOGmY1xoWFaNKl10BngtY1>zS1$V(wbOhOibj&
zS23%lUiPE#DZPr7|7DD=vP#<2qx};3d~h`@t4-8uYk#$4f3?F}ZCPuCO1ci=)YIQ24mlUs1CfB8%tkY)4zQG_6opU-vNfXX6xN1ymGyn;43$_=QL
zn=d`!pwcU2ZsakW<1t#*8*SA#I#t`~ur^v3n}k&>tWCrk1L+2~$-*`{uuTqZlZDZz
z8e~jnU^5$=p*MV#GAlF#n;qq5RLVlwB1)Ldr{)$`(#g1m9sCM=rB(mb++tbu;mnrc
zpRPPsL$(?V0@`XpTN(7gfVMj6Y;{0e1++~-egSQ>pluBL+<>+@pluFl8-sk?1ymv%
z#qA8bWaQf!cG0%#r?;J9bmCI#+qua1utgsi@4#0o^fX>OJD54$MDAeb7onEVakzt_
z{~hY&`tQURLFpBtwPJK9L(iJXoeVu=TlJ0Zv`kunJMC)N#XKKm3UHSL+{M5v2Dr;H
zxyu46^IZ(A#Yi$qAD>g^!rbjJcQf;{VeS?tT@?tk+kx(8=zRmF5B(A9mvWXfly=pm
zD`#k^oaK(ua)()Nt4VbzhXybVE$iaXVsdMz@ElIjnumDx{S{uzeOrPe}-?
z71(};wKGxsEo{F7+b_oSx?kX~e=@r`z{1u>c)$t|IKl%?MhCdSv9{2F_uRsSqJEUaMTU&VTIE9F@*z{+E0{D93R
z;N%iu<#9dsL26&`44$1METqR48t4cM>ujt3ut!+jSf6;1I;BroarHlrT3qaJle
zJt{&Q6?#e`w=}iW*~l?wHPs29ho4E0Im%jJ(FYWIgDM@V4MJNBNpno)o3Oj4OANl?U(`rEt=waMDTPq{BLitdT%Fq9#e9
z9g%#k;`Mmr@gtb=FdmBW-*}jzA6-mtD&MrwZ~7PQNrX!MsG?~wt1eOLZ!4k`uHpDk
z@Q42Ms{}pb%UQ{zIPjL!GhE;QGG~bN&|W^Q5$qezF^T)mzd81%Uh|vgKED*Nl1qS@
za0x1H2`ZfuR5~T7wB@Wq9i7TEyi~v{X38-oMfU-+k8$t`J8rGrKaYKUOQpLy4&oPkXLyj1l{0pbGtMAqoI%dmqS1ZBmkw6nHoXPNUG
z?4_ceHLT=NlRmJZA*pC*dE1oyx{xwUIQ7?=l%|*bE?l(N*+VmoqoTcTJ)AR2xdxtN
zWxzz8v-zBJ@;T?Q&RN!ZVb#h6oF|qKQVi_8g`Ia`=N;I2hS3b1|JNDd3AiAGfTVhX
z4X2thF4!?Hm@y_x(JnZHT(FKW3d}E#FET7tql*@H(J_2cSo*=&xZ{}1Q+J7lG+CEe
zbQQ7Es=wYZIVLVy6SN1zWl$m+U1nCX$>_2*aoI6(nOTKJHY{{UpiLsJDS=&KSSad>
zg|iQ$@foJZ9-RBL)RZl=ql@O+7>Ovpz(0kCPddU^iU}tt}$!0iMnPz
zTys2JV-KT(g@1_kc>SWh&Pw_oj@ImTtGwX+^
zaCaC-H%G$Vad1Nh!$0|wLl9ig{!%afEz%ndrmw7N=HFo43XG5zoe{4X+#3*8Q>E0`
zDsWw?hRLH5cMl>xG+IIEr(Qri3LwgxI6@xK!}+JsANJt`LppxmLf`4khS7oQDAgh@
zANLntkNoy}dV8Wh13gXPc7v6HFB+)st!O8RiNi7cQR+|lbQJ@A@W>tYE&f?-YM|>=
z>TyIT=v31+S}7H=4YmdFUAMr=1l2ciG)5hZ*a}-IDx+pxLzSr_Izwk}1~zw6a|8dt
z|FIzA7Tl`Y6RTFJh#PQ2I@`pn52OBqTi_#smQ7Tj!1t0=|G)DgRGs)+5dT?7+bsP`kvpiJV1q^pVQDVjil?*^(e)W`;3Cn^}&xaLuY
zYOfOKd-0Fvzgqll0z9j*{8s}VTB#o&&QvSa$AMLuYE4vs6fV@CEEpBYZ>{d)QI(~J
zByW!e*o-|9_^$w_@@sP7ep{6iSem7_t0Z}!*hbA)P38T*Hfl2_%rTwYs)K=~wkkD{
z-a(bb^u<4ta67eJB}mZw?bOo1&2|{{PG=NOkH(qCnsrohfiH7Z51Ff-9aWPU
z+5?h4HZV3v?NyDaf17G37=L>lH-_H78d%#wMF%1~AQF$p(wxo+JnV$<+HCCDOdWOE
RYJN>>M^zGe&fit3{|EUQAZ!2t
From 652e7090d9589f9de8a6616aee2887014def663e Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Wed, 2 Nov 2022 17:16:34 +0100
Subject: [PATCH 012/139] Split core module (java code) and application module
(executable jar) (#138)
---
.github/workflows/release.yml | 2 +-
app/pom.xml | 64 +++++++++++++++++++
core/pom.xml | 10 +--
.../tools/solicitor/SolicitorApplication.java | 57 ++++++++---------
documentation/master-solicitor.asciidoc | 3 +-
pom.xml | 1 +
6 files changed, 97 insertions(+), 40 deletions(-)
create mode 100644 app/pom.xml
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 77f47e88..f4a12c61 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,7 +37,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./core/target/solicitor.jar
+ asset_path: ./app/target/solicitor.jar
asset_name: solicitor.jar
asset_content_type: application/octet-stream
- name: Upload Userguide
diff --git a/app/pom.xml b/app/pom.xml
new file mode 100644
index 00000000..ca6e0716
--- /dev/null
+++ b/app/pom.xml
@@ -0,0 +1,64 @@
+
+
+ 4.0.0
+
+
+ org.springframework.boot
+ spring-boot-starter-parent
+ 2.6.3
+
+
+
+
+ com.devonfw.tools
+ solicitor-app
+ 1.4.0-SNAPSHOT
+
+ Solicitor App (Main Application)
+ A tool for rule based checking of license conditions in software projects.
+
+
+ Apache Software License, Version 2.0
+ https://www.apache.org/licenses/LICENSE-2.0.txt
+ repo
+
+
+
+
+
+ scm:git:file://.
+ scm:git:file://.
+ scm:git:file://.
+
+
+
+ 1.8
+ dd-MM-yy_HH:mm
+ ${maven.build.timestamp}
+ UTF-8
+
+
+
+
+ ${project.groupId}
+ solicitor-core
+ ${project.version}
+
+
+
+
+
+ solicitor
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+ com.devonfw.tools.solicitor.SolicitorApplication
+ ZIP
+
+
+
+
+
diff --git a/core/pom.xml b/core/pom.xml
index 5376ce74..52a676d3 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -15,7 +15,7 @@
solicitor-core
1.4.0-SNAPSHOT
- Solicitor Core (Main Application)
+ Solicitor Core (Main Library)
A tool for rule based checking of license conditions in software projects.
@@ -164,7 +164,6 @@
- solicitor
src/main/resources
@@ -220,13 +219,6 @@
-
- org.springframework.boot
- spring-boot-maven-plugin
-
- ZIP
-
-
org.codehaus.mojo
license-maven-plugin
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/SolicitorApplication.java b/core/src/main/java/com/devonfw/tools/solicitor/SolicitorApplication.java
index 715977fd..67415452 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/SolicitorApplication.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/SolicitorApplication.java
@@ -13,39 +13,38 @@
import com.devonfw.tools.solicitor.common.LogMessages;
/**
- * The main class. Triggers command line processing and bootstraps the Spring
- * application context. It delegates to class {@link Solicitor} for further
- * processing.
+ * The main class. Triggers command line processing and bootstraps the Spring application context. It delegates to class
+ * {@link Solicitor} for further processing.
*/
@SpringBootApplication
public class SolicitorApplication {
- private static final Logger LOG = LoggerFactory.getLogger(SolicitorApplication.class);
-
- /**
- * The standard java main method.
- *
- * @param args command line arguments
- */
- public static void main(String[] args) {
-
- try {
- SolicitorCliProcessor scp = new SolicitorCliProcessor();
- CommandLineOptions clo = scp.parse(args);
- if (clo == null) {
- System.exit(3);
- }
- // only continue processing if help option was not selected
- if (!clo.help) {
- ApplicationContext context = SpringApplication.run(SolicitorApplication.class, args);
- Solicitor solicitor = context.getBean(Solicitor.class);
- solicitor.run(clo, String.join(" ", args));
- }
- } catch (RuntimeException e) {
- LOG.error(LogMessages.ABORTED.msg(), e);
- System.exit(3);
- }
-
+ private static final Logger LOG = LoggerFactory.getLogger(SolicitorApplication.class);
+
+ /**
+ * The standard java main method.
+ *
+ * @param args command line arguments
+ */
+ public static void main(String[] args) {
+
+ try {
+ SolicitorCliProcessor scp = new SolicitorCliProcessor();
+ CommandLineOptions clo = scp.parse(args);
+ if (clo == null) {
+ System.exit(3);
+ }
+ // only continue processing if help option was not selected
+ if (!clo.help) {
+ ApplicationContext context = SpringApplication.run(SolicitorApplication.class, args);
+ Solicitor solicitor = context.getBean(Solicitor.class);
+ solicitor.run(clo, String.join(" ", args));
+ }
+ } catch (RuntimeException e) {
+ LOG.error(LogMessages.ABORTED.msg(), e);
+ System.exit(3);
}
+ }
+
}
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 51072022..07d8b092 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1533,7 +1533,8 @@ java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar >.
* Added support for API changes of new scancode release (v31) https://github.com/nexB/scancode-toolkit/releases/tag/v31.0.1.
diff --git a/pom.xml b/pom.xml
index 383b5186..0264f875 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,6 +21,7 @@
documentation
core
+ app
logo
From 6053c1ea921bcbd5479ecaf3edbe7bdef27add3d Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Fri, 4 Nov 2022 17:52:50 +0100
Subject: [PATCH 013/139] Refactor scancode interface to provide API to access
alternative sources for deep license scan information (#140)
* Restructuring/Generalizing Scancode integration
* Allow multiple ComponentInfoAdapter beans to be defined / executed.
* Update documentation
---
.../tools/solicitor/common/LogMessages.java | 2 +-
.../componentinfo/ComponentInfo.java | 40 ++++
.../componentinfo/ComponentInfoAdapter.java | 30 +++
.../ComponentInfoAdapterException.java | 38 ++++
.../ComponentInfoInventoryProcessor.java | 166 +++++++++++++++
.../solicitor/componentinfo/LicenseInfo.java | 19 ++
.../scancode/ScancodeComponentInfo.java} | 132 ++++++++++--
.../scancode/ScancodeFileAdapter.java | 85 +++++---
.../solicitor/scancode/ScancodeAdapter.java | 21 --
.../solicitor/scancode/ScancodeException.java | 36 ----
.../scancode/ScancodeInventoryProcessor.java | 193 ------------------
documentation/master-solicitor.asciidoc | 20 ++
12 files changed, 486 insertions(+), 296 deletions(-)
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapter.java
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapterException.java
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
create mode 100644 core/src/main/java/com/devonfw/tools/solicitor/componentinfo/LicenseInfo.java
rename core/src/main/java/com/devonfw/tools/solicitor/{scancode/ComponentScancodeInfos.java => componentinfo/scancode/ScancodeComponentInfo.java} (59%)
rename core/src/main/java/com/devonfw/tools/solicitor/{ => componentinfo}/scancode/ScancodeFileAdapter.java (75%)
delete mode 100644 core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeAdapter.java
delete mode 100644 core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeException.java
delete mode 100644 core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeInventoryProcessor.java
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/common/LogMessages.java b/core/src/main/java/com/devonfw/tools/solicitor/common/LogMessages.java
index 0269cde4..8204c9f9 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/common/LogMessages.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/common/LogMessages.java
@@ -81,7 +81,7 @@ public enum LogMessages {
"Experimental feature ACTIVE: Start enriching the inventory data with Scancode data (as far as available)"), //
SCANCODE_FEATURE_DEACTIVATED(55,
"The experimental feature for enriching the inventory with scancode data is DEACTIVATED"), //
- SCANCODE_INFO_READ(56, "Scancode information was read for {} out of {} ApplicationComponents"), //
+ COMPONENT_INFO_READ(56, "External component information was read for {} out of {} ApplicationComponents"), //
CURATIONS_NOT_EXISTING(57, "Curations file '{}' not found. No curations will be applied."), //
CURATIONS_PROCESSING(58, "Curations file '{}' exists. Applying curations.");
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
new file mode 100644
index 00000000..486744ef
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
@@ -0,0 +1,40 @@
+package com.devonfw.tools.solicitor.componentinfo;
+
+import java.util.Collection;
+
+/**
+ * Data structure which holds information about a component which comes from an external data source, like the results
+ * of a scancode scan.
+ *
+ */
+public interface ComponentInfo {
+
+ /**
+ * Gets all copyrights.
+ *
+ * @return the copyrights
+ */
+ Collection getCopyrights();
+
+ /**
+ * Gets all licenses.
+ *
+ * @return all licenses
+ */
+ Collection getLicenses();
+
+ /**
+ * Gets the path to the notice file (if any)
+ *
+ * @return path to the notice file
+ */
+ String getNoticeFilePath();
+
+ /**
+ * Gets the url to the license text
+ *
+ * @return url to the license text
+ */
+ String getUrl();
+
+}
\ No newline at end of file
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapter.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapter.java
new file mode 100644
index 00000000..c984b044
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapter.java
@@ -0,0 +1,30 @@
+package com.devonfw.tools.solicitor.componentinfo;
+
+import org.springframework.core.annotation.Order;
+
+/**
+ * Adapter for reading {@link ComponentInfo} data for a package. There might be different beans in the application
+ * implementing this interface. Processing will the be done based on the given {@link Order}. The first non null results
+ * will be taken in this case.
+ */
+public interface ComponentInfoAdapter {
+
+ /**
+ * Processing order to be used for the ComponentInfoAdapter. Use in {@link Order} annotation of the implementing
+ * spring bean. You might do arithmetics based on this to create higher or lower priority adapters. (higher priority =
+ * lower number !)
+ */
+ public static final int DEFAULT_PRIO = 200;
+
+ /**
+ * Retrieves the component information for a package identified by the given package URL. Returns the data as a
+ * {@link ComponentInfo} object.
+ *
+ * @param packageUrl The identifier of the package for which information is requested
+ * @return the data for the component. null is returned if no data is available,
+ * @throws ComponentInfoAdapterException if there was an exception when reading the data. In case that there is no
+ * data available no exception will be thrown. Instead null will be returned in such a case.
+ */
+ ComponentInfo getComponentInfo(String packageUrl) throws ComponentInfoAdapterException;
+
+}
\ No newline at end of file
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapterException.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapterException.java
new file mode 100644
index 00000000..e1e91a4a
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoAdapterException.java
@@ -0,0 +1,38 @@
+package com.devonfw.tools.solicitor.componentinfo;
+
+/**
+ * Exception indicating that the {@link ComponentInfoAdapter} had a problem reading data. This should not be used if
+ * there is simply no data available for the given component but only if there was either a general problem reading data
+ * or with reading the (existing) specific data for the component.
+ */
+public class ComponentInfoAdapterException extends Exception {
+
+ /**
+ * A constructor.
+ */
+ public ComponentInfoAdapterException() {
+
+ }
+
+ /**
+ * A constructor.
+ *
+ * @param message the message of the exception
+ */
+ public ComponentInfoAdapterException(String message) {
+
+ super(message);
+ }
+
+ /**
+ * A constructor.
+ *
+ * @param message the message of the exception
+ * @param cause the underlying {@link Throwable}.
+ */
+ public ComponentInfoAdapterException(String message, Throwable cause) {
+
+ super(message, cause);
+ }
+
+}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
new file mode 100644
index 00000000..ae50de19
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
@@ -0,0 +1,166 @@
+package com.devonfw.tools.solicitor.componentinfo;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+import com.devonfw.tools.solicitor.InventoryProcessor;
+import com.devonfw.tools.solicitor.common.LogMessages;
+import com.devonfw.tools.solicitor.common.SolicitorRuntimeException;
+import com.devonfw.tools.solicitor.model.ModelFactory;
+import com.devonfw.tools.solicitor.model.ModelRoot;
+import com.devonfw.tools.solicitor.model.inventory.ApplicationComponent;
+import com.devonfw.tools.solicitor.model.inventory.RawLicense;
+import com.devonfw.tools.solicitor.model.masterdata.Application;
+
+/**
+ * An {@link InventoryProcessor} which looks up license information for the found application components / packages at
+ * some external data source , like a scancode file store. If license information is found then the license, copyright
+ * and notice file information of the model will be replaced by the data obtained from this source.
+ *
+ */
+@Component
+@Order(InventoryProcessor.BEFORE_RULE_ENGINE)
+public class ComponentInfoInventoryProcessor implements InventoryProcessor {
+
+ private static class Statistics {
+ public int componentsTotal;
+
+ public int componentsWithComponentInfo;
+
+ public void add(Statistics statistics) {
+
+ this.componentsTotal += statistics.componentsTotal;
+ this.componentsWithComponentInfo += statistics.componentsWithComponentInfo;
+ }
+ }
+
+ /**
+ * Origin data for raw license objects created by this Class. Due to compatibility reasons this is named "scancode"
+ * even due to the fact that it might originate from other sources.
+ */
+ private static final String ORIGIN_COMPONENTINFO = "scancode";
+
+ private static final Logger LOG = LoggerFactory.getLogger(ComponentInfoInventoryProcessor.class);
+
+ private ComponentInfoAdapter[] componentInfoAdapters;
+
+ private ModelFactory modelFactory;
+
+ /**
+ * The constructor.
+ */
+ public ComponentInfoInventoryProcessor() {
+
+ }
+
+ @Override
+ public void processInventory(ModelRoot modelRoot) {
+
+ Statistics overall = new Statistics();
+ for (Application application : modelRoot.getEngagement().getApplications()) {
+ for (ApplicationComponent ac : application.getApplicationComponents()) {
+ Statistics single = processApplicationComponent(ac);
+ overall.add(single);
+ }
+ }
+ LOG.info(LogMessages.COMPONENT_INFO_READ.msg(), overall.componentsWithComponentInfo, overall.componentsTotal);
+ }
+
+ /**
+ * Process a single {@link ApplicationComponent}.
+ *
+ * @param ac application component
+ * @return processing statistics
+ */
+ private Statistics processApplicationComponent(ApplicationComponent ac) {
+
+ Statistics statistics = new Statistics();
+ statistics.componentsTotal = 1;
+
+ if (ac.getPackageUrl() != null) {
+ ComponentInfo componentInfo = null;
+ try {
+ for (ComponentInfoAdapter cia : this.componentInfoAdapters) {
+ componentInfo = cia.getComponentInfo(ac.getPackageUrl());
+ // stop querying further adapters if some info was returned
+ if (componentInfo != null) {
+ break;
+ }
+ }
+ } catch (ComponentInfoAdapterException e) {
+ throw new SolicitorRuntimeException("Exception when reading component info data source", e);
+ }
+ if (componentInfo != null) {
+ statistics.componentsWithComponentInfo = 1;
+ ac.removeAllRawLicenses();
+
+ if (componentInfo.getNoticeFilePath() != null) {
+ ac.setNoticeFileUrl(componentInfo.getNoticeFilePath());
+ }
+
+ for (LicenseInfo li : componentInfo.getLicenses()) {
+ addRawLicense(ac, li.getSpdxid(), li.getLicenseFilePath(), ORIGIN_COMPONENTINFO);
+ }
+ String copyrights = String.join("\n", componentInfo.getCopyrights());
+ ac.setCopyrights(copyrights);
+ // check whether VendorUrl is included in input file or not
+ if (componentInfo.getUrl() != null) {
+ ac.setOssHomepage(componentInfo.getUrl());
+ }
+ } else {
+ // no ComponentInfos info found for ac
+ }
+ } else {
+ // can this happen?
+ }
+ return statistics;
+ }
+
+ /**
+ * Adds a {@link com.devonfw.tools.solicitor.model.inventory.RawLicense} to the given
+ * {@link com.devonfw.tools.solicitor.model.inventory.ApplicationComponent}.
+ *
+ * @param appComponent a {@link com.devonfw.tools.solicitor.model.inventory.ApplicationComponent} object.
+ * @param name a {@link java.lang.String} object.
+ * @param url a {@link java.lang.String} object.
+ * @param origin a {@link java.lang.String} object.
+ */
+ public void addRawLicense(ApplicationComponent appComponent, String name, String url, String origin) {
+
+ RawLicense mlic = this.modelFactory.newRawLicense();
+ mlic.setApplicationComponent(appComponent);
+ mlic.setDeclaredLicense(name);
+ mlic.setLicenseUrl(url);
+ mlic.setOrigin(origin);
+ String trace;
+ trace = "+ Component/License info read from ComponentInfo data source";
+
+ mlic.setTrace(trace);
+ }
+
+ /**
+ * This method sets the field modelFactory.
+ *
+ * @param modelFactory the new value of the field modelFactory
+ */
+ @Autowired
+ public void setModelFactory(ModelFactory modelFactory) {
+
+ this.modelFactory = modelFactory;
+ }
+
+ /**
+ * This method sets the field componentInfoAdapters
+ *
+ * @param componentInfoAdapters new value of componentInfoAdapters.
+ */
+ @Autowired
+ public void setComponentInfoAdapters(ComponentInfoAdapter[] componentInfoAdapters) {
+
+ this.componentInfoAdapters = componentInfoAdapters;
+ }
+
+}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/LicenseInfo.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/LicenseInfo.java
new file mode 100644
index 00000000..5f76694b
--- /dev/null
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/LicenseInfo.java
@@ -0,0 +1,19 @@
+package com.devonfw.tools.solicitor.componentinfo;
+
+/**
+ * License information within the {@link ComponentInfo} data structure.
+ *
+ */
+public interface LicenseInfo {
+
+ /**
+ * @return spdxid
+ */
+ String getSpdxid();
+
+ /**
+ * @return licenseFilePath
+ */
+ String getLicenseFilePath();
+
+}
\ No newline at end of file
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ComponentScancodeInfos.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
similarity index 59%
rename from core/src/main/java/com/devonfw/tools/solicitor/scancode/ComponentScancodeInfos.java
rename to core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
index 7c6a0f89..97a966db 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ComponentScancodeInfos.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
@@ -1,47 +1,49 @@
-package com.devonfw.tools.solicitor.scancode;
+package com.devonfw.tools.solicitor.componentinfo.scancode;
import java.util.Collection;
import java.util.Collections;
-import java.util.Map;
import java.util.SortedMap;
import java.util.SortedSet;
import java.util.TreeMap;
import java.util.TreeSet;
+import com.devonfw.tools.solicitor.componentinfo.ComponentInfo;
+import com.devonfw.tools.solicitor.componentinfo.LicenseInfo;
+
/**
* Data structure for holding the scan information from scancode for a single package.
*/
-public class ComponentScancodeInfos {
+public class ScancodeComponentInfo implements ComponentInfo {
/**
* Holds the info about a single found license.
*/
- public class LicenseInfo {
+ public class ScancodeLicenseInfo implements LicenseInfo {
/**
* Id for of the license.
*/
- public String id;
+ private String id;
/**
* SPDX-ID of the license.
*/
- public String spdxid;
+ private String spdxid;
/**
* The score of the license.
*/
- public double licenseScore;
+ private double licenseScore;
/**
* Path to the license file.
*/
- public String licenseFilePath;
+ private String licenseFilePath;
/**
* The score of the license file.
*/
- public double licenseFileScore;
+ private double licenseFileScore;
/**
* The constructor.
@@ -53,14 +55,14 @@ public class LicenseInfo {
* @param licenseFilePath the path to the license file
* @param licenseFileScore the score of the license file
*/
- public LicenseInfo(String id, String spdxid, String defaultUrl, double licenseScore, String licenseFilePath,
+ public ScancodeLicenseInfo(String id, String spdxid, String defaultUrl, double licenseScore, String licenseFilePath,
double licenseFileScore) {
super();
this.id = id;
this.spdxid = spdxid;
this.licenseScore = licenseScore;
- if (licenseFileScore >= ComponentScancodeInfos.this.minLicensefilePercentage) {
+ if (licenseFileScore >= ScancodeComponentInfo.this.minLicensefilePercentage) {
this.licenseFilePath = licenseFilePath;
this.licenseFileScore = licenseFileScore;
} else {
@@ -68,13 +70,95 @@ public LicenseInfo(String id, String spdxid, String defaultUrl, double licenseSc
this.licenseFileScore = 0.0;
}
}
+
+ /**
+ * @return id
+ */
+ public String getId() {
+
+ return this.id;
+ }
+
+ /**
+ * @return spdxid
+ */
+ @Override
+ public String getSpdxid() {
+
+ return this.spdxid;
+ }
+
+ /**
+ * @return licenseScore
+ */
+ public double getLicenseScore() {
+
+ return this.licenseScore;
+ }
+
+ /**
+ * @return licenseFilePath
+ */
+ @Override
+ public String getLicenseFilePath() {
+
+ return this.licenseFilePath;
+ }
+
+ /**
+ * @return licenseFileScore
+ */
+ public double getLicenseFileScore() {
+
+ return this.licenseFileScore;
+ }
+
+ /**
+ * @param id new value of {@link #getId}.
+ */
+ public void setId(String id) {
+
+ this.id = id;
+ }
+
+ /**
+ * @param spdxid new value of {@link #getSpdxid}.
+ */
+ public void setSpdxid(String spdxid) {
+
+ this.spdxid = spdxid;
+ }
+
+ /**
+ * @param licenseScore new value of {@link #getLicenseScore}.
+ */
+ public void setLicenseScore(double licenseScore) {
+
+ this.licenseScore = licenseScore;
+ }
+
+ /**
+ * @param licenseFilePath new value of {@link #getLicenseFilePath}.
+ */
+ public void setLicenseFilePath(String licenseFilePath) {
+
+ this.licenseFilePath = licenseFilePath;
+ }
+
+ /**
+ * @param licenseFileScore new value of {@link #getLicenseFileScore}.
+ */
+ public void setLicenseFileScore(double licenseFileScore) {
+
+ this.licenseFileScore = licenseFileScore;
+ }
}
private static final double MIN_NOTICEFILE_PERCENTAGE = 0.0;
private SortedSet copyrights = new TreeSet<>();
- private SortedMap licenses = new TreeMap<>();
+ private SortedMap licenses = new TreeMap<>();
private double noticeFileScore = 0;
@@ -92,7 +176,7 @@ public LicenseInfo(String id, String spdxid, String defaultUrl, double licenseSc
* @param minLicenseScore the minimum score to take license findings into account
* @param minLicensefilePercentage the minimum percentage of license text to possibly use file as license file
*/
- public ComponentScancodeInfos(double minLicenseScore, double minLicensefilePercentage) {
+ public ScancodeComponentInfo(double minLicenseScore, double minLicensefilePercentage) {
super();
this.minLicenseScore = minLicenseScore;
@@ -114,6 +198,7 @@ public void addCopyright(String copyright) {
*
* @return the copyrights
*/
+ @Override
public Collection getCopyrights() {
return Collections.unmodifiableCollection(this.copyrights);
@@ -142,22 +227,22 @@ public void addLicense(String licenseId, String licenseName, String licenseDefau
double fileScore) {
if (this.licenses.containsKey(licenseId)) {
- LicenseInfo existingLicenseInfo = this.licenses.get(licenseId);
+ ScancodeLicenseInfo existingLicenseInfo = this.licenses.get(licenseId);
- double resultingScore = Math.max(existingLicenseInfo.licenseScore, score);
- String resultingFilePath = existingLicenseInfo.licenseFilePath;
- double resultingFileScore = existingLicenseInfo.licenseFileScore;
- if (fileScore > existingLicenseInfo.licenseFileScore) {
+ double resultingScore = Math.max(existingLicenseInfo.getLicenseScore(), score);
+ String resultingFilePath = existingLicenseInfo.getLicenseFilePath();
+ double resultingFileScore = existingLicenseInfo.getLicenseFileScore();
+ if (fileScore > existingLicenseInfo.getLicenseFileScore()) {
resultingFilePath = filePath;
resultingFileScore = fileScore;
}
- this.licenses.put(licenseId, new LicenseInfo(licenseId, licenseName, licenseDefaultUrl, resultingScore,
+ this.licenses.put(licenseId, new ScancodeLicenseInfo(licenseId, licenseName, licenseDefaultUrl, resultingScore,
resultingFilePath, resultingFileScore));
} else {
if (score >= this.minLicenseScore) {
this.licenses.put(licenseId,
- new LicenseInfo(licenseId, licenseName, licenseDefaultUrl, score, filePath, fileScore));
+ new ScancodeLicenseInfo(licenseId, licenseName, licenseDefaultUrl, score, filePath, fileScore));
}
}
}
@@ -167,9 +252,10 @@ public void addLicense(String licenseId, String licenseName, String licenseDefau
*
* @return all licenses
*/
- public Map getLicenses() {
+ @Override
+ public Collection getLicenses() {
- return Collections.unmodifiableSortedMap(this.licenses);
+ return Collections.unmodifiableSortedMap(this.licenses).values();
}
/**
@@ -200,6 +286,7 @@ public void addNoticeFilePath(String path, double score) {
*
* @return path to the notice file
*/
+ @Override
public String getNoticeFilePath() {
return this.noticeFilePath;
@@ -210,6 +297,7 @@ public String getNoticeFilePath() {
*
* @return url to the license text
*/
+ @Override
public String getUrl() {
return this.url;
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
similarity index 75%
rename from core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java
rename to core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
index 3db81035..91067ad9 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeFileAdapter.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
@@ -1,4 +1,4 @@
-package com.devonfw.tools.solicitor.scancode;
+package com.devonfw.tools.solicitor.componentinfo.scancode;
import java.io.File;
import java.io.FileInputStream;
@@ -9,10 +9,14 @@
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import com.devonfw.tools.solicitor.common.LogMessages;
import com.devonfw.tools.solicitor.common.packageurl.AllKindsPackageURLHandler;
+import com.devonfw.tools.solicitor.componentinfo.ComponentInfo;
+import com.devonfw.tools.solicitor.componentinfo.ComponentInfoAdapter;
+import com.devonfw.tools.solicitor.componentinfo.ComponentInfoAdapterException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
@@ -20,10 +24,11 @@
/**
* Adapter for reading Scancode information for a package from a file, applying any given curations and returning the
- * information as a {@link ComponentScancodeInfos} object.
+ * information as a {@link ComponentInfo} object.
*/
@Component
-public class ScancodeFileAdapter implements ScancodeAdapter {
+@Order(ComponentInfoAdapter.DEFAULT_PRIO)
+public class ScancodeFileAdapter implements ComponentInfoAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ScancodeFileAdapter.class);
@@ -41,6 +46,10 @@ public class ScancodeFileAdapter implements ScancodeAdapter {
private boolean curationsExistenceLogged;
+ private boolean featureFlag = false;
+
+ private boolean featureLogged = false;
+
@Autowired
private AllKindsPackageURLHandler packageURLHandler;
@@ -52,6 +61,17 @@ public ScancodeFileAdapter() {
}
+ /**
+ * Sets the feature flag for activating/deactivating this feature.
+ *
+ * @param featureFlag the flag
+ */
+ @Value("${solicitor.feature-flag.scancode}")
+ public void setFeatureFlag(boolean featureFlag) {
+
+ this.featureFlag = featureFlag;
+ }
+
/**
* Sets repoBasePath.
*
@@ -98,25 +118,44 @@ public void setMinLicensefilePercentage(double minLicensefilePercentage) {
/**
* Retrieves the Scancode information and curations for a package identified by the given package URL. Returns the
- * data as a {@link ComponentScancodeInfos} object.
+ * data as a {@link ScancodeComponentInfo} object.
*
* @param packageUrl The identifier of the package for which information is requested
* @return the data derived from the scancode results after applying any defined curations. null is
* returned if no data is available,
- * @throws ScancodeException if there was an exception when reading the data. In case that there is no data available
- * no exception will be thrown. Instead null will be return in such a case.
+ * @throws ComponentInfoAdapterException if there was an exception when reading the data. In case that there is no
+ * data available no exception will be thrown. Instead null will be return in such a case.
*/
@Override
- public ComponentScancodeInfos getComponentScancodeInfos(String packageUrl) throws ScancodeException {
+ public ComponentInfo getComponentInfo(String packageUrl) throws ComponentInfoAdapterException {
- ComponentScancodeInfos componentScancodeInfos = determineScancodeInformation(packageUrl);
- if (componentScancodeInfos == null) {
+ if (isFeatureActive()) {
+
+ ScancodeComponentInfo componentScancodeInfos = determineScancodeInformation(packageUrl);
+ if (componentScancodeInfos == null) {
+ return null;
+ }
+ applyCurations(packageUrl, componentScancodeInfos);
+
+ return componentScancodeInfos;
+
+ } else {
return null;
}
- applyCurations(packageUrl, componentScancodeInfos);
- return componentScancodeInfos;
+ }
+ private boolean isFeatureActive() {
+
+ if (!this.featureLogged) {
+ if (this.featureFlag) {
+ LOG.warn(LogMessages.SCANCODE_PROCESSOR_STARTING.msg());
+ } else {
+ LOG.info(LogMessages.SCANCODE_FEATURE_DEACTIVATED.msg());
+ }
+ this.featureLogged = true;
+ }
+ return this.featureFlag;
}
/**
@@ -124,12 +163,12 @@ public ComponentScancodeInfos getComponentScancodeInfos(String packageUrl) throw
*
* @param packageUrl The package url of the package
* @return the read scancode information, null if no information was found
- * @throws ScancodeException if there was an exception when reading the data. In case that there is no data available
- * no exception will be thrown. Instead null will be return in such a case.
+ * @throws ComponentInfoAdapterException if there was an exception when reading the data. In case that there is no
+ * data available no exception will be thrown. Instead null will be return in such a case.
*/
- private ComponentScancodeInfos determineScancodeInformation(String packageUrl) throws ScancodeException {
+ private ScancodeComponentInfo determineScancodeInformation(String packageUrl) throws ComponentInfoAdapterException {
- ComponentScancodeInfos componentScancodeInfos = new ComponentScancodeInfos(this.minLicenseScore,
+ ScancodeComponentInfo componentScancodeInfos = new ScancodeComponentInfo(this.minLicenseScore,
this.minLicensefilePercentage);
String packagePathPart = this.packageURLHandler.pathFor(packageUrl);
String path = this.repoBasePath + "/" + packagePathPart + "/scancode.json";
@@ -153,10 +192,10 @@ private ComponentScancodeInfos determineScancodeInformation(String packageUrl) t
+ this.packageURLHandler.pathFor(packageUrl) + "/" + file.get("path").asText(), 100.0);
}
for (JsonNode cr : file.get("copyrights")) {
- if(cr.has("copyright")) {
+ if (cr.has("copyright")) {
componentScancodeInfos.addCopyright(cr.get("copyright").asText());
} else {
- componentScancodeInfos.addCopyright(cr.get("value").asText());
+ componentScancodeInfos.addCopyright(cr.get("value").asText());
}
}
@@ -178,7 +217,7 @@ private ComponentScancodeInfos determineScancodeInformation(String packageUrl) t
componentScancodeInfos.getNoticeFilePath() != null ? 1 : 0);
} catch (IOException e) {
- throw new ScancodeException("Could not read Scancode JSON", e);
+ throw new ComponentInfoAdapterException("Could not read Scancode JSON", e);
}
return componentScancodeInfos;
}
@@ -189,10 +228,10 @@ private ComponentScancodeInfos determineScancodeInformation(String packageUrl) t
*
* @param packageUrl the identifier of the package
* @param componentScancodeInfos the componentScancodeInfos to curate
- * @throws ScancodeException if the curations could not be read
+ * @throws ComponentInfoAdapterException if the curations could not be read
*/
- private void applyCurations(String packageUrl, ComponentScancodeInfos componentScancodeInfos)
- throws ScancodeException {
+ private void applyCurations(String packageUrl, ScancodeComponentInfo componentScancodeInfos)
+ throws ComponentInfoAdapterException {
String packagePathPart = this.packageURLHandler.pathFor(packageUrl);
@@ -216,7 +255,7 @@ private void applyCurations(String packageUrl, ComponentScancodeInfos componentS
for (JsonNode curations : curationsObj.get("artifacts")) {
String component = curations.get("name").asText();
if (component.equals(packagePathPart)) {
- ComponentScancodeInfos oneComponent = componentScancodeInfos;
+ ScancodeComponentInfo oneComponent = componentScancodeInfos;
if (curations.get("copyrights") != null) {
oneComponent.clearCopyrights();
int authorCount = curations.get("copyrights").size();
@@ -240,7 +279,7 @@ private void applyCurations(String packageUrl, ComponentScancodeInfos componentS
}
} catch (IOException e) {
- throw new ScancodeException("Could not read Curations JSON", e);
+ throw new ComponentInfoAdapterException("Could not read Curations JSON", e);
}
}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeAdapter.java b/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeAdapter.java
deleted file mode 100644
index 997b9926..00000000
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeAdapter.java
+++ /dev/null
@@ -1,21 +0,0 @@
-package com.devonfw.tools.solicitor.scancode;
-
-/**
- * Adapter for reading Scancode information for a package, applying any given curations and returning the information as
- * a {@link ComponentScancodeInfos} object.
- */
-public interface ScancodeAdapter {
-
- /**
- * Retrieves the Scancode information and curations for a package identified by the given package URL. Returns the
- * data as a {@link ComponentScancodeInfos} object.
- *
- * @param packageUrl The identifier of the package for which information is requested
- * @return the data derived from the scancode results after applying any defined curations. null is
- * returned if no data is available,
- * @throws ScancodeException if there was an exception when reading the data. In case that there is no data available
- * no exception will be thrown. Instead null will be return in such a case.
- */
- ComponentScancodeInfos getComponentScancodeInfos(String packageUrl) throws ScancodeException;
-
-}
\ No newline at end of file
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeException.java b/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeException.java
deleted file mode 100644
index 9b9eb761..00000000
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeException.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package com.devonfw.tools.solicitor.scancode;
-
-/**
- * Exception indicating that the Scancode information could not be read.
- */
-public class ScancodeException extends Exception {
-
- /**
- * A constructor.
- */
- public ScancodeException() {
-
- }
-
- /**
- * A constructor.
- *
- * @param message the message of the exception
- */
- public ScancodeException(String message) {
-
- super(message);
- }
-
- /**
- * A constructor.
- *
- * @param message the message of the exception
- * @param cause the underlying {@link Throwable}.
- */
- public ScancodeException(String message, Throwable cause) {
-
- super(message, cause);
- }
-
-}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeInventoryProcessor.java b/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeInventoryProcessor.java
deleted file mode 100644
index 9f2edece..00000000
--- a/core/src/main/java/com/devonfw/tools/solicitor/scancode/ScancodeInventoryProcessor.java
+++ /dev/null
@@ -1,193 +0,0 @@
-package com.devonfw.tools.solicitor.scancode;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
-
-import com.devonfw.tools.solicitor.InventoryProcessor;
-import com.devonfw.tools.solicitor.common.LogMessages;
-import com.devonfw.tools.solicitor.common.SolicitorRuntimeException;
-import com.devonfw.tools.solicitor.model.ModelFactory;
-import com.devonfw.tools.solicitor.model.ModelRoot;
-import com.devonfw.tools.solicitor.model.inventory.ApplicationComponent;
-import com.devonfw.tools.solicitor.model.inventory.RawLicense;
-import com.devonfw.tools.solicitor.model.masterdata.Application;
-import com.devonfw.tools.solicitor.scancode.ComponentScancodeInfos.LicenseInfo;
-
-/**
- * An {@link InventoryProcessor} which looks up license information for the found application components / packages in
- * the scancode file store. If license information is found then the license, copyright and notice file information of
- * the model will be replaced by the data obtained from scancode.
- *
- */
-@Component
-@Order(InventoryProcessor.BEFORE_RULE_ENGINE)
-public class ScancodeInventoryProcessor implements InventoryProcessor {
-
- private static class Statistics {
- public int componentsTotal;
-
- public int componentsWithScancodeInfos;
-
- public void add(Statistics statistics) {
-
- this.componentsTotal += statistics.componentsTotal;
- this.componentsWithScancodeInfos += statistics.componentsWithScancodeInfos;
- }
- }
-
- /**
- * Origin data for raw license objects created by this Class.
- */
- private static final String ORIGIN_SCANCODE = "scancode";
-
- private static final Logger LOG = LoggerFactory.getLogger(ScancodeInventoryProcessor.class);
-
- private boolean featureFlag = false;
-
- private ScancodeAdapter scancodeAdapter;
-
- private ModelFactory modelFactory;
-
- /**
- * Sets the feature flag for activating/deactivating this feature.
- *
- * @param featureFlag the flag
- */
- @Value("${solicitor.feature-flag.scancode}")
- public void setFeatureFlag(boolean featureFlag) {
-
- this.featureFlag = featureFlag;
- }
-
- /**
- * The constructor.
- */
- public ScancodeInventoryProcessor() {
-
- }
-
- @Override
- public void processInventory(ModelRoot modelRoot) {
-
- if (!this.featureFlag) {
- LOG.info(LogMessages.SCANCODE_FEATURE_DEACTIVATED.msg());
- } else {
- LOG.warn(LogMessages.SCANCODE_PROCESSOR_STARTING.msg());
-
- Statistics overall = new Statistics();
- for (Application application : modelRoot.getEngagement().getApplications()) {
- for (ApplicationComponent ac : application.getApplicationComponents()) {
- Statistics single = processApplicationComponent(ac);
- overall.add(single);
- }
- }
- LOG.info(LogMessages.SCANCODE_INFO_READ.msg(), overall.componentsWithScancodeInfos, overall.componentsTotal);
- }
- }
-
- /**
- * Process a single {@link ApplicationComponent}.
- *
- * @param ac application component
- * @return processing statistics
- */
- private Statistics processApplicationComponent(ApplicationComponent ac) {
-
- Statistics statistics = new Statistics();
- statistics.componentsTotal = 1;
-
- if (ac.getPackageUrl() != null) {
- ComponentScancodeInfos componentScancodeInfos;
- try {
- componentScancodeInfos = this.scancodeAdapter.getComponentScancodeInfos(ac.getPackageUrl());
- } catch (ScancodeException e) {
- throw new SolicitorRuntimeException("Exception when reading scancode file", e);
- }
- if (componentScancodeInfos != null) {
- statistics.componentsWithScancodeInfos = 1;
- ac.removeAllRawLicenses();
-
- if (componentScancodeInfos.getNoticeFilePath() != null) {
- ac.setNoticeFileUrl(componentScancodeInfos.getNoticeFilePath());
- }
-
- for (LicenseInfo li : componentScancodeInfos.getLicenses().values()) {
- addRawLicense(ac, li.spdxid, li.licenseFilePath, ORIGIN_SCANCODE);
- }
- String copyrights = String.join("\n", componentScancodeInfos.getCopyrights());
- ac.setCopyrights(copyrights);
- // check whether VendorUrl is included in input file or not
- if (componentScancodeInfos.getUrl() != null) {
- ac.setOssHomepage(componentScancodeInfos.getUrl());
- }
- } else {
- // no scancode info found for ac
- }
- } else {
- // can this happen?
- }
- return statistics;
- }
-
- /**
- * Performs logging.
- *
- * @param sourceUrl the URL from where the inventory data was read
- * @param application the application
- * @param readComponents number of read ApplicationComponents
- * @param readLicenses number of read RawLicenses
- */
- public void doLogging(String sourceUrl, Application application, int readComponents, int readLicenses) {
-
- LOG.info(LogMessages.READING_INVENTORY.msg(), readComponents, readLicenses, application.getName(), sourceUrl);
- }
-
- /**
- * Adds a {@link com.devonfw.tools.solicitor.model.inventory.RawLicense} to the given
- * {@link com.devonfw.tools.solicitor.model.inventory.ApplicationComponent}.
- *
- * @param appComponent a {@link com.devonfw.tools.solicitor.model.inventory.ApplicationComponent} object.
- * @param name a {@link java.lang.String} object.
- * @param url a {@link java.lang.String} object.
- * @param origin a {@link java.lang.String} object.
- */
- public void addRawLicense(ApplicationComponent appComponent, String name, String url, String origin) {
-
- RawLicense mlic = this.modelFactory.newRawLicense();
- mlic.setApplicationComponent(appComponent);
- mlic.setDeclaredLicense(name);
- mlic.setLicenseUrl(url);
- mlic.setOrigin(origin);
- String trace;
- trace = "+ Component/License info read from scancode information";
-
- mlic.setTrace(trace);
- }
-
- /**
- * This method sets the field modelFactory.
- *
- * @param modelFactory the new value of the field modelFactory
- */
- @Autowired
- public void setModelFactory(ModelFactory modelFactory) {
-
- this.modelFactory = modelFactory;
- }
-
- /**
- * This method sets the field scancodeAdapter
- *
- * @param scancodeAdapter new value of scancodeAdapter.
- */
- @Autowired
- public void setScancodeAdapter(ScancodeAdapter scancodeAdapter) {
-
- this.scancodeAdapter = scancodeAdapter;
- }
-
-}
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 07d8b092..7bd1b9f9 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1528,11 +1528,31 @@ The Extension will be activated by referencing it as follows when starting _Soli
[listing]
java -Dloader.path=path/to/the/extension.zip -jar solicitor.jar
+=== Java Extensions
+It is also possible to extend the functionality of _Solicitor_ within an extension by implementing Spring Beans
+which implement certain interfaces. As the resources contained in the extension are included into _Solicitors_ classpath those beans
+might be discovered through the Spring component scan mechanism and thus be activated.
+
+NOTE: The Spring components scanning mechanisms by default searches only in package `com.devonfw.tools.solicitor` (and subpackages). You either need to define the extension classes in these packages or create a specific configuration class in this package which has an
+appropriate `@ComponentScan` annotation which points to your packages.
+
+WARNING: Extending Solicitor via Java is an advanced topic. Only the Interfaces given below should be used. Even those should
+be regarded as unstable and might change without notice. For any details on the interfaces see the _Solicitor_ source code and corresponding Javadoc.
+
+==== Extension Interfaces
+===== `com.devonfw.tools.solicitor.componentinfo.ComponentInfoAdapter`
+A spring bean implementing this interface might provide `ComponentInfo`/`LicenseInfo` data for `ApplicationComponents` identified
+by their packageUrl. (The buildin implementation of this interface is reading such component info from scancode result files
+from the local file system, see <>.) Alternative implementations might e.g. get this information
+from a corporate server or even a public service available on the internet.
+
[appendix]
== Release Notes
Changes in 1.4.0::
+* https://github.com/devonfw/solicitor/issues/139: Provide extension interface to allow reading information about components/licenses
+from alternative sources. See <>.
* https://github.com/devonfw/solicitor/issues/137: Internal restructuration of Solicitor modules which allows Solicitor code to be used as dependency in other projects.
* https://github.com/devonfw/solicitor/issues/129: Added spellcheck support within documentation for run-together words like camel cased ones.
* https://github.com/devonfw/solicitor/issues/130: Fixed a bug where the guessedLicenseUrl and guessedLicenseUrlAuditInfo fields were not filled correctly in the aggregated inventory.
From 3d2c0c2566e38e8ad0b1f3a79a5ba51a90dab3f7 Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Fri, 11 Nov 2022 18:08:37 +0100
Subject: [PATCH 014/139] Avoid failure of report generation if PackageURL is
not set. (#142)
---
.../solicitor/templates/ScancodeScanScript.vm | 34 +++++-----
.../solicitor/templates/ScancodeScript.vm | 66 ++++++++++---------
documentation/master-solicitor.asciidoc | 1 +
3 files changed, 55 insertions(+), 46 deletions(-)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScanScript.vm b/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScanScript.vm
index 3229134a..2cb0d707 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScanScript.vm
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScanScript.vm
@@ -6,21 +6,25 @@ echo {\"artifacts\": [ > scancodeOutput/scancodeOut.json
dir=$(pwd)/Source
#foreach ($artifact in $ARTIFACTS)
-if [ ! -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json ] || [ ! -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed ]
-then
- rm $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed
- rm $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json
- if [ -d $dir/$purlhandler.pathFor($artifact.packageUrl)/sources ] && [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/sources.completed ]
- then
- scancode $scancodeoptions --json-pp $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json $dir/$purlhandler.pathFor($artifact.packageUrl)/sources
- touch $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed
- fi
-fi
-if [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json ] && [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed ]
-then
- cat $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json >> $so/scancodeOut.json
- printf "\n," >> $so/scancodeOut.json
-fi
+ #if ( $artifact.packageUrl == "NA" )
+ echo "PackageUrl is missing for Artifact Group: $artifact.groupId -- Artifact: $artifact.artifactId -- Version: $artifact.version -- NO DATA TO SCAN"
+ #else
+ if [ ! -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json ] || [ ! -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed ]
+ then
+ rm $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed
+ rm $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json
+ if [ -d $dir/$purlhandler.pathFor($artifact.packageUrl)/sources ] && [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/sources.completed ]
+ then
+ scancode $scancodeoptions --json-pp $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json $dir/$purlhandler.pathFor($artifact.packageUrl)/sources
+ touch $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed
+ fi
+ fi
+ if [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json ] && [ -f $dir/$purlhandler.pathFor($artifact.packageUrl)/scancodeScan.completed ]
+ then
+ cat $dir/$purlhandler.pathFor($artifact.packageUrl)/scancode.json >> $so/scancodeOut.json
+ printf "\n," >> $so/scancodeOut.json
+ fi
+ #end
#end
printf "END" >> $so/scancodeOut.json
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScript.vm b/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScript.vm
index 3ae23913..d5aa4b8a 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScript.vm
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/templates/ScancodeScript.vm
@@ -17,40 +17,44 @@ echo "These artifacts need to be downloaded manually:" > need-to-retrieve-manual
#foreach ($artifact in $ARTIFACTS)
# Group: $artifact.groupId -- Artifact: $artifact.artifactId -- Version: $artifact.version -- License(s): $artifact.effectiveNormalizedLicense -- includeSource: $artifact.includeSource
- if [ ! -d "$purlhandler.pathFor($artifact.packageUrl)" ]
- then
- mkdir -p $purlhandler.pathFor($artifact.packageUrl)
- fi
- if [ ! -f "$purlhandler.pathFor($artifact.packageUrl)/sources.completed" ] || [ ! -d "$purlhandler.pathFor($artifact.packageUrl)/sources" ]
- then
- cd $purlhandler.pathFor($artifact.packageUrl)
- rm sources.completed
- rm -r sources
- rm sources.jar
- curl -# $purlhandler.sourceDownloadUrlFor($artifact.packageUrl) -o sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
- #if ( $purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "jar" )
- unzip -q -d sources sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
- #elseif($purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "tgz")
- mkdir sources
- tar -xvzf sources.tgz -C sources
- #elseif($purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "tar.gz")
- mkdir sources
- tar -xvzf sources.tar.gz -C sources
- #else
- unzip -q nonexisting
- #end
- if [ $? -ne 0 ]
+ #if ( $artifact.packageUrl == "NA" )
+ echo "Artifact Group: $artifact.groupId -- Artifact: $artifact.artifactId -- Version: $artifact.version" >> need-to-retrieve-manually.txt
+ #else
+ if [ ! -d "$purlhandler.pathFor($artifact.packageUrl)" ]
then
- touch sources.failed
- rm sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
+ mkdir -p $purlhandler.pathFor($artifact.packageUrl)
+ fi
+ if [ ! -f "$purlhandler.pathFor($artifact.packageUrl)/sources.completed" ] || [ ! -d "$purlhandler.pathFor($artifact.packageUrl)/sources" ]
+ then
+ cd $purlhandler.pathFor($artifact.packageUrl)
+ rm sources.completed
rm -r sources
- #[[cd $SD]]#
- echo "Artifact $purlhandler.sourceDownloadUrlFor($artifact.packageUrl)" >> need-to-retrieve-manually.txt
- else
- touch sources.completed
- #[[cd $SD]]#
+ rm sources.jar
+ curl -# $purlhandler.sourceDownloadUrlFor($artifact.packageUrl) -o sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
+ #if ( $purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "jar" )
+ unzip -q -d sources sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
+ #elseif($purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "tgz")
+ mkdir sources
+ tar -xvzf sources.tgz -C sources
+ #elseif($purlhandler.sourceArchiveSuffixFor($artifact.packageUrl) == "tar.gz")
+ mkdir sources
+ tar -xvzf sources.tar.gz -C sources
+ #else
+ unzip -q nonexisting
+ #end
+ if [ $? -ne 0 ]
+ then
+ touch sources.failed
+ rm sources.$purlhandler.sourceArchiveSuffixFor($artifact.packageUrl)
+ rm -r sources
+ #[[cd $SD]]#
+ echo "Artifact $purlhandler.sourceDownloadUrlFor($artifact.packageUrl)" >> need-to-retrieve-manually.txt
+ else
+ touch sources.completed
+ #[[cd $SD]]#
+ fi
fi
- fi
+ #end
#end
cd ..
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 7bd1b9f9..45880be5 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1551,6 +1551,7 @@ from a corporate server or even a public service available on the internet.
== Release Notes
Changes in 1.4.0::
+* https://github.com/devonfw/solicitor/issues/141: Improved robustness of report generation in cases where PackageURL can not be determined (e.g. if data originates from CSV reader).
* https://github.com/devonfw/solicitor/issues/139: Provide extension interface to allow reading information about components/licenses
from alternative sources. See <>.
* https://github.com/devonfw/solicitor/issues/137: Internal restructuration of Solicitor modules which allows Solicitor code to be used as dependency in other projects.
From 1856dd5cf6621d65cdff31e7824ddf6453b39f73 Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Mon, 14 Nov 2022 10:57:36 +0100
Subject: [PATCH 015/139] fallback rule moved to the end of the list (#144)
---
.../rules/LicenseNameMappingSample.xls | Bin 77824 -> 77824 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls b/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls
index ac99dcb1df9b179fe0ca5581bda71cc8ec26347f..22a2abcb6de625cbc30a13d56aa0222876130aac 100644
GIT binary patch
delta 4853
zcmZwKYj6`)6ae6J)1*z(JX%^y0o!bl@(`#zDkw-v3M~nwC8aG`r9y!Um4{L)_@YV0
zq6n120t=#2V89W<2P@^-*9`p7aU7Y^0UeoXQGfXd^^epkc<%0oB%4#%X79J>p8MFF
zyW4P|G2CbTa+T51yW>RRV9zb~L&vRh`@dp?aXb4{yk~sCcFFflTMTTexY0afnhyXn
z@TkPYfXDAffL#1c!^2m%a&2A11YzO2`ptC>03NjPnR1@3%UpQQGM1$~^iiVMx-6lC7y9$r{s%{;D4`B;td3fymJ-^i>d;}g12n0P+C<{DR=`*yww##QL#|zD;5G?q=jY0g1<~H
z`ztElZnwO+y2P3L%{G9a_W_JM22d>nTw-#U=Z>x(eix&
zmM^+mTV@ULnZc41%!V{2|9yzJB)qIQTxs0I{?-g#20jjbbP8c+EyLtJ`V3YgI+ZY+
zmZ3Qz1Fr0ZJ~#>EUz8La#f^jvL)0ty8-KL9;a@e3Rw!bbs)_D4{V1}C=%IvVYZ*2s
zWEf6Fk09((Ekkcx#<=+2@y$TrW0z|3VA~(5q4;n&UV5M#;7GzABWx65d4!FQwU9Qm
zV`5RWv4o8y>~X@z6E=ac&_n|B344ODNoe}XolMvi!ltSg!Vmn>MqGfW`h-ssHjS|9
zggr&r({UD3zw|TWP_>zaJww~kH{E4q0$TFSrMd*>wo;~l>?S!=$n5^3g
zR}i+6uvLWB5%yxNMHb=eSkxBb8p7%cdx@~Mgsmeiw4T5XguP7ID}-$%tbwpis>LtD
zMk4T4!Zs7Og|OEMdp*vyMfgS>s*CVV!rmfmD`8E9@u9}9Exrhs%eT9Kv7Gys8AALm
zEQ}%gwcAYC+k|Z+>>a{d2-^-2N@)09BJe%Jb`bVHVLJ)i_0ah2XzPCWLyTH0VS5N`
zBWy2W`}7vV=@<2gwx6&AgdHSIBJ2=hhtWd%`~CqDc!aPI3Hyk!j|n>(HF@gy{pq?_
z`eV_{4{y$K!cM3rmiOsjhEEdFrwIE*%Wy0q!>2^_X~I6!GW?a0;VcpTd5nd%W%q@a
z!P_4hMVKv6UQND=i&pI%VX~HCZ%l@HN`~`9bO&Jso@V_*dqP>f)89i6%B|Oq5LES1R%$Vntz<(rUL-u|ryK
zVtE<-uJHQZ*oq%+!dz&VPMX-vng9eKhzH-NdoU<=E9cfr*fqtB3_mcdQ)#;gPqFRg
zYTG?Z+ZUx-$t*9#?=f$?M`@c+4^N80;aX1@PDrm3?8A}q>FEVN_xzEmmiXNBhoxHL
zz5iP)UBh}sz&HMzSnpT-9E$@ffkML&=t$-}mj@4QvuB(#GO(jgOazzIp$
z@fvmwuH!$G=`eO6-*O=*g>5h;bwcNbRvW8HH%-c5&?4QXK1M>mcjQ{`u
delta 5063
zcmZwLYj6`)6bJBg(1R+Lu`$t~PawVWu-ZCZ9MIqgP=NYX;9#-H^L5&@q%NSokWpq2Xk
z@k71?LVTx{`ZIlAsuSGNL9&^rFvBls1U1RYbk5LD`1|OmwC~kXO(0Xd>G!gw`qQ;w
zKpvIy(U3sEIGSl3$-zb?2CE6kIqCyhDlF4CA~AiZI#ueIJ;o<`Eq*aaHpFAhKg0JJRxOdEq?D&yI
zMJYMatweSEh&tzR6~b7!!NUXqXomS6iafZYe|
zeqe)v4FMJz3h)774+49L&7Rz0z=i{RST}2ljR1iofsF$82(U+iJ!Y|pUQVMesM{D|
zV}U&mY#gxhHmh;?C^z14_uQ3fo%fzlEsW7eA$9}5xxTK
zRbZQe)c}*1YOXC=gp1-+D>4*fYk!q4QvmvI-*FgEbaw?`+#Y{_5(Wr>|l?{{2S?y^11@*1)BCsZ4&A?iKwc1Q>h4t}{s||Uj(eiK$`RF45
z)m_Xl2mh5UTSSVlFe5%$D7oT4Biw+b2D
z)DtY1%E9%^Rd6#0&!9_2R5MRotfp#K6U+OT9I~0@#NYHpxu`@
zuiz-)A3$>j8%`eJA
zu3!5K8XlXJEoSTg%OgMj$QG;fy7b}ro9(6ob)2Hh;+0{d{A*dU>Ksw4rB=>u$Q7yo
E17#-2y#N3J
From 69e1c10ba825ea4f825dbb6edf63702401c4c836 Mon Sep 17 00:00:00 2001
From: ohecker <8004361+ohecker@users.noreply.github.com>
Date: Tue, 15 Nov 2022 22:42:51 +0100
Subject: [PATCH 016/139] Version 1.4.0
---
app/pom.xml | 2 +-
core/pom.xml | 2 +-
documentation/pom.xml | 2 +-
logo/pom.xml | 2 +-
pom.xml | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index ca6e0716..21b015ad 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-app
- 1.4.0-SNAPSHOT
+ 1.4.0
Solicitor App (Main Application)
A tool for rule based checking of license conditions in software projects.
diff --git a/core/pom.xml b/core/pom.xml
index 52a676d3..12afc827 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-core
- 1.4.0-SNAPSHOT
+ 1.4.0
Solicitor Core (Main Library)
A tool for rule based checking of license conditions in software projects.
diff --git a/documentation/pom.xml b/documentation/pom.xml
index b0b4adab..7e8b5456 100644
--- a/documentation/pom.xml
+++ b/documentation/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-documentation
- 1.4.0-SNAPSHOT
+ 1.4.0
pom
Solicitor Documentation
diff --git a/logo/pom.xml b/logo/pom.xml
index cbe5b194..5f3a458b 100644
--- a/logo/pom.xml
+++ b/logo/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-logo
- 1.4.0-SNAPSHOT
+ 1.4.0
Solicitor Logo Rendering
Rendering of the Solicitor Logo
diff --git a/pom.xml b/pom.xml
index 0264f875..e46c0e5c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-aggregator
- 1.4.0-SNAPSHOT
+ 1.4.0
pom
Solicitor Aggregator
From 86265f69334bdb116a3553de96d47bd99e03f115 Mon Sep 17 00:00:00 2001
From: ohecker <8004361+ohecker@users.noreply.github.com>
Date: Tue, 15 Nov 2022 22:56:43 +0100
Subject: [PATCH 017/139] Set Version to SNAPSHOT of next minor version
---
app/pom.xml | 2 +-
core/pom.xml | 2 +-
documentation/master-solicitor.asciidoc | 3 +++
documentation/pom.xml | 2 +-
logo/pom.xml | 2 +-
pom.xml | 2 +-
6 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index 21b015ad..be80f9e9 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-app
- 1.4.0
+ 1.5.0-SNAPSHOT
Solicitor App (Main Application)
A tool for rule based checking of license conditions in software projects.
diff --git a/core/pom.xml b/core/pom.xml
index 12afc827..5d5b0093 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-core
- 1.4.0
+ 1.5.0-SNAPSHOT
Solicitor Core (Main Library)
A tool for rule based checking of license conditions in software projects.
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 45880be5..acb3af77 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1550,6 +1550,9 @@ from a corporate server or even a public service available on the internet.
[appendix]
== Release Notes
+Changes in 1.5.0::
+
+
Changes in 1.4.0::
* https://github.com/devonfw/solicitor/issues/141: Improved robustness of report generation in cases where PackageURL can not be determined (e.g. if data originates from CSV reader).
* https://github.com/devonfw/solicitor/issues/139: Provide extension interface to allow reading information about components/licenses
diff --git a/documentation/pom.xml b/documentation/pom.xml
index 7e8b5456..13dcf775 100644
--- a/documentation/pom.xml
+++ b/documentation/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-documentation
- 1.4.0
+ 1.5.0-SNAPSHOT
pom
Solicitor Documentation
diff --git a/logo/pom.xml b/logo/pom.xml
index 5f3a458b..16049879 100644
--- a/logo/pom.xml
+++ b/logo/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-logo
- 1.4.0
+ 1.5.0-SNAPSHOT
Solicitor Logo Rendering
Rendering of the Solicitor Logo
diff --git a/pom.xml b/pom.xml
index e46c0e5c..6549216e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-aggregator
- 1.4.0
+ 1.5.0-SNAPSHOT
pom
Solicitor Aggregator
From e3f28892bbfeacd52c06215cc22aa6246b57d46e Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Wed, 7 Dec 2022 18:33:09 +0100
Subject: [PATCH 018/139] Allow multiple NormalizedLicense entries with same id
per ApplicationComponent if the declared license differs. This allows to
assign multiple licenses of same type (e.g. MIT) to a component and also will
allow multiple "UNKNOWN" licenses to be reported for the same component.
(#145)
---
.../rules/LicenseAssignmentV2Sample.xls | Bin 61440 -> 61952 bytes
.../rule_templates/LicenseAssignment.drt | 5 +++--
.../rule_templates/LicenseAssignmentV2.drt | 3 ++-
.../rule_templates/LicenseNameMapping.drt | 13 +++++++------
documentation/master-solicitor.asciidoc | 2 +-
5 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseAssignmentV2Sample.xls b/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseAssignmentV2Sample.xls
index dfdc7ad23235e7226fd0885bc3267ab877b038a5..09a8cbde5a5e07ba03f0946f4e9d0aa6424e0298 100644
GIT binary patch
delta 3391
zcmZvee{54#6vw}>?bfyHkI~IBevG{_kO9&$e}D{}9cvwft=(@0WuzOOtCViGn^l8p
z4H~8p!hC8(|54C?lmx;{PzfP~U;;)-{KKDMAW@0&52Fcx=pxMX-fPz%@8spad(Y>d
zd+&MYo_Fp|-880tHJ&mVEaL#~&d$z0E87j92+POPqJm=7j#HVSGD+n*DhVogr@QOk
zFzt5!GIYH8&V?U@)Q-g`yRAP;anq}YyWhz(ri(^P>TQ?81f$frYvXClbwM~G|7>*$
z!npKTX|4LMvR2@TK=T=(z)ESWtyJx(lp=Gj!)nW8ud*&sl?6rloUK|_tdRb++0(5u
zyVk0-30Q}7hV;B1du`2lkTJ%gow8>P+LVQgK|k3QgKnwaC5|=f
zN>!5IVWF1CUMWQ#)Gxp2xKz6KCMsxBK%fU*Y7;1K5cic-U|&gER;ym@yB)YC4=mi|
zkVfiVt{!!iiN-57&we#BE5Ba9%4KNjm(Dc3X}(dhi)Q>t?%sH{Jh>V02l|>?1D%}#
zzv%T1_&Nezoj!k`*y8t!-uB+Up7zcCeeKlQ(cbFw_xi;8R3
z(0Zk==DK7z1w}Y0DmICGgL^_^d@>di6CrUp7!^l@(cO`d7>vZnNREf%Vq!Ez-4p6N
z92cWwVmLaYyu?^AA(925XgoBFk5Phm8UY*mqxyben(9}m{)g&oR0qf*J01Y8CaLiy
zHJZtDpFRkzHUg$~!1E^H)Oui9G0^ugaGC1q4L}iXM1K=-h3bfbC^Kuod`r9&p%80b33X`)ISjmoEmkIb3hiUom+E`1^DE
zLCym=E=VcYYDEU=LgZt1^N4H>ui<@L!K@+`SR@S(&|
zrkdqMJ|oYfkdc>ltcYRceVv{;mnDTRbz$W{DO|+DFxoDiUMa(r04ki1wpPcIw9h)|
zWEjN({w?qf#e|Nz7)CLp(^GN=&6lJq>;8K*n8zv^HlJZt3|o-Lwy2(7n8$W%a8VxA
zVqr1Esu@N}MfY_z8k0}#uQM&WLor!Qaod9r2y2psq~m~e{lEshMjY_sLn2G2`qdF;
zb;SGW5oU_>9vq|o)RZ>DjLe9OQ~mPt*KRrI|4x317%t)6x#tYd;E=TRXknb!YWC4P
z>-?n*t7F(QhEd+s`QYAMmJ~EcQwr57)-!A+!&WhDbq<5zRCoA3h9%eJz*O28H^Ukj
zww7U(jB`Fj`#8$S#7vZ$6|ZWHa`$FT;Ec
zdn}hF)7#&c3)5^1!`d0Pm0{Z$*1@o3CjGWWZ13(cAhe0Fo&!cm5W8TJgr_Ao5Mu!g-1j52IYWAfBxkFZENOOy+|a@%q^j?y*A
cZTU<{9
delta 3112
zcmZwJeQXnD90&04bM4w*+iSb6blr4dS#`)jz!#8h%npXIA?yVZQDIK;1y_f-`4WS<
zszGIcDBDR)mY5(Rn&>~qONcQ8jUh5(#6$x@!NeG&@gL(K#2|lAfA`YfwfF1g`aI9)
zd3yKU^Zf34TKL^p_|^BRUy}C$xLzz4pVbxV6Ol2p#<`#PIXcJboS^f0I$xmk`qW_S
zw0}=LeX{+#S4S_3<#QLlxH5538}}cSCeQ2F{9pTIjC^dE@M%+zbbKaX7UCoQmvEgB
zXS9DJ8S^_GPU5hj>q#&$rS(N4W<^TNmve8Mxtx*?H=2!w(Reo6Y&J}4e@7KNmr$%+
zDk`uNvyy$?oRV2^rbcwrgY3l!@>qfSxJ;E@&b=GmeSD+9=Y}t3)T~Uu
zpwBDx9D)ucH_)_NWr=c^YJ1CNAAIPII`w|kV7kF62M|EkRSqJE6LF_LL?d>h%_+-}
zhmg%V5JniiDW@Dk1k?3SIZB<(HacYmGz8sFnFc~+wTahO(exOff>@7`lrSG4j!L6h
zK(*0~c&vsonki4apxab2VBXk>tLmG`jM3D3+C>;MVy*gmGz1<~X(T)tXN*Dy|5c3)
zg^$PT7^`P2X_-oiGyL-`tgsYg4UDB3Ypk%1=14bH*e(lis6ZD@xcS{TbRb~9tQxJ?z-khZ$fe!Uhkb}M6x
z8EbPHMBJRqC5)*{U0AR?a~osJ7+cO5tve!ThG|NZd2{)-{3~uHZs=BSRZ4X7`u-#bu)uo80%+jfU!Zwh8WvwnH6HC
zq29(c+|JnjjO}3T0mgP#m}9&IW4jpJ&De028Ea`ypZ!LWs)BH&s-dx)
zKg!r+jO}6UamJo-TPX;ibfX=FPcgQav8NduWh~FwvS%0^V{D&g`oCv$A{L^3g#P=`
QHyt6p@7u+xW4|T-2V+pn&j0`b
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignment.drt b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignment.drt
index 7e31d760..44b6c00a 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignment.drt
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignment.drt
@@ -76,10 +76,11 @@ rule "License Assignment @{ruleId} - add given NormalizedLicense" salience -@{ro
$rl : RawLicense(
specialHandling == false,
ModelHelper.match( declaredLicense, "@{declaredLicense}" ),
- $licUrl : licenseUrl,
+ $decLicense : declaredLicense,
+ $licUrl : licenseUrl,
ModelHelper.match( licenseUrl, "@{url}" ),
applicationComponent == $ac )
- not( NormalizedLicense(applicationComponent == $ac, normalizedLicense == "@{normalizedLicense}") ) // differs from above
+ not( NormalizedLicense(applicationComponent == $ac, declaredLicense == $decLicense, licenseUrl == $licUrl, normalizedLicense == "@{normalizedLicense}") ) // differs from above
then
NormalizedLicense normalizedLicense = ModelHelper.newNormalizedLicense($rl );
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignmentV2.drt b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignmentV2.drt
index 5fd79b30..4ebf0587 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignmentV2.drt
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseAssignmentV2.drt
@@ -79,10 +79,11 @@ rule "License Assignment @{ruleId} - add given NormalizedLicense" salience -@{ro
specialHandling == false,
ModelHelper.match( origin, "@{origin}" ),
ModelHelper.match( declaredLicense, "@{declaredLicense}" ),
+ $decLicense : declaredLicense,
$licUrl : licenseUrl,
ModelHelper.match( licenseUrl, "@{url}" ),
applicationComponent == $ac )
- not( NormalizedLicense(applicationComponent == $ac, normalizedLicense == "@{normalizedLicense}") ) // differs from above
+ not( NormalizedLicense(applicationComponent == $ac, declaredLicense == $decLicense, licenseUrl == $licUrl, normalizedLicense == "@{normalizedLicense}") ) // differs from above
then
NormalizedLicense normalizedLicense = ModelHelper.newNormalizedLicense($rl );
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseNameMapping.drt b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseNameMapping.drt
index 76be068f..603bcad4 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseNameMapping.drt
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/rules/rule_templates/LicenseNameMapping.drt
@@ -22,18 +22,19 @@ rule "Name Normalization @{ruleId}" salience -@{row.rowNumber}
$ac : ApplicationComponent()
$rl : RawLicense(
specialHandling == false,
- ModelHelper.match(declaredLicense, "@{declared}" ),
- ModelHelper.match(licenseUrl, "@{url}" ),
- $licUrl : licenseUrl,
- applicationComponent == $ac )
- not( NormalizedLicense(applicationComponent == $ac, normalizedLicense == "@{normalized}" ) )
+ ModelHelper.match(declaredLicense, "@{declared}" ),
+ ModelHelper.match(licenseUrl, "@{url}" ),
+ $decLicense : declaredLicense,
+ $licUrl : licenseUrl,
+ applicationComponent == $ac )
+ not( NormalizedLicense(applicationComponent == $ac, declaredLicense == $decLicense, licenseUrl == $licUrl, normalizedLicense == "@{normalized}" ) )
then
NormalizedLicense normalizedLicense = ModelHelper.newNormalizedLicense($rl );
normalizedLicense.setNormalizedLicenseType("@{type}");
normalizedLicense.setNormalizedLicense("@{normalized}");
normalizedLicense.setNormalizedLicenseUrl($licUrl);
- // Create trace entry
+ // Create trace entry
AuditEntryBuilder aeb = AuditEntryBuilder.instance();
aeb.withRuleId("@{ruleId}")
.withMatching("declaredLicense", "@{declared}" )
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index acb3af77..c4473dc7 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1551,7 +1551,7 @@ from a corporate server or even a public service available on the internet.
== Release Notes
Changes in 1.5.0::
-
+* https://github.com/devonfw/solicitor/issues/6: Fixed the bug by allowing multiple `NormalizedLicense` entries with same id per `ApplicationComponent` if the declared license differs. This allows to assign multiple licenses of same type (e.g. MIT) to a component and also will allow multiple "UNKNOWN" licenses to be reported for the same component. Note that as a side effect additional and unexpected `NormalizedLicense` entries might now be created. This might be caused from multiple `LicenseAssignment*.xls` rules firing for different `RawLicense` entries in the same `ApplicationComponent` and resulting in identical `NormalizedLicense` id. In this case it is necessary to restrict those different rules to only fire for specific `RawLicense` entries.
Changes in 1.4.0::
* https://github.com/devonfw/solicitor/issues/141: Improved robustness of report generation in cases where PackageURL can not be determined (e.g. if data originates from CSV reader).
From fa4149a6557e353147a8dd2b4f3f3ddbc6ff7079 Mon Sep 17 00:00:00 2001
From: ohecker <8004361+ohecker@users.noreply.github.com>
Date: Wed, 7 Dec 2022 18:38:46 +0100
Subject: [PATCH 019/139] Version 1.5.0
---
app/pom.xml | 2 +-
core/pom.xml | 2 +-
documentation/pom.xml | 2 +-
logo/pom.xml | 2 +-
pom.xml | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index be80f9e9..2cb238b7 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-app
- 1.5.0-SNAPSHOT
+ 1.5.0
Solicitor App (Main Application)
A tool for rule based checking of license conditions in software projects.
diff --git a/core/pom.xml b/core/pom.xml
index 5d5b0093..da324051 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-core
- 1.5.0-SNAPSHOT
+ 1.5.0
Solicitor Core (Main Library)
A tool for rule based checking of license conditions in software projects.
diff --git a/documentation/pom.xml b/documentation/pom.xml
index 13dcf775..7dabedce 100644
--- a/documentation/pom.xml
+++ b/documentation/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-documentation
- 1.5.0-SNAPSHOT
+ 1.5.0
pom
Solicitor Documentation
diff --git a/logo/pom.xml b/logo/pom.xml
index 16049879..e6945911 100644
--- a/logo/pom.xml
+++ b/logo/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-logo
- 1.5.0-SNAPSHOT
+ 1.5.0
Solicitor Logo Rendering
Rendering of the Solicitor Logo
diff --git a/pom.xml b/pom.xml
index 6549216e..2b28351b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-aggregator
- 1.5.0-SNAPSHOT
+ 1.5.0
pom
Solicitor Aggregator
From 84bd8a77b83eadc758eb395a35f22b7361a48c7e Mon Sep 17 00:00:00 2001
From: ohecker <8004361+ohecker@users.noreply.github.com>
Date: Tue, 13 Dec 2022 14:09:14 +0100
Subject: [PATCH 020/139] Set Version to SNAPSHOT of next minor version
---
app/pom.xml | 2 +-
core/pom.xml | 2 +-
documentation/master-solicitor.asciidoc | 2 ++
documentation/pom.xml | 2 +-
logo/pom.xml | 2 +-
pom.xml | 2 +-
6 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/app/pom.xml b/app/pom.xml
index 2cb238b7..e8cfacc6 100644
--- a/app/pom.xml
+++ b/app/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-app
- 1.5.0
+ 1.6.0-SNAPSHOT
Solicitor App (Main Application)
A tool for rule based checking of license conditions in software projects.
diff --git a/core/pom.xml b/core/pom.xml
index da324051..ae6e8d6f 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-core
- 1.5.0
+ 1.6.0-SNAPSHOT
Solicitor Core (Main Library)
A tool for rule based checking of license conditions in software projects.
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index c4473dc7..4267b3e8 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1550,6 +1550,8 @@ from a corporate server or even a public service available on the internet.
[appendix]
== Release Notes
+Changes in 1.6.0::
+
Changes in 1.5.0::
* https://github.com/devonfw/solicitor/issues/6: Fixed the bug by allowing multiple `NormalizedLicense` entries with same id per `ApplicationComponent` if the declared license differs. This allows to assign multiple licenses of same type (e.g. MIT) to a component and also will allow multiple "UNKNOWN" licenses to be reported for the same component. Note that as a side effect additional and unexpected `NormalizedLicense` entries might now be created. This might be caused from multiple `LicenseAssignment*.xls` rules firing for different `RawLicense` entries in the same `ApplicationComponent` and resulting in identical `NormalizedLicense` id. In this case it is necessary to restrict those different rules to only fire for specific `RawLicense` entries.
diff --git a/documentation/pom.xml b/documentation/pom.xml
index 7dabedce..6aaf526f 100644
--- a/documentation/pom.xml
+++ b/documentation/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-documentation
- 1.5.0
+ 1.6.0-SNAPSHOT
pom
Solicitor Documentation
diff --git a/logo/pom.xml b/logo/pom.xml
index e6945911..f7151c90 100644
--- a/logo/pom.xml
+++ b/logo/pom.xml
@@ -13,7 +13,7 @@
com.devonfw.tools
solicitor-logo
- 1.5.0
+ 1.6.0-SNAPSHOT
Solicitor Logo Rendering
Rendering of the Solicitor Logo
diff --git a/pom.xml b/pom.xml
index 2b28351b..0f9d290a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
com.devonfw.tools
solicitor-aggregator
- 1.5.0
+ 1.6.0-SNAPSHOT
pom
Solicitor Aggregator
From de174535ccddbeb6c4be4729e33247d1e75e0be1 Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Tue, 13 Dec 2022 14:22:02 +0100
Subject: [PATCH 021/139] Reset velocity engine on initialization of each
template (#147)
---
.../tools/solicitor/writer/velocity/VelocityWriter.java | 3 ++-
documentation/master-solicitor.asciidoc | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/writer/velocity/VelocityWriter.java b/core/src/main/java/com/devonfw/tools/solicitor/writer/velocity/VelocityWriter.java
index 0669e6b3..2aa878a1 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/writer/velocity/VelocityWriter.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/writer/velocity/VelocityWriter.java
@@ -56,7 +56,8 @@ public boolean accept(String type) {
@Override
public void writeReport(String templateSource, String target, Map dataTables) {
- // initialize velocity runtime engine
+ // (re)initialize velocity runtime engine
+ Velocity.reset();
Velocity.init();
// set up the context
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 4267b3e8..1ba1c311 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -1551,6 +1551,7 @@ from a corporate server or even a public service available on the internet.
== Release Notes
Changes in 1.6.0::
+* https://github.com/devonfw/solicitor/issues/146: Fixed the bug which prevented already defined velocity macro with same name to be redefined in different template.
Changes in 1.5.0::
* https://github.com/devonfw/solicitor/issues/6: Fixed the bug by allowing multiple `NormalizedLicense` entries with same id per `ApplicationComponent` if the declared license differs. This allows to assign multiple licenses of same type (e.g. MIT) to a component and also will allow multiple "UNKNOWN" licenses to be reported for the same component. Note that as a side effect additional and unexpected `NormalizedLicense` entries might now be created. This might be caused from multiple `LicenseAssignment*.xls` rules firing for different `RawLicense` entries in the same `ApplicationComponent` and resulting in identical `NormalizedLicense` id. In this case it is necessary to restrict those different rules to only fire for specific `RawLicense` entries.
From 78547e2c2bef94ff2a376e79f2c8db99a0db3c1f Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Tue, 13 Dec 2022 14:52:23 +0100
Subject: [PATCH 022/139] Introduce sourceRepoUrl as new property to
ApplicationComponent (#148)
Co-authored-by: Mahmoud Alkam
---
.../componentinfo/ComponentInfo.java | 11 ++-
.../ComponentInfoInventoryProcessor.java | 4 +
.../scancode/ScancodeComponentInfo.java | 31 +++++-
.../scancode/ScancodeFileAdapter.java | 2 +-
.../model/ModelImporterExporter.java | 7 ++
.../solicitor/model/impl/ModelRootImpl.java | 2 +-
.../inventory/ApplicationComponentImpl.java | 24 ++++-
.../model/inventory/ApplicationComponent.java | 20 +++-
.../NpmLicenseCheckerReader.java | 4 +-
.../NpmLicenseCrawlerReader.java | 17 ++--
.../tools/solicitor/reader/ort/OrtReader.java | 37 ++++----
.../solicitor/reader/yarn/YarnReader.java | 5 +-
...ncomponents_with_noncommerciallicenses.sql | 2 +
...th_noncommerciallicenses_with_licenses.sql | 30 +++---
...alizedlicenses_aggregated_applications.sql | 3 +
.../tools/solicitor/templates/Attributions.vm | 8 +-
.../model/ModelImporterExporterTest.java | 27 +++++-
.../NpmLicenseCheckerReaderTests.java | 18 +++-
.../reader/yarn/YarnReaderTests.java | 29 ++++++
.../resources/models/model_version_4.json | 93 ++++++++++++++++++
.../resources/models/model_version_5.json | 94 +++++++++++++++++++
documentation/master-solicitor.asciidoc | 2 +
22 files changed, 397 insertions(+), 73 deletions(-)
create mode 100644 core/src/test/resources/models/model_version_4.json
create mode 100644 core/src/test/resources/models/model_version_5.json
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
index 486744ef..2994ad03 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfo.java
@@ -31,10 +31,17 @@ public interface ComponentInfo {
String getNoticeFilePath();
/**
- * Gets the url to the license text
+ * Gets the url of the projects homepage,
*
- * @return url to the license text
+ * @return url to the projects homepage
*/
String getUrl();
+ /**
+ * Gets the url of the source code repository.
+ *
+ * @return sourceRepoUrl to the license text
+ */
+ String getSourceRepoUrl();
+
}
\ No newline at end of file
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
index ae50de19..13911101 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/ComponentInfoInventoryProcessor.java
@@ -110,6 +110,10 @@ private Statistics processApplicationComponent(ApplicationComponent ac) {
if (componentInfo.getUrl() != null) {
ac.setOssHomepage(componentInfo.getUrl());
}
+ // check whether Source Reop Url is included in input file or not
+ if (componentInfo.getSourceRepoUrl() != null) {
+ ac.setSourceRepoUrl(componentInfo.getSourceRepoUrl());
+ }
} else {
// no ComponentInfos info found for ac
}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
index 97a966db..3640461e 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeComponentInfo.java
@@ -166,6 +166,8 @@ public void setLicenseFileScore(double licenseFileScore) {
private String url;
+ private String sourceRepoUrl;
+
private double minLicensefilePercentage;
private double minLicenseScore;
@@ -282,7 +284,7 @@ public void addNoticeFilePath(String path, double score) {
}
/**
- * Gets the path to the notice file (if any)
+ * Gets the path to the notice file (if any).
*
* @return path to the notice file
*/
@@ -293,9 +295,9 @@ public String getNoticeFilePath() {
}
/**
- * Gets the url to the license text
+ * Gets the url of the projects homepage.
*
- * @return url to the license text
+ * @return url to the projects homepage
*/
@Override
public String getUrl() {
@@ -304,7 +306,7 @@ public String getUrl() {
}
/**
- * Sets the url to the license text
+ * Sets the url of the projects homepage.
*
* @param url new value of {@link #getUrl()}.
*/
@@ -312,4 +314,25 @@ public void setUrl(String url) {
this.url = url;
}
+
+ /**
+ * Gets the url of the source code repository.
+ *
+ * @return sourceRepoUrl to the license text
+ */
+ @Override
+ public String getSourceRepoUrl() {
+
+ return this.sourceRepoUrl;
+ }
+
+ /**
+ * Sets the url of the source code repository.
+ *
+ * @param sourceRepoUrl new value of {@link #getSourceRepoUrl()}.
+ */
+ public void setSourceRepoUrl(String sourceRepoUrl) {
+
+ this.sourceRepoUrl = sourceRepoUrl;
+ }
}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
index 91067ad9..f9ef78e8 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/componentinfo/scancode/ScancodeFileAdapter.java
@@ -265,7 +265,7 @@ private void applyCurations(String packageUrl, ScancodeComponentInfo componentSc
}
if (curations.get("url") != null) {
String url = curations.get("url").asText();
- oneComponent.setUrl(url);
+ oneComponent.setSourceRepoUrl(url);
}
if (curations.get("licenses") != null) {
oneComponent.clearLicenses();
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/model/ModelImporterExporter.java b/core/src/main/java/com/devonfw/tools/solicitor/model/ModelImporterExporter.java
index 5da088c5..0cb6c43d 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/model/ModelImporterExporter.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/model/ModelImporterExporter.java
@@ -38,6 +38,8 @@ public class ModelImporterExporter {
private static final int LOWEST_VERSION_WITH_PACKAGE_URL = 4;
+ private static final int LOWEST_VERSION_WITH_SOURCE_REPO_URL = 5;
+
@Autowired
private ModelFactory modelFactory;
@@ -109,6 +111,10 @@ private void readApplicationComponents(Application application, JsonNode applica
String usagePattern = applicationComponentNode.get("usagePattern").asText(null);
boolean ossModified = applicationComponentNode.get("ossModified").asBoolean();
String ossHomepage = applicationComponentNode.get("ossHomepage").asText(null);
+ String sourceRepoUrl = null;
+ if (readModelVersion >= LOWEST_VERSION_WITH_SOURCE_REPO_URL) {
+ sourceRepoUrl = applicationComponentNode.get("sourceRepoUrl").asText(null);
+ }
String groupId = applicationComponentNode.get("groupId").asText(null);
String artifactId = applicationComponentNode.get("artifactId").asText(null);
String version = applicationComponentNode.get("version").asText(null);
@@ -129,6 +135,7 @@ private void readApplicationComponents(Application application, JsonNode applica
applicationComponent.setUsagePattern(UsagePattern.valueOf(usagePattern));
applicationComponent.setOssModified(ossModified);
applicationComponent.setOssHomepage(ossHomepage);
+ applicationComponent.setSourceRepoUrl(sourceRepoUrl);
applicationComponent.setGroupId(groupId);
applicationComponent.setArtifactId(artifactId);
applicationComponent.setVersion(version);
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/model/impl/ModelRootImpl.java b/core/src/main/java/com/devonfw/tools/solicitor/model/impl/ModelRootImpl.java
index 75b4f4b6..b6eb82db 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/model/impl/ModelRootImpl.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/model/impl/ModelRootImpl.java
@@ -13,7 +13,7 @@
*/
public class ModelRootImpl extends AbstractModelObject implements ModelRoot {
- private static final int DEFAULT_MODEL_VERSION = 4;
+ private static final int DEFAULT_MODEL_VERSION = 5;
private String executionTime;
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/model/impl/inventory/ApplicationComponentImpl.java b/core/src/main/java/com/devonfw/tools/solicitor/model/impl/inventory/ApplicationComponentImpl.java
index 37251053..afa9ae0f 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/model/impl/inventory/ApplicationComponentImpl.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/model/impl/inventory/ApplicationComponentImpl.java
@@ -35,6 +35,8 @@ public class ApplicationComponentImpl extends AbstractModelObject implements App
private String ossHomepage;
+ private String sourceRepoUrl;
+
private String noticeFileUrl;
private String groupId;
@@ -102,8 +104,8 @@ public String getArtifactId() {
public String[] getDataElements() {
return new String[] { this.groupId, this.artifactId, this.version, getRepoType(), getPackageUrl(), getOssHomepage(),
- getNoticeFileUrl(), getNoticeFileContent(), getUsagePattern().toString(), isOssModified() ? "true" : "false",
- getCopyrights() };
+ getSourceRepoUrl(), getNoticeFileUrl(), getNoticeFileContent(), getUsagePattern().toString(),
+ isOssModified() ? "true" : "false", getCopyrights() };
}
/** {@inheritDoc} */
@@ -117,8 +119,8 @@ public String getGroupId() {
@Override
public String[] getHeadElements() {
- return new String[] { "groupId", "artifactId", "version", "repoType", "packageUrl", "ossHomepage", "noticeFileUrl",
- "noticeFileContent", "usagePattern", "ossModified", "copyrights" };
+ return new String[] { "groupId", "artifactId", "version", "repoType", "packageUrl", "ossHomepage", "sourceRepoUrl",
+ "noticeFileUrl", "noticeFileContent", "usagePattern", "ossModified", "copyrights" };
}
/** {@inheritDoc} */
@@ -135,6 +137,13 @@ public String getOssHomepage() {
return this.ossHomepage;
}
+ /** {@inheritDoc} */
+ @Override
+ public String getSourceRepoUrl() {
+
+ return this.sourceRepoUrl;
+ }
+
/** {@inheritDoc} */
@Override
public String getNoticeFileUrl() {
@@ -236,6 +245,13 @@ public void setOssHomepage(String ossHomepage) {
this.ossHomepage = ossHomepage;
}
+ /** {@inheritDoc} */
+ @Override
+ public void setSourceRepoUrl(String sourceRepoUrl) {
+
+ this.sourceRepoUrl = sourceRepoUrl;
+ }
+
/** {@inheritDoc} */
@Override
public void setNoticeFileUrl(String noticeFileUrl) {
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/model/inventory/ApplicationComponent.java b/core/src/main/java/com/devonfw/tools/solicitor/model/inventory/ApplicationComponent.java
index 5c016024..18e99ff6 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/model/inventory/ApplicationComponent.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/model/inventory/ApplicationComponent.java
@@ -64,6 +64,13 @@ public interface ApplicationComponent {
*/
String getOssHomepage();
+ /**
+ * This method gets the field sourceRepoUrl.
+ *
+ * @return the field sourceRepoUrl
+ */
+ String getSourceRepoUrl();
+
/**
* This method gets the field noticeFileUrl.
*
@@ -154,11 +161,18 @@ public interface ApplicationComponent {
void setOssHomepage(String ossHomepage);
/**
- * This method sets the field noticeFileUrl.
+ * This method sets the field ossHomepage.
+ *
+ * @param ossHomepage the new value of the field ossHomepage
+ */
+ void setSourceRepoUrl(String ossHomepage);
+
+ /**
+ * This method sets the field sourceRepoUrl.
*
- * @param noticeFileUrl the new value of the field noticeFileUrl
+ * @param sourceRepoUrl the new value of the field sourceRepoUrl
*/
- void setNoticeFileUrl(String noticeFileUrl);
+ void setNoticeFileUrl(String sourceRepoUrl);
/**
* This method sets the field ossModified.
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReader.java
index 7cb1ec95..c5cc002d 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReader.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReader.java
@@ -65,9 +65,6 @@ public void readInventory(String type, String sourceUrl, Application application
String licenseFile = (String) attributes.get("licenseFile");
String licenseUrl = estimateLicenseUrl(repo, path, licenseFile);
String homePage = (String) attributes.get("url");
- if (homePage == null || homePage.isEmpty()) {
- homePage = repo;
- }
Object lic = attributes.get("licenses");
List licenseList;
@@ -98,6 +95,7 @@ public void readInventory(String type, String sourceUrl, Application application
appComponent.setUsagePattern(usagePattern);
appComponent.setGroupId("");
appComponent.setOssHomepage(homePage);
+ appComponent.setSourceRepoUrl(repo);
appComponent.setRepoType(repoType);
appComponent.setPackageUrl(PackageURLHelper.fromNpmPackageNameWithVersion(name).toString());
if (licenseList.isEmpty()) {
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
index 4b303d7d..9a95ee31 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/npmlicensecrawler/NpmLicenseCrawlerReader.java
@@ -31,10 +31,10 @@
* A {@link Reader} which reads data produced by the NPM
* License Crawler.
*
- * This reader requires a specific version of license-checker which is not released in the official npm repositories but is only
- * available via Github. This might result in difficulties in environments which have only limited access to internet resources.
- * Additionally, developer dependencies cannot be excluded as the --production option seemingly does not work properly.
- * Use {@link NpmLicenseCheckerReader} instead.
+ * This reader requires a specific version of license-checker which is not released in the official npm repositories
+ * but is only available via Github. This might result in difficulties in environments which have only limited access to
+ * internet resources. Additionally, developer dependencies cannot be excluded as the --production option seemingly does
+ * not work properly. Use {@link NpmLicenseCheckerReader} instead.
*/
@Component
public class NpmLicenseCrawlerReader extends AbstractReader implements Reader {
@@ -68,9 +68,10 @@ public Set getSupportedTypes() {
@Override
public void readInventory(String type, String sourceUrl, Application application, UsagePattern usagePattern,
String repoType, Map configuration) {
- this.deprecationChecker.check(true,
- "Use of Reader of type '"+ SUPPORTED_TYPE +"' is deprecated, use 'npm-license-checker' instead. See https://github.com/devonfw/solicitor/issues/125");
-
+
+ this.deprecationChecker.check(true, "Use of Reader of type '" + SUPPORTED_TYPE
+ + "' is deprecated, use 'npm-license-checker' instead. See https://github.com/devonfw/solicitor/issues/125");
+
if (SUPPORTED_TYPE_DEPRECATED.equals(type)) {
this.deprecationChecker.check(true, "Use of type 'npm' is deprecated. Change type in config to '" + SUPPORTED_TYPE
+ "'. See https://github.com/devonfw/solicitor/issues/62");
@@ -98,7 +99,7 @@ public void readInventory(String type, String sourceUrl, Application application
appComponent.setVersion(module[module.length - 1]);
appComponent.setUsagePattern(usagePattern);
appComponent.setGroupId("");
- appComponent.setOssHomepage(record.get(2));
+ appComponent.setSourceRepoUrl(record.get(2));
appComponent.setRepoType(repoType);
appComponent.setPackageUrl(PackageURLHelper.fromNpmPackageNameWithVersion(record.get(0)).toString());
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
index 45aea82a..db15b3a3 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/ort/OrtReader.java
@@ -22,7 +22,8 @@
import com.fasterxml.jackson.databind.SerializationFeature;
/**
- * A {@link Reader} which reads data generated by the ORT-Analyzer component.
+ * A {@link Reader} which reads data generated by the
+ * ORT-Analyzer component.
*/
@Component
public class OrtReader extends AbstractReader implements Reader {
@@ -54,40 +55,38 @@ public void readInventory(String type, String sourceUrl, Application application
Map l = mapper.readValue(this.inputStreamFactory.createInputStreamFor(sourceUrl), Map.class);
Map analyzer = (Map) l.get("analyzer");
Map result = (Map) analyzer.get("result");
- List packages = (List) result.get("packages");
+ List packages = (List) result.get("packages");
for (int i = 0; i < packages.size(); i++) {
- Map iterator = (Map) packages.get(i);
- Map singlePackage = (Map) iterator.get("package");
- String id = (String) singlePackage.get("id");
- Map vcsProcessed = (Map) singlePackage.get("vcs_processed");
- String repo = (String) vcsProcessed.get("url");
- String pURL = (String) singlePackage.get("purl");
-
- String homePage = (String) singlePackage.get("homepage_url");
- if (homePage == null || homePage.isEmpty()) {
- homePage = repo;
- }
+ Map iterator = (Map) packages.get(i);
+ Map singlePackage = (Map) iterator.get("package");
+ String id = (String) singlePackage.get("id");
+ Map vcsProcessed = (Map) singlePackage.get("vcs_processed");
+ String repo = (String) vcsProcessed.get("url");
+ String pURL = (String) singlePackage.get("purl");
+
+ String homePage = (String) singlePackage.get("homepage_url");
ApplicationComponent appComponent = getModelFactory().newApplicationComponent();
appComponent.setApplication(application);
componentCount++;
-
+
// resolve id into groupId/artifactId/version/repoType
String[] resolvedId = id.split(":");
String trueRepoType = resolvedId[0];
String groupId = resolvedId[1];
String artifactId = resolvedId[2];
String version = resolvedId[3];
-
+
appComponent.setGroupId(groupId);
appComponent.setArtifactId(artifactId);
appComponent.setVersion(version);
appComponent.setUsagePattern(usagePattern);
appComponent.setOssHomepage(homePage);
+ appComponent.setSourceRepoUrl(repo);
appComponent.setRepoType(trueRepoType);
appComponent.setPackageUrl(pURL);
-
+
// manage multiple declared licenses
List lic = (List) singlePackage.get("declared_licenses");
if (lic.isEmpty()) {
@@ -98,11 +97,11 @@ public void readInventory(String type, String sourceUrl, Application application
licenseCount++;
addRawLicense(appComponent, cl.toString(), null, sourceUrl);
}
- }
- doLogging(sourceUrl, application, componentCount, licenseCount);
+ }
+ doLogging(sourceUrl, application, componentCount, licenseCount);
}
} catch (IOException e) {
throw new SolicitorRuntimeException("Could not read ort license inventory source '" + sourceUrl + "'", e);
}
- }
+ }
}
diff --git a/core/src/main/java/com/devonfw/tools/solicitor/reader/yarn/YarnReader.java b/core/src/main/java/com/devonfw/tools/solicitor/reader/yarn/YarnReader.java
index 95128b43..625a7165 100644
--- a/core/src/main/java/com/devonfw/tools/solicitor/reader/yarn/YarnReader.java
+++ b/core/src/main/java/com/devonfw/tools/solicitor/reader/yarn/YarnReader.java
@@ -78,11 +78,7 @@ public void readInventory(String type, String sourceUrl, Application application
if (attributes.size() == 6) {
if (attributes.get(4) != null && !attributes.get(4).isEmpty()) {
homePage = attributes.get(4);
- } else {
- homePage = repo;
}
- } else if (attributes.size() == 5) {
- homePage = repo;
}
ApplicationComponent appComponent = getModelFactory().newApplicationComponent();
@@ -93,6 +89,7 @@ public void readInventory(String type, String sourceUrl, Application application
appComponent.setUsagePattern(usagePattern);
appComponent.setGroupId("");
appComponent.setOssHomepage(homePage);
+ appComponent.setSourceRepoUrl(repo);
appComponent.setRepoType(repoType);
appComponent.setPackageUrl(PackageURLHelper.fromNpmPackageNameAndVersion(name, version).toString());
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses.sql b/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses.sql
index 342c69a7..4afb4618 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses.sql
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses.sql
@@ -6,6 +6,7 @@ select
ac."groupId",
ac."artifactId",
ac."ossHomepage",
+ ac."sourceRepoUrl",
ac."copyrights"
from
APPLICATION a,
@@ -19,6 +20,7 @@ group by
"groupId",
"artifactId",
"ossHomepage",
+ "sourceRepoUrl",
"copyrights"
order by
"groupId",
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses_with_licenses.sql b/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses_with_licenses.sql
index d020df5d..3230f55c 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses_with_licenses.sql
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/sql/applicationcomponents_with_noncommerciallicenses_with_licenses.sql
@@ -1,31 +1,33 @@
-- SPDX-License-Identifier: Apache-2.0
--
-select
- GROUP_CONCAT(DISTINCT a."applicationName" ORDER BY "applicationName" DESC SEPARATOR ', ') as APPS,
- GROUP_CONCAT(DISTINCT ac."version" ORDER BY "version" DESC SEPARATOR ', ') as "version" ,
- ac."groupId",
+select
+ GROUP_CONCAT(DISTINCT a."applicationName" ORDER BY "applicationName" DESC SEPARATOR ', ') as APPS,
+ GROUP_CONCAT(DISTINCT ac."version" ORDER BY "version" DESC SEPARATOR ', ') as "version" ,
+ ac."groupId",
ac."artifactId",
ac."ossHomepage",
+ ac."sourceRepoUrl",
ac."copyrights",
l."normalizedLicense",
l."effectiveNormalizedLicense"
-from
- APPLICATION a,
- APPLICATIONCOMPONENT ac,
- NORMALIZEDLICENSE l
+from
+ APPLICATION a,
+ APPLICATIONCOMPONENT ac,
+ NORMALIZEDLICENSE l
where
a.ID_APPLICATION = ac.PARENT_APPLICATIONCOMPONENT AND
ac.ID_APPLICATIONCOMPONENT = l.PARENT_NORMALIZEDLICENSE AND
- l."normalizedLicenseType" NOT in ('COMMERCIAL', 'IGNORE')
-group by
- "groupId",
+ l."normalizedLicenseType" NOT in ('COMMERCIAL', 'IGNORE')
+group by
+ "groupId",
"artifactId",
"ossHomepage",
+ "sourceRepoUrl",
"copyrights",
"normalizedLicense",
"effectiveNormalizedLicense"
-order by
- "groupId",
- "artifactId",
+order by
+ "groupId",
+ "artifactId",
"version",
"normalizedLicense"
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql b/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
index 8f6a0da8..010451a7 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/sql/normalizedlicenses_aggregated_applications.sql
@@ -17,6 +17,7 @@ select
"repoType",
"packageUrl",
"ossHomepage",
+ "sourceRepoUrl",
"usagePattern",
"ossModified",
"declaredLicense",
@@ -50,6 +51,7 @@ from (
ac."repoType",
ac."packageUrl",
ac."ossHomepage",
+ ac."sourceRepoUrl",
ac."usagePattern",
ac."ossModified",
l."declaredLicense",
@@ -85,6 +87,7 @@ from (
"repoType",
"packageUrl",
"ossHomepage",
+ "sourceRepoUrl",
"usagePattern",
"ossModified",
"declaredLicense",
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/templates/Attributions.vm b/core/src/main/resources/com/devonfw/tools/solicitor/templates/Attributions.vm
index 3986dcc4..dfd07f9b 100644
--- a/core/src/main/resources/com/devonfw/tools/solicitor/templates/Attributions.vm
+++ b/core/src/main/resources/com/devonfw/tools/solicitor/templates/Attributions.vm
@@ -60,7 +60,7 @@ The following table lists all third party Open Source Components that may be con
| Name |
Version |
- Source-Core-Repository |
+ Source Code Repository |
Licenses |
Copyrights (or Authors/Contributors) |
@@ -75,7 +75,7 @@ The following table lists all third party Open Source Components that may be con
#set( $apps = $license.APPS )
$license.artifactId | ## application component name
$license.version | ## application component version
- $license.ossHomepage |
+ $license.sourceRepoUrl |
#foreach($ac in $NONCOMMERCIALCOMPONENTS_LICENSES )
#if( $aid == $ac.artifactId && $gid == $ac.groupId && $ver == $ac.version )
@@ -104,9 +104,9 @@ This section lists all license texts that might be applicable for the third part
the unique license text (or text referencing the license)
the licenses given or referenced in this text (see note below)
the components for which this text applies
-
+
Note that not every license given or referenced in below texts necessarily applies in the
-context of the distribution of this product: See the table in Component /
+context of the distribution of this product: See the table in Component /
License overview for licenses which might not apply due to selected dual-/multi-licensing
options.
diff --git a/core/src/test/java/com/devonfw/tools/solicitor/model/ModelImporterExporterTest.java b/core/src/test/java/com/devonfw/tools/solicitor/model/ModelImporterExporterTest.java
index c9378215..3287099b 100644
--- a/core/src/test/java/com/devonfw/tools/solicitor/model/ModelImporterExporterTest.java
+++ b/core/src/test/java/com/devonfw/tools/solicitor/model/ModelImporterExporterTest.java
@@ -7,6 +7,7 @@
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
+
import com.devonfw.tools.solicitor.common.SolicitorRuntimeException;
/**
@@ -25,10 +26,10 @@ public class ModelImporterExporterTest {
@Test
public void testLoadModelVersion1() {
- SolicitorRuntimeException thrown = Assertions.assertThrows(SolicitorRuntimeException.class, () ->{
- this.mie.loadModel("src/test/resources/models/model_version_1.json");
- });
-
+ SolicitorRuntimeException thrown = Assertions.assertThrows(SolicitorRuntimeException.class, () -> {
+ this.mie.loadModel("src/test/resources/models/model_version_1.json");
+ });
+
}
/**
@@ -49,6 +50,24 @@ public void testLoadModelVersion3() {
this.mie.loadModel("src/test/resources/models/model_version_3.json");
}
+ /**
+ * Test method for {@link com.devonfw.tools.solicitor.model.ModelImporterExporter#loadModel(java.lang.String)}.
+ */
+ @Test
+ public void testLoadModelVersion4() {
+
+ this.mie.loadModel("src/test/resources/models/model_version_4.json");
+ }
+
+ /**
+ * Test method for {@link com.devonfw.tools.solicitor.model.ModelImporterExporter#loadModel(java.lang.String)}.
+ */
+ @Test
+ public void testLoadModelVersion5() {
+
+ this.mie.loadModel("src/test/resources/models/model_version_5.json");
+ }
+
/**
* Test method for
* {@link com.devonfw.tools.solicitor.model.ModelImporterExporter#saveModel(com.devonfw.tools.solicitor.model.ModelRoot, java.lang.String)}.
diff --git a/core/src/test/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReaderTests.java b/core/src/test/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReaderTests.java
index e96269b6..39d61ec1 100644
--- a/core/src/test/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReaderTests.java
+++ b/core/src/test/java/com/devonfw/tools/solicitor/reader/npmlicensechecker/NpmLicenseCheckerReaderTests.java
@@ -106,12 +106,26 @@ public void testHomepageWhichIsGiven() {
}
@Test
- public void testHomepageFromRepo() {
+ public void testHomepageNotGiven() {
List lapc = this.application.getApplicationComponents();
boolean found = false;
for (ApplicationComponent ap : lapc) {
- if (ap.getArtifactId().equals("foo-bar") && ap.getOssHomepage().equals("https://github.com/nobody/foo-bar")) {
+ if (ap.getArtifactId().equals("foo-bar") && ap.getOssHomepage() == null) {
+ found = true;
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
+ @Test
+ public void testSourceRepoFromRepo() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("foo") && ap.getSourceRepoUrl().equals("https://github.com/somebody/foo")) {
found = true;
break;
}
diff --git a/core/src/test/java/com/devonfw/tools/solicitor/reader/yarn/YarnReaderTests.java b/core/src/test/java/com/devonfw/tools/solicitor/reader/yarn/YarnReaderTests.java
index 5b1b6d80..83998d28 100644
--- a/core/src/test/java/com/devonfw/tools/solicitor/reader/yarn/YarnReaderTests.java
+++ b/core/src/test/java/com/devonfw/tools/solicitor/reader/yarn/YarnReaderTests.java
@@ -89,6 +89,35 @@ public void testHomepageWhichIsGiven() {
assertTrue(found);
}
+ @Test
+ public void testSourceRepoUrlWhichIsGiven() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("@test/testing")
+ && ap.getSourceRepoUrl().equals("https://yarnpkg.com/package/@test/testing")) {
+ found = true;
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
+ @Test
+ public void testHomepageWhichIsNotGiven() {
+
+ List lapc = this.application.getApplicationComponents();
+ boolean found = false;
+ for (ApplicationComponent ap : lapc) {
+ if (ap.getArtifactId().equals("@test/testing") && ap.getOssHomepage().equals("")) {
+ found = true;
+ break;
+ }
+ }
+ assertTrue(found);
+ }
+
@Test
public void testLicenseUrlWhichIsGiven() {
diff --git a/core/src/test/resources/models/model_version_4.json b/core/src/test/resources/models/model_version_4.json
new file mode 100644
index 00000000..8a7f7e72
--- /dev/null
+++ b/core/src/test/resources/models/model_version_4.json
@@ -0,0 +1,93 @@
+{
+ "executionTime" : "Fri Oct 01 18:38:31 CEST 2021",
+ "modelVersion" : 4,
+ "solicitorVersion" : "1.3.0-SNAPSHOT",
+ "solicitorGitHash" : "a507f22",
+ "solicitorBuilddate" : "2021-10-01 18:34:12 +0200",
+ "extensionArtifactId" : "cap-solicitor-extension",
+ "extensionVersion" : "1.3.0-RC1",
+ "extensionGitHash" : "043a961",
+ "extensionBuilddate" : "2021-09-13 22:24:45",
+ "engagement" : {
+ "engagementName" : "Some Engagement",
+ "engagementType" : "INTERN",
+ "clientName" : "none",
+ "goToMarketModel" : "LICENSE",
+ "contractAllowsOss" : true,
+ "ossPolicyFollowed" : true,
+ "customerProvidesOss" : false,
+ "applications" : [ {
+ "name" : "Some Application",
+ "releaseId" : "1.2.3-SNAPSHOT",
+ "releaseDate" : "-UNDEFINED-",
+ "sourceRepo" : "https://point/to/your/repo.git",
+ "programmingEcosystem" : "Java8",
+ "applicationComponents" : [ {
+ "usagePattern" : "DYNAMIC_LINKING",
+ "ossModified" : false,
+ "ossHomepage" : null,
+ "groupId" : "ch.qos.logback",
+ "artifactId" : "logback-classic",
+ "version" : "1.2.3",
+ "repoType" : "maven",
+ "packageUrl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3",
+ "normalizedLicenses" : [ {
+ "declaredLicense" : "Eclipse Public License - v 1.0",
+ "licenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "normalizedLicenseType" : "OSS-SPDX",
+ "normalizedLicense" : "EPL-1.0",
+ "normalizedLicenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "effectiveNormalizedLicenseType" : "IGNORE",
+ "effectiveNormalizedLicense" : "Ignore",
+ "effectiveNormalizedLicenseUrl" : null,
+ "legalPreApproved" : "N/A",
+ "copyLeft" : "N/A",
+ "licenseCompliance" : "N/A",
+ "licenseRefUrl" : null,
+ "includeLicense" : "no",
+ "includeSource" : "no",
+ "reviewedForRelease" : null,
+ "comments" : null,
+ "legalApproved" : "N/A",
+ "legalComments" : null,
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'\r\n+ Rule Group: LicenseNameMappingDefaults; RuleId: 57; Matching: declaredLicense==Eclipse Public License - v 1.0; Setting: normalizedLicenseType=OSS-SPDX, normalizedLicense=EPL-1.0, normalizedLicenseUrl=http://www.eclipse.org/legal/epl-v10.html (taking data from input)\r\n+ Rule Group: MultiLicenseSelection; RuleId: 6; Matching: groupId==ch.qos.logback, normalizedLicense==EPL-1.0; Setting: effectiveNormalizedLicenseType=IGNORE (multilicensing: ignore this, prefer LGPL-2.1), effectiveNormalizedLicense=Ignore\r\n+ Rule Group: LegalPreEvaluation; RuleId: 29; Matching: effectiveNormalizedLicenseType==IGNORE; Setting: legalPreApproved=N/A, copyLeft=N/A, licenseCompliance=N/A, includeLicense=no, includeSource=no\r\n+ Rule Group: LegalEvaluation; RuleId: 1; Matching: effectiveNormalizedLicenseType==IGNORE; Setting: legalApproved=N/A",
+ "guessedLicenseUrl" : null,
+ "guessedLicenseUrlAuditInfo" : null
+ }, {
+ "declaredLicense" : "GNU Lesser General Public License",
+ "licenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "normalizedLicenseType" : "OSS-SPDX",
+ "normalizedLicense" : "LGPL-2.1",
+ "normalizedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "effectiveNormalizedLicenseType" : "OSS-SPDX",
+ "effectiveNormalizedLicense" : "LGPL-2.1",
+ "effectiveNormalizedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "legalPreApproved" : "no",
+ "copyLeft" : "weak",
+ "licenseCompliance" : "check legal",
+ "licenseRefUrl" : "https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt",
+ "includeLicense" : "yes",
+ "includeSource" : "yes",
+ "reviewedForRelease" : null,
+ "comments" : null,
+ "legalApproved" : "Conditional",
+ "legalComments" : "OK, in case of dynamic linking.",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'\r\n+ Rule Group: LicenseNameMappingDefaults; RuleId: 101; Matching: licenseUrl==REGEX:https?://www.gnu.org/licenses/old-licenses/lgpl-2.1.*; Setting: normalizedLicenseType=OSS-SPDX, normalizedLicense=LGPL-2.1, normalizedLicenseUrl=http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html (taking data from input)\r\n+ Rule Group: LicenseSelection; RuleId: DEFAULT; Matching: -default-; Setting: effectiveNormalizedLicenseType=OSS-SPDX (taking data from input), effectiveNormalizedLicense=LGPL-2.1 (taking data from input), effectiveNormalizedLicenseUrl=http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html (taking data from input)\r\n+ Rule Group: LegalPreEvaluation; RuleId: 6; Matching: effectiveNormalizedLicenseType==OSS-SPDX, effectiveNormalizedLicense==LGPL-2.1; Setting: legalPreApproved=no, copyLeft=weak, licenseCompliance=check legal, licenseRefUrl=https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt, includeLicense=yes, includeSource=yes\r\n+ Rule Group: LegalEvaluation; RuleId: 14; Matching: usagePattern==DYNAMIC_LINKING, effectiveNormalizedLicenseType==OSS-SPDX, effectiveNormalizedLicense==LGPL-2.1; Setting: legalApproved=Conditional, legalComments=OK, in case of dynamic linking.",
+ "guessedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "guessedLicenseUrlAuditInfo" : ""
+ } ],
+ "rawLicenses" : [ {
+ "declaredLicense" : "Eclipse Public License - v 1.0",
+ "licenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'",
+ "specialHandling" : true
+ }, {
+ "declaredLicense" : "GNU Lesser General Public License",
+ "licenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'",
+ "specialHandling" : true
+ } ]
+ } ]
+ } ]
+ }
+}
\ No newline at end of file
diff --git a/core/src/test/resources/models/model_version_5.json b/core/src/test/resources/models/model_version_5.json
new file mode 100644
index 00000000..607b0469
--- /dev/null
+++ b/core/src/test/resources/models/model_version_5.json
@@ -0,0 +1,94 @@
+{
+ "executionTime" : "Fri Oct 01 18:38:31 CEST 2021",
+ "modelVersion" : 5,
+ "solicitorVersion" : "1.3.0-SNAPSHOT",
+ "solicitorGitHash" : "a507f22",
+ "solicitorBuilddate" : "2021-10-01 18:34:12 +0200",
+ "extensionArtifactId" : "cap-solicitor-extension",
+ "extensionVersion" : "1.3.0-RC1",
+ "extensionGitHash" : "043a961",
+ "extensionBuilddate" : "2021-09-13 22:24:45",
+ "engagement" : {
+ "engagementName" : "Some Engagement",
+ "engagementType" : "INTERN",
+ "clientName" : "none",
+ "goToMarketModel" : "LICENSE",
+ "contractAllowsOss" : true,
+ "ossPolicyFollowed" : true,
+ "customerProvidesOss" : false,
+ "applications" : [ {
+ "name" : "Some Application",
+ "releaseId" : "1.2.3-SNAPSHOT",
+ "releaseDate" : "-UNDEFINED-",
+ "sourceRepo" : "https://point/to/your/repo.git",
+ "programmingEcosystem" : "Java8",
+ "applicationComponents" : [ {
+ "usagePattern" : "DYNAMIC_LINKING",
+ "ossModified" : false,
+ "ossHomepage" : null,
+ "sourceRepoUrl": "https://github.com/qos-ch/logback",
+ "groupId" : "ch.qos.logback",
+ "artifactId" : "logback-classic",
+ "version" : "1.2.3",
+ "repoType" : "maven",
+ "packageUrl": "pkg:maven/ch.qos.logback/logback-classic@1.2.3",
+ "normalizedLicenses" : [ {
+ "declaredLicense" : "Eclipse Public License - v 1.0",
+ "licenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "normalizedLicenseType" : "OSS-SPDX",
+ "normalizedLicense" : "EPL-1.0",
+ "normalizedLicenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "effectiveNormalizedLicenseType" : "IGNORE",
+ "effectiveNormalizedLicense" : "Ignore",
+ "effectiveNormalizedLicenseUrl" : null,
+ "legalPreApproved" : "N/A",
+ "copyLeft" : "N/A",
+ "licenseCompliance" : "N/A",
+ "licenseRefUrl" : null,
+ "includeLicense" : "no",
+ "includeSource" : "no",
+ "reviewedForRelease" : null,
+ "comments" : null,
+ "legalApproved" : "N/A",
+ "legalComments" : null,
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'\r\n+ Rule Group: LicenseNameMappingDefaults; RuleId: 57; Matching: declaredLicense==Eclipse Public License - v 1.0; Setting: normalizedLicenseType=OSS-SPDX, normalizedLicense=EPL-1.0, normalizedLicenseUrl=http://www.eclipse.org/legal/epl-v10.html (taking data from input)\r\n+ Rule Group: MultiLicenseSelection; RuleId: 6; Matching: groupId==ch.qos.logback, normalizedLicense==EPL-1.0; Setting: effectiveNormalizedLicenseType=IGNORE (multilicensing: ignore this, prefer LGPL-2.1), effectiveNormalizedLicense=Ignore\r\n+ Rule Group: LegalPreEvaluation; RuleId: 29; Matching: effectiveNormalizedLicenseType==IGNORE; Setting: legalPreApproved=N/A, copyLeft=N/A, licenseCompliance=N/A, includeLicense=no, includeSource=no\r\n+ Rule Group: LegalEvaluation; RuleId: 1; Matching: effectiveNormalizedLicenseType==IGNORE; Setting: legalApproved=N/A",
+ "guessedLicenseUrl" : null,
+ "guessedLicenseUrlAuditInfo" : null
+ }, {
+ "declaredLicense" : "GNU Lesser General Public License",
+ "licenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "normalizedLicenseType" : "OSS-SPDX",
+ "normalizedLicense" : "LGPL-2.1",
+ "normalizedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "effectiveNormalizedLicenseType" : "OSS-SPDX",
+ "effectiveNormalizedLicense" : "LGPL-2.1",
+ "effectiveNormalizedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "legalPreApproved" : "no",
+ "copyLeft" : "weak",
+ "licenseCompliance" : "check legal",
+ "licenseRefUrl" : "https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt",
+ "includeLicense" : "yes",
+ "includeSource" : "yes",
+ "reviewedForRelease" : null,
+ "comments" : null,
+ "legalApproved" : "Conditional",
+ "legalComments" : "OK, in case of dynamic linking.",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'\r\n+ Rule Group: LicenseNameMappingDefaults; RuleId: 101; Matching: licenseUrl==REGEX:https?://www.gnu.org/licenses/old-licenses/lgpl-2.1.*; Setting: normalizedLicenseType=OSS-SPDX, normalizedLicense=LGPL-2.1, normalizedLicenseUrl=http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html (taking data from input)\r\n+ Rule Group: LicenseSelection; RuleId: DEFAULT; Matching: -default-; Setting: effectiveNormalizedLicenseType=OSS-SPDX (taking data from input), effectiveNormalizedLicense=LGPL-2.1 (taking data from input), effectiveNormalizedLicenseUrl=http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html (taking data from input)\r\n+ Rule Group: LegalPreEvaluation; RuleId: 6; Matching: effectiveNormalizedLicenseType==OSS-SPDX, effectiveNormalizedLicense==LGPL-2.1; Setting: legalPreApproved=no, copyLeft=weak, licenseCompliance=check legal, licenseRefUrl=https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt, includeLicense=yes, includeSource=yes\r\n+ Rule Group: LegalEvaluation; RuleId: 14; Matching: usagePattern==DYNAMIC_LINKING, effectiveNormalizedLicenseType==OSS-SPDX, effectiveNormalizedLicense==LGPL-2.1; Setting: legalApproved=Conditional, legalComments=OK, in case of dynamic linking.",
+ "guessedLicenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "guessedLicenseUrlAuditInfo" : ""
+ } ],
+ "rawLicenses" : [ {
+ "declaredLicense" : "Eclipse Public License - v 1.0",
+ "licenseUrl" : "http://www.eclipse.org/legal/epl-v10.html",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'",
+ "specialHandling" : true
+ }, {
+ "declaredLicense" : "GNU Lesser General Public License",
+ "licenseUrl" : "http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html",
+ "trace" : "+ Component/License info read in '[maven]' format from 'file:./input/licenses_starter.xml'",
+ "specialHandling" : true
+ } ]
+ } ]
+ } ]
+ }
+}
\ No newline at end of file
diff --git a/documentation/master-solicitor.asciidoc b/documentation/master-solicitor.asciidoc
index 1ba1c311..d028fa66 100644
--- a/documentation/master-solicitor.asciidoc
+++ b/documentation/master-solicitor.asciidoc
@@ -144,6 +144,7 @@ The internal business data model consists of 6 entities:
| usagePattern | UsagePattern | possible values: DYNAMIC_LINKING, STATIC_LINKING, STANDALONE_PRODUCT
| ossModified | boolean | is the OSS modified?
| ossHomepage | String | URL of the OSS homepage
+| sourceRepoUrl | String | URL of the Source-Code-Repo
| groupId | String | component identifier: maven group
| artifactId | String | component identifier: maven artifactId
| version | String | component identifier: Version
@@ -1552,6 +1553,7 @@ from a corporate server or even a public service available on the internet.
Changes in 1.6.0::
* https://github.com/devonfw/solicitor/issues/146: Fixed the bug which prevented already defined velocity macro with same name to be redefined in different template.
+* https://github.com/devonfw/solicitor/issues/135: Introduce `sourceRepoUrl` as new property in `ApplicationComponent`. Depending on the kind of Reader either `ossHomepage` and/or `sourceRepoUrl` will be filled with data.
Changes in 1.5.0::
* https://github.com/devonfw/solicitor/issues/6: Fixed the bug by allowing multiple `NormalizedLicense` entries with same id per `ApplicationComponent` if the declared license differs. This allows to assign multiple licenses of same type (e.g. MIT) to a component and also will allow multiple "UNKNOWN" licenses to be reported for the same component. Note that as a side effect additional and unexpected `NormalizedLicense` entries might now be created. This might be caused from multiple `LicenseAssignment*.xls` rules firing for different `RawLicense` entries in the same `ApplicationComponent` and resulting in identical `NormalizedLicense` id. In this case it is necessary to restrict those different rules to only fire for specific `RawLicense` entries.
From bf6ad1b24407b51ee9b53643e6154cbc3b4d807a Mon Sep 17 00:00:00 2001
From: Oliver Hecker <8004361+ohecker@users.noreply.github.com>
Date: Wed, 14 Dec 2022 14:02:30 +0100
Subject: [PATCH 023/139] Name mappings for SPDX-IDs of frequently used
licenses (#150)
---
.../rules/LicenseNameMappingSample.xls | Bin 77824 -> 86016 bytes
documentation/master-solicitor.asciidoc | 3 ++-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls b/core/src/main/resources/com/devonfw/tools/solicitor/rules/LicenseNameMappingSample.xls
index 22a2abcb6de625cbc30a13d56aa0222876130aac..f6a38ea5fcb99075177f2b2055da96de567ccd4b 100644
GIT binary patch
delta 16932
zcmZvj2V7NmmdF1WP!Rz;peSMkV~mPmuzRr}pkRp_yMVo8jHYOO&&1xMUiB$z#9m|2
zr(#7k_NbY%yEC(!&6=H^%@t{O_kbcHKisqf+U_wf5#H@IplmDe4v2+-04u3Abh
z?+I6=QUiO#6|K}{8?M?)4a$J4j#Bgcz*SeN+kN4xr_}6zaMf3;?Etu9l&Y5nSFCEU
z%CnU!k5g*LK)4z!)gu?KCQ9Yz!PQi$?t|eN&*zq_N<^RJZpb2UpnZ{+KjU={fn%ox_%`nCV|MkmDjz!|eS{^ijS`BXs~DpUg2If?p0IS
zYK<;IpMt{YQnH|go|sh)sj-H^t06r0Lf+Dl2o>IdU`i#~*izxpELp0i^JrTvr2X}_
zG<}*?2i)(%D+IDABbmBB}Z9uMjoC!No*`l4vo>pXUNOrfm8VaHzBLIzKsiDz9
z4W)x%sh~z}L97^J;gH58V}uoBuws}6E08J&bPT~VVb#T6iq*g-1dJtMH4TgvV64t>
zLUD5IMDmOyPgp6b>NxR?)1JqRlcUnevk`gLcD^jehWMd4+0&8ijmb`{Jcw^BgvN&W
z#zsRlmWGJey3=h;J)T(DaPh>s4|ll~ygJ1*%cDid11yUg0oGS+)r!d^tO>y`X|EmS1j4wLC5WU1
zLsEjlN)T2vX4yP2n*l2~O;u=3%>>rWfHfmnp?JZxc7D6Nvr}tN1Ap^9S(fLSdIC4`
zer**VQb(o0pOtN$s<5S2VN0vR*0~DXs{tGIqOKUW>=!DA?fV5AY~f<_>R8y$#pd#0
zYk$E8+k7RPr;dU>zmlQ#lUcO@InyF{=-|9U4;|0YuZ`oM;xIZ?VK(dd%I;4X2#
z-djJl3q?1lXt%4HOLTK1x;aNX?MfPXx=~yUikqNoZ6R?jjJOuTwW<~}s#uMgVmB*?iSxtV67NdF@>gcD}vz!ZbhJv;Vzegr*kWvP@R2oNfq3Vttqfr
zt7t7MTC)l#Zyzk>y-9EqxsKAVN#dHMU5oc6MVIgfkqoYR>W|K&eYCOfOY$W0?$d^D
ze5)C4gwe)Gx((@sgDZ7z8_D@4u)q+==V|#8>A9}GUJ}+z2J0naIqUXErt&V^mLaMq
zCDoQ7ZdGjs(pD#Re}8gR26?_ro)?{G`!T1O14((xrW@_(#zd{7ogms7I@%dIwUeA)
zVL9FmXX&AqvF>r>74a@tPpnt`wI@j+IFlXA2b4AhZFlRPDyb2@R?YHqr4(+zGq
zaRXj17dHstdi#*ZF2tG)HdNe&SdXL>JXpG@@%V@{MOWK}Iv9g+cd^yqbWm3S+Tzs}
zfHtAKf;d|qm%4&D_9|CDT3vx<`|Di%qvbTa7?Jvv#td#ypi}iFo!v+$+OWa9NzUCk
zXJ_rP`!&}q{x0+T~ATh)98_&#Oe!PI0$ |