Add ORT package-list.yml output format

[tdruez]

• CRAVEX-integration: Integration with SCA Tools: ORT #1727

Models: https://github.com/oss-review-toolkit/ort/blob/main/cli-helper/src/main/kotlin/commands/CreateAnalyzerResultFromPackageListCommand.kt

Change

A new "package-list.yml" ORT output is available in the UI, REST API, and CLI.
This output can be used as an ORT input.

Usage

1. ScanCode.io project

Run a analyze_docker_image pipeline on a Docker image input.

2. Download the new ORT "package-list.yml" output.

3. Create ORT "analyzer-result.yml" from "package-list.yml"

ORT_VERSION=68.1.0

docker run --rm -v $PWD:/data \
  --entrypoint /opt/ort/bin/orth \
  ghcr.io/oss-review-toolkit/ort:${ORT_VERSION} \
  create-analyzer-result-from-package-list \
    --package-list-file /data/package-list.yml \
    --ort-file /data/analyzer-result.yml

4. Load "analyzer-result.yml" and generate reports (CycloneDX, SPDX, WebApp)

docker run --rm -v $PWD:/data \
  ghcr.io/oss-review-toolkit/ort:${ORT_VERSION} \
  report \
    --ort-file /data/analyzer-result.yml \
    --output-dir /data/results/ \
    --report-formats CycloneDX,SpdxDocument,WebApp