You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A new CLI option --package-only has been added which performs
a faster package scan by skipping the package assembly step and
also skipping license/copyright detection on package metadata.
Major API/other changes:
Output Format Version updated to 3.1.0 (minor version bump)
Drops python 3.7 and adopts python 3.12
New license match attributes:
from_file
matched_text_diagnostics is added for --license-text-diagnostics
In codebase-level license_detections we have a new attribute reference_matches
SPDX license expressions everywhere side-by-side with ScanCode
license expressions.
All rule attribute level data provided in codebase level todo items.
Changes in Output Data Structure:
The data structure of the JSON output has changed for
licenses at file level, and license detections at top-level.
But note that all the changes are additions to the JSON output,
so we have a minor version bump 3.0.0 to 3.1.0:
There is a new attribute from_file in matches which is in license_detections in:
File level license_detections
Codebase level license_detections
license_detections and other_license_detections in
file-level package_data
license_detections and other_license_detections in
codebase level packages
On using the CLI option --license-text-diagnostics there is
now a new license match attribute matched_text_diagnostics
with the matched text and highlighted diagnostics, instead of
having this replace the plain matched_text.
A new reference_matches attribute is added to codebase-level license_detections which is same as the matches attribute
in other license detections.
We now have SPDX license expressions everywhere we have
ScanCode license expressions for ease of use and adopting
SPDX everywhere. A new attribute license_expression_spdx
is added to:
license_detections in file and codebase level
in package license_detections and other_license_detections
matches for license_detections everywhere
Adds all rule atrribute level info in codebase level todo
data, to assist in review. This includes length, text, notes,
referenced_filenames, and the boolean attributes (like
is_license_notice, is_license_intro etc, as applicable).
New and updated licenses, including support for newly released
SPDX license list versions:
SPDX License List 3.22:
This release of the SPDX license list had 48 new licenses,
and several of them we already had as licenses/rules, and
these has been modified to be consistent with the SPDX list.
And the rest have been added as new licenses.
For more details see Update to spdx 3.22 #3554
SPDX License List 3.23:
This release of the SPDX license list had 43 new licenses,
and out of them 22 were present as licenses and 10 were
present as rules already. There were 4 new license/exception
texts added, and the rest were either texts with small variations,
additions to texts or several rule texts together.
For more details see Support SPDX License List 3.23 #3653
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
New CLI options:
--package-only
has been added which performsa faster package scan by skipping the package assembly step and
also skipping license/copyright detection on package metadata.
Major API/other changes:
from_file
matched_text_diagnostics
is added for--license-text-diagnostics
license_detections
we have a new attributereference_matches
license expressions.
todo
items.Changes in Output Data Structure:
The data structure of the JSON output has changed for
licenses at file level, and license detections at top-level.
But note that all the changes are additions to the JSON output,
so we have a minor version bump
3.0.0
to3.1.0
:There is a new attribute
from_file
inmatches
which is inlicense_detections
in:license_detections
license_detections
license_detections
andother_license_detections
infile-level
package_data
license_detections
andother_license_detections
incodebase level
packages
On using the CLI option
--license-text-diagnostics
there isnow a new license match attribute
matched_text_diagnostics
with the matched text and highlighted diagnostics, instead of
having this replace the plain
matched_text
.A new
reference_matches
attribute is added to codebase-levellicense_detections
which is same as thematches
attributein other license detections.
We now have SPDX license expressions everywhere we have
ScanCode license expressions for ease of use and adopting
SPDX everywhere. A new attribute
license_expression_spdx
is added to:
license_detections
in file and codebase levellicense_detections
andother_license_detections
matches
forlicense_detections
everywhereAdds all rule atrribute level info in codebase level
todo
data, to assist in review. This includes length, text, notes,
referenced_filenames, and the boolean attributes (like
is_license_notice, is_license_intro etc, as applicable).
New and updated licenses, including support for newly released
SPDX license list versions:
SPDX License List 3.22:
This release of the SPDX license list had 48 new licenses,
and several of them we already had as licenses/rules, and
these has been modified to be consistent with the SPDX list.
And the rest have been added as new licenses.
For more details see Update to spdx 3.22 #3554
SPDX License List 3.23:
This release of the SPDX license list had 43 new licenses,
and out of them 22 were present as licenses and 10 were
present as rules already. There were 4 new license/exception
texts added, and the rest were either texts with small variations,
additions to texts or several rule texts together.
For more details see Support SPDX License List 3.23 #3653
We also have lots of other misc new licenses and rules added to
LicenseDB, see PRs below for more details:
Add new licenses and license updates #3663
Update license rules #3642
Add new and updated licenses #3586
Yet more license rules #3584
Add new license detection rules #3575
More licenses #3570
Add license detection rules #3568
Add license rules #3562
Improve debian namespace detection based on clues and fix
namespace and qualifier bugs for debian purls.
For more details see Add missing namespace to debian packages scancode.io#899
and distro is passed as None for RPM packages #3443
Also improve debian manifests parsing and purl parsing from
filenames. Support for Collect Debian data live, aka. purl2meta purldb#245
Bumps debian-inspector to v31.1.0
Bump commoncode to v31.0.3
Upgraded spdx-tools dependency to v0.8.
See Upgrade
spdx-tools
to version 0.8 #3455Support for Conan package parser:
conanfile.py
, as described here https://docs.conan.io/2.0/reference/conanfile.html.We also support source extraction from
conandata.yml
, as described herehttps://docs.conan.io/2/tutorial/creating_packages/handle_sources_in_packages.html#using-the-conandata-yml-file.
What's Changed
spdx-tools
to v0.8.1 Upgradespdx-tools
to version 0.8 #3455 by @armintaenzertng in Upgradespdx-tools
to v0.8.1 #3455 #3456WITH
operator in a rule by @fviernau in Fix-up an accidental use of SPDX'sWITH
operator in a rule #3628--package-only
by @AyanSinhaMahapatra in Add a faster package scan with--package-only
#3689New Contributors
Full Changelog: v32.0.8...v32.1.0
This discussion was created from the release v32.1.0.
Beta Was this translation helpful? Give feedback.
All reactions