Skip to content

Allow scan storage providers to express that they only work for packages (not projects) #6460

@schvvarzekatze

Description

@schvvarzekatze

I just retried to use ClearlyDefined to curate missing copyrights. This worked perfectly for all gradle packages, but still not for yarn.

I used the config as described in the readme:

ort:
  scanner:
    storages:
      clearlyDefined:
        serverUrl: "https://api.clearlydefined.io"

    storageReaders: ["clearlyDefined"]

I only found this warning in the logs:

10:54:09.568 [main] WARN  org.ossreviewtoolkit.scanner.storages.ClearlyDefinedStorage - Could not obtain ClearlyDefined coordinates for package 'Yarn::package.json:'.
10:54:09.572 [main] INFO  org.ossreviewtoolkit.scanner.ScanResultsStorage - Read 0 scan result(s) for 'Yarn::package.json:' from ClearlyDefinedStorage in 12.518556ms.

It seems that clearly defined is not applied on the npm Libraries behind package.json of the project node.

Can this be curated by any other ORT config than this mentioned above?

Thank you very much.

Metadata

Metadata

Assignees

No one assigned

    Labels

    scannerAbout the scanner tool

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions