test(scanoss): Add a functional test for the different instances

Choose between the `osskb.org` (free) and `scanoss.com` (commercial)
instances based on the API key provided, if any.

The test file was taken from [1] to match their example at [2]. The
"-snippet" variant was created from that by stripping comments and only
keeping a few functions.

[1]: https://github.com/unoconv/unoconv/blob/0.8.2/unoconv
[2]: https://www.softwaretransparency.org/osskb

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>

Author: sschuberth

plugins/scanners/scanoss/build.gradle.kts

@@ -39,6 +39,8 @@ dependencies {
 
     funTestApi(testFixtures(projects.scanner))
 
+    funTestImplementation(projects.utils.testUtils)
+
     testImplementation(projects.utils.testUtils)
 
     testImplementation(libs.mockk)

plugins/scanners/scanoss/src/funTest/kotlin/ScanOssFunTest.kt

@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2026 The ORT Project Copyright Holders <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.scanoss
+
+import com.scanoss.rest.ScanApi
+
+import io.kotest.core.spec.style.StringSpec
+import io.kotest.matchers.collections.beEmpty
+import io.kotest.matchers.collections.shouldBeSingleton
+import io.kotest.matchers.maps.shouldContainExactly
+import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
+
+import org.ossreviewtoolkit.model.PackageType
+import org.ossreviewtoolkit.model.RepositoryProvenance
+import org.ossreviewtoolkit.model.TextLocation
+import org.ossreviewtoolkit.model.VcsInfo
+import org.ossreviewtoolkit.model.VcsType
+import org.ossreviewtoolkit.plugins.api.Secret
+import org.ossreviewtoolkit.scanner.ScanContext
+import org.ossreviewtoolkit.utils.spdx.toSpdx
+import org.ossreviewtoolkit.utils.test.extractResource
+
+class ScanOssFunTest : StringSpec({
+    val apiKey = System.getenv("SCANOSS_API_KEY")
+    val scanner = if (apiKey != null) {
+        ScanOssFactory.create(ScanApi.DEFAULT_BASE_URL2, Secret(apiKey))
+    } else {
+        ScanOssFactory.create()
+    }
+
+    val scanContext = ScanContext(labels = emptyMap(), packageType = PackageType.PACKAGE)
+
+    "File matches contain the expected findings" {
+        val unoconv = extractResource("/unoconv")
+
+        val summary = scanner.scanPath(unoconv, scanContext)
+
+        summary.licenseFindings.shouldBeSingleton {
+            it.license shouldBe "GPL-2.0-only".toSpdx()
+            it.score shouldBe 100.0f
+        }
+
+        summary.snippetFindings should beEmpty()
+
+        // Copyrights (and vulnerabilities) are commercial features.
+        if (apiKey != null) {
+            summary.copyrightFindings.shouldBeSingleton {
+                it.statement shouldBe "Copyright 2007-2010 Dag Wieers <dag@wieers.com>"
+            }
+        }
+    }
+
+    "Snippet matches contain the expected findings" {
+        val unoconv = extractResource("/unoconv-snippet")
+
+        val summary = scanner.scanPath(unoconv, scanContext)
+
+        summary.licenseFindings should beEmpty()
+        summary.copyrightFindings should beEmpty()
+
+        summary.snippetFindings.shouldBeSingleton {
+            it.snippets.shouldBeSingleton { snippet ->
+                snippet.score shouldBe 95.0f
+                snippet.location shouldBe TextLocation("unoconv-0.6/unoconv", 19, 186)
+                snippet.provenance shouldBe RepositoryProvenance(
+                    vcsInfo = VcsInfo(VcsType.GIT, "https://github.com/unoconv/unoconv.git", ""),
+                    resolvedRevision = "."
+                )
+                snippet.purl shouldBe "pkg:github/unoconv/unoconv"
+                snippet.license shouldBe "GPL-2.0-only".toSpdx()
+                snippet.additionalData shouldContainExactly if (apiKey != null) {
+                    mapOf(
+                        "file_hash" to "38e743a8566d3df4a2dc4432f8d6b091",
+                        "file_url" to "https://api.scanoss.com/file_contents/38e743a8566d3df4a2dc4432f8d6b091",
+                        "source_hash" to "21f8df5092922255fd8b42be5e6b59a7"
+                    )
+                } else {
+                    mapOf(
+                        "file_hash" to "38e743a8566d3df4a2dc4432f8d6b091",
+                        "file_url" to " ",
+                        "source_hash" to "21f8df5092922255fd8b42be5e6b59a7"
+                    )
+                }
+            }
+        }
+    }
+})