Merge branch 'main' into click

Author: soimkim

.bumpversion.cfg

@@ -2,7 +2,7 @@
 commit = True
 tag = False
 message = Bump version: {current_version} → {new_version}
-current_version = 2.1.7
+current_version = 2.1.13
 
 [bumpversion:file:setup.py]
 search = '{current_version}'

.github/workflows/publish-release.yml

@@ -60,7 +60,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v4
       with:
-        python-version: '3.8'
+        python-version: '3.10'
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/pull-request.yml

@@ -16,7 +16,7 @@ jobs:
   build:
     strategy:
       matrix:
-        python-version: [3.8, 3.11]
+        python-version: ["3.11"]
         os: [ubuntu-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
@@ -35,7 +35,7 @@ jobs:
   build_macos:
     strategy:
       matrix:
-        python-version: [3.9, 3.11]
+        python-version: ["3.11"]
     runs-on: macos-latest
     steps:
     - uses: actions/checkout@v3
@@ -45,7 +45,9 @@ jobs:
         python-version: ${{ matrix.python-version }}
     - name: Install dependencies
       run: |
-        brew install openssl
+        if ! brew list openssl@3 &>/dev/null; then
+            brew install openssl@3
+        fi
         brew install libmagic
         brew install postgresql
         python -m pip install --upgrade pip

CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## v2.1.13 (10/09/2025)
+## Changes
+## 🔧 Maintenance
+
+- Add is_manifest_file field @dd-jy (#215)
+
+---
+
+## v2.1.12 (21/08/2025)
+## Changes
+## 🚀 Features
+
+- Exclude package dirs with directory name @dd-jy (#214)
+
+## 🔧 Maintenance
+
+- Fix scancode version for Mac @JustinWonjaePark (#213)
+
+---
+
+## v2.1.11 (21/07/2025)
+## Changes
+## 🔧 Maintenance
+
+- Remove copyright info for license text file of GPL family @JustinWonjaePark (#212)
+
+---
+
+## v2.1.10 (17/07/2025)
+## Changes
+- Recognize manifest file as License File @JustinWonjaePark (#210)
+
+## 🔧 Maintenance
+
+- Update Python support to 3.10+ and remove scanners' version limits @JustinWonjaePark (#211)
+
+---
+
+## v2.1.9 (10/07/2025)
+## Changes
+- Remove copyright from SCANOSS result @JustinWonjaePark (#209)
+
+## 🔧 Maintenance
+
+- Fix github action warning message @bjk7119 (#208)
+
+---
+
+## v2.1.8 (09/04/2025)
+## Changes
+## 🔧 Maintenance
+
+- Fix api_limit_exceed_parameter @JustinWonjaePark (#206)
+
+---
+
 ## v2.1.7 (26/02/2025)
 ## Changes
 ## 🔧 Maintenance
@@ -239,71 +295,3 @@
 ## 🐛 Hotfixes
 
 - Fix vulnerability from requirements.txt @JustinWonjaePark (#138)
-
----
-
-## v1.7.1 (31/08/2023)
-## Changes
-## 🔧 Maintenance
-
-- Priority change between Download Location extraction and scanner operation @JustinWonjaePark (#133)
-
----
-
-## v1.7.0 (14/08/2023)
-## Changes
-- Fix the bug when nothing is detected @soimkim (#134)
-
-## 🚀 Features
-
-- Load v32 and later of ScanCode @soimkim (#131)
-
-## 🔧 Maintenance
-
-- Fix the scancdoe and util version @dd-jy (#132)
-
----
-
-## v1.6.32 (03/08/2023)
-## Changes
-## 🐛 Hotfixes
-
-- Fix the util version @dd-jy (#130)
-
----
-
-## v1.6.31 (03/08/2023)
-## Changes
-## 🐛 Hotfixes
-
-- Revert the scancode-toolkit version @dd-jy (#129)
-
-## 🔧 Maintenance
-
-- Remove sorting @JustinWonjaePark (#128)
-
----
-
-## v1.6.30 (25/07/2023)
-## Changes
-## 🔧 Maintenance
-
-- Update scancode-toolkit version @dd-jy (#127)
-
----
-
-## v1.6.29 (25/07/2023)
-## Changes
-## 🚀 Features
-
-- Read download location @JustinWonjaePark (#124)
-
-## 🐛 Hotfixes
-
-- Update FOSSLight Util version @soimkim (#126)
-
-## 🔧 Maintenance
-
-- Sort the result by file and exclude attributes @JustinWonjaePark (#125)
-- Update the minimum version of util @dd-jy (#123)
-- Change the default path to find sbom-info.yaml @dd-jy (#122)

requirements-dev.txt

@@ -2,8 +2,8 @@ tox
 pytest
 pytest-cov
 pytest-flake8
-flake8==3.9.2
+flake8
 dataclasses
 scanoss
-importlib-metadata==4.12.0
+importlib-metadata
 pytest-xdist

requirements.txt

@@ -6,8 +6,7 @@ PyYAML
 wheel>=0.38.1
 intbitset
 fosslight_binary>=5.0.0
-scancode-toolkit==32.0.*;sys_platform=="darwin"
-scancode-toolkit==32.2.*;sys_platform!="darwin"
-psycopg2-binary==2.9.9
-beautifulsoup4==4.12.*
+scancode-toolkit>=32.0.2
+fingerprints==1.2.3
+normality==2.6.1
 click==8.2.1

setup.py

@@ -14,7 +14,7 @@
 if __name__ == "__main__":
     setup(
         name='fosslight_source',
-        version='2.1.7',
+        version='2.1.13',
         package_dir={"": "src"},
         packages=find_packages(where='src'),
         description='FOSSLight Source Scanner',
@@ -26,11 +26,10 @@
         download_url='https://github.com/fosslight/fosslight_source_scanner',
         classifiers=['License :: OSI Approved :: Apache Software License',
                      "Programming Language :: Python :: 3",
-                     "Programming Language :: Python :: 3.8",
-                     "Programming Language :: Python :: 3.9",
                      "Programming Language :: Python :: 3.10",
-                     "Programming Language :: Python :: 3.11", ],
-        python_requires=">=3.8",
+                     "Programming Language :: Python :: 3.11",
+                     "Programming Language :: Python :: 3.12", ],
+        python_requires=">=3.10, <3.13",
         install_requires=required,
         entry_points={
             "console_scripts": [

src/fosslight_source/_parsing_scancode_file_item.py

@@ -13,6 +13,8 @@
 from ._scan_item import is_exclude_file
 from ._scan_item import replace_word
 from ._scan_item import is_notice_file
+from ._scan_item import is_manifest_file
+from ._scan_item import is_package_dir
 from typing import Tuple
 
 logger = logging.getLogger(constant.LOGGER_NAME)
@@ -29,6 +31,27 @@
 SPDX_REPLACE_WORDS = ["(", ")"]
 KEY_AND = r"(?<=\s)and(?=\s)"
 KEY_OR = r"(?<=\s)or(?=\s)"
+GPL_LICENSE_PATTERN = r'((a|l)?gpl|gfdl)'  # GPL, LGPL, AGPL, GFDL
+
+
+def is_gpl_family_license(licenses: list) -> bool:
+    if not licenses:
+        return False
+
+    for license_name in licenses:
+        if not license_name:
+            continue
+
+        license_lower = license_name.lower()
+        if re.search(GPL_LICENSE_PATTERN, license_lower):
+            logger.debug(f"GPL family license detected: {license_name}")
+            return True
+
+    return False
+
+
+def should_remove_copyright_for_gpl_license_text(licenses: list, is_license_text: bool) -> bool:
+    return is_license_text and is_gpl_family_license(licenses)
 
 
 def get_error_from_header(header_item: list) -> Tuple[bool, str]:
@@ -77,6 +100,13 @@ def parsing_scancode_32_earlier(scancode_file_list: list, has_error: bool = Fals
                     copyright_list = file.get("copyrights", [])
 
                     result_item = SourceItem(file_path)
+                    is_pkg, pkg_path = is_package_dir(os.path.dirname(file_path))
+                    if is_pkg:
+                        result_item.source_name_or_path = pkg_path
+                        if not any(x.source_name_or_path == result_item.source_name_or_path for x in scancode_file_item):
+                            result_item.exclude = True
+                            scancode_file_item.append(result_item)
+                        continue
 
                     if has_error and "scan_errors" in file:
                         error_msg = file.get("scan_errors", [])
@@ -99,8 +129,6 @@ def parsing_scancode_32_earlier(scancode_file_list: list, has_error: bool = Fals
                                 pass
                             copyright_value_list.append(copyright_data)
 
-                    result_item.copyright = copyright_value_list
-
                     # Set the license value
                     license_detected = []
                     if licenses is None or licenses == "":
@@ -164,6 +192,16 @@ def parsing_scancode_32_earlier(scancode_file_list: list, has_error: bool = Fals
                     if len(license_detected) > 0:
                         result_item.licenses = license_detected
 
+                        if is_manifest_file(file_path):
+                            result_item.is_manifest_file = True
+
+                        # Remove copyright info for license text file of GPL family
+                        if should_remove_copyright_for_gpl_license_text(license_detected, result_item.is_license_text):
+                            logger.debug(f"Removing copyright for GPL family license text file: {file_path}")
+                            result_item.copyright = []
+                        else:
+                            result_item.copyright = copyright_value_list
+
                         if len(license_expression_list) > 0:
                             license_expression_list = list(
                                 set(license_expression_list))
@@ -205,6 +243,13 @@ def parsing_scancode_32_later(
                     continue
 
                 result_item = SourceItem(file_path)
+                is_pkg, pkg_path = is_package_dir(os.path.dirname(file_path))
+                if is_pkg:
+                    result_item.source_name_or_path = pkg_path
+                    if not any(x.source_name_or_path == result_item.source_name_or_path for x in scancode_file_item):
+                        result_item.exclude = True
+                        scancode_file_item.append(result_item)
+                    continue
 
                 if has_error:
                     error_msg = file.get("scan_errors", [])
@@ -223,7 +268,6 @@ def parsing_scancode_32_later(
                         except Exception:
                             pass
                         copyright_value_list.append(copyright_data)
-                result_item.copyright = copyright_value_list
 
                 license_detected = []
                 licenses = file.get("license_detections", [])
@@ -259,6 +303,20 @@ def parsing_scancode_32_later(
                                             license_list[lic_matched_key] = lic_info
                                     license_detected.append(found_lic)
                 result_item.licenses = license_detected
+
+                result_item.exclude = is_exclude_file(file_path)
+                result_item.is_license_text = file.get("percentage_of_license_text", 0) > 90 or is_notice_file(file_path)
+
+                if is_manifest_file(file_path) and len(license_detected) > 0:
+                    result_item.is_manifest_file = True
+
+                # Remove copyright info for license text file of GPL family
+                if should_remove_copyright_for_gpl_license_text(license_detected, result_item.is_license_text):
+                    logger.debug(f"Removing copyright for GPL family license text file: {file_path}")
+                    result_item.copyright = []
+                else:
+                    result_item.copyright = copyright_value_list
+
                 if len(license_detected) > 1:
                     license_expression_spdx = file.get("detected_license_expression_spdx", "")
                     license_expression = file.get("detected_license_expression", "")
@@ -267,8 +325,6 @@ def parsing_scancode_32_later(
                     if license_expression:
                         result_item.comment = license_expression
 
-                result_item.exclude = is_exclude_file(file_path)
-                result_item.is_license_text = file.get("percentage_of_license_text", 0) > 90 or is_notice_file(file_path)
                 scancode_file_item.append(result_item)
             except Exception as ex:
                 msg.append(f"Error Parsing item: {ex}")

src/fosslight_source/_parsing_scanoss_file.py

@@ -8,6 +8,7 @@
 import fosslight_util.constant as constant
 from ._scan_item import SourceItem
 from ._scan_item import is_exclude_file
+from ._scan_item import is_package_dir
 from ._scan_item import replace_word
 from typing import Tuple
 
@@ -45,6 +46,13 @@ def parsing_scanResult(scanoss_report: dict, path_to_scan: str = "", path_to_exc
         if any(os.path.commonpath([abs_file_path, exclude_path]) == exclude_path for exclude_path in abs_path_to_exclude):
             continue
         result_item = SourceItem(file_path)
+        is_pkg, pkg_path = is_package_dir(os.path.dirname(file_path))
+        if is_pkg:
+            result_item.source_name_or_path = pkg_path
+            if not any(x.source_name_or_path == result_item.source_name_or_path for x in scanoss_file_item):
+                result_item.exclude = True
+                scanoss_file_item.append(result_item)
+            continue
 
         if 'id' in findings[0]:
             if "none" == findings[0]['id']:
@@ -60,7 +68,6 @@ def parsing_scanResult(scanoss_report: dict, path_to_scan: str = "", path_to_exc
         license_detected = []
         license_w_source = {"component_declared": [], "file_spdx_tag": [],
                             "file_header": [], "license_file": [], "scancode": []}
-        copyright_detected = []
         if 'licenses' in findings[0]:
             for license in findings[0]['licenses']:
 
@@ -78,11 +85,6 @@ def parsing_scanResult(scanoss_report: dict, path_to_scan: str = "", path_to_exc
             if len(license_detected) > 0:
                 result_item.licenses = license_detected
                 result_item.scanoss_reference = license_w_source
-        if 'copyrights' in findings[0]:
-            for copyright in findings[0]['copyrights']:
-                copyright_detected.append(copyright['name'])
-            if len(copyright_detected) > 0:
-                result_item.copyright = copyright_detected
 
         if is_exclude_file(file_path):
             result_item.exclude = True