feat(fossid): Add option to treat pending identifications as errors

While a pending identification is not per se an issue, because it is a
call to action and not a finding, some users might want that ORT shows
it with the severity ERROR to ensure pending identifications are not
overlooked in CI/CD pipelines or compliance workflows where only errors
are considered blocking issues.

Signed-off-by: Julian Olderdissen <[email protected]>

Author: Juli0q

model/src/main/resources/reference.yml

@@ -277,6 +277,8 @@ ort:
 
           sensitivity: 10
 
+          treatPendingIdentificationsAsError: false
+
         secrets:
           user: user
           apiKey: XYZ

model/src/test/kotlin/config/OrtConfigurationTest.kt

@@ -259,7 +259,8 @@ class OrtConfigurationTest : WordSpec({
                             "detectCopyrightStatements" to "true",
                             "timeout" to "60",
                             "urlMappings" to urlMapping,
-                            "sensitivity" to "10"
+                            "sensitivity" to "10",
+                            "treatPendingIdentificationsAsError" to "false"
                         )
 
                         secrets should containExactlyEntries(

plugins/scanners/fossid/src/main/kotlin/FossId.kt

@@ -907,7 +907,7 @@ class FossId internal constructor(
                 source = descriptor.id,
                 message = "This scan has $pendingFilesCount file(s) pending identification in FossID. " +
                     "Please review and resolve them at: $fossIdScanUrl",
-                severity = Severity.HINT
+                severity = if (config.treatPendingIdentificationsAsError) Severity.ERROR else Severity.HINT
             )
         )
 

plugins/scanners/fossid/src/main/kotlin/FossIdConfig.kt

@@ -131,7 +131,11 @@ data class FossIdConfig(
 
     /** Whether to write scan results to the storage. */
     @OrtPluginOption(defaultValue = "true")
-    val writeToStorage: Boolean
+    val writeToStorage: Boolean,
+
+    /** Treat pending identifications as errors instead of hints. */
+    @OrtPluginOption(defaultValue = "false")
+    val treatPendingIdentificationsAsError: Boolean
 ) {
     init {
         require(deltaScanLimit > 0) {

plugins/scanners/fossid/src/test/kotlin/TestUtils.kt

@@ -152,7 +152,8 @@ internal fun createConfig(
         urlMappings = null,
         writeToStorage = false,
         logRequests = false,
-        isArchiveMode = isArchiveMode
+        isArchiveMode = isArchiveMode,
+        treatPendingIdentificationsAsError = false
     )
 
     val namingProvider = createNamingProviderMock()