Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Picking up dependencies license info #506

Open
ariel11 opened this issue Nov 29, 2022 · 1 comment
Open

Picking up dependencies license info #506

ariel11 opened this issue Nov 29, 2022 · 1 comment

Comments

@ariel11
Copy link

ariel11 commented Nov 29, 2022
edited
Loading

Hi, the tooling is including license info from dependency/third party notice files in the "declared" field - see https://clearlydefined.io/definitions/gem/rubygems/-/nokogiri/1.13.9/1.13.9.

This is incorrect. The "declared" field should only be the top level license for that package.
@qtomlinson
Copy link
Collaborator

qtomlinson commented Nov 15, 2023
edited
Loading

The root cause for this is where ScanCode result is parsed (ScanCodeSummarizer). There is no package level license information, so license information for top level files is used to derive the declared license. is_license_text is true for LICENSE-DEPENDENCIES.md, and therefore the licenses matched are used as the declared license. In contrast, is_license_text is false for LICENSE.md. Need to recheck this issue after ScanCode upgrade.

@qtomlinson qtomlinson mentioned this issue Jun 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ariel11 @qtomlinson