feat(scanoss): Add snippet report generation

Implement functionality to generate snippet findings reports from
SCANOSS scan results.

Signed-off-by: Agustin Isasmendi <[email protected]>

Author: isasmendiagus

buildSrc/src/main/kotlin/LicenseUtils.kt

@@ -34,6 +34,7 @@ object CopyrightableFiles {
         "plugins/reporters/asciidoc/src/main/resources/pdf-theme/pdf-theme.yml",
         "plugins/reporters/asciidoc/src/main/resources/templates/freemarker_implicit.ftl",
         "plugins/reporters/fossid/src/main/resources/templates/freemarker_implicit.ftl",
+        "plugins/reporters/scanoss/src/main/resources/templates/freemarker_implicit.ftl",
         "plugins/reporters/freemarker/src/main/resources/templates/freemarker_implicit.ftl",
         "plugins/reporters/static-html/src/main/resources/prismjs/",
         "plugins/reporters/web-app-template/yarn.lock",

integrations/completions/ort-completion.fish

@@ -149,7 +149,7 @@ complete -c ort -f -n __fish_use_subcommand -a report -d 'Present Analyzer, Scan
 ## Options for report
 complete -c ort -n "__fish_seen_subcommand_from report" -l ort-file -s i -r -F -d 'The ORT result file to use.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l output-dir -s o -r -F -d 'The output directory to store the generated reports in.'
-complete -c ort -n "__fish_seen_subcommand_from report" -l report-formats -s f -r -d 'A comma-separated list of report formats to generate, any of [AOSD2.0, AOSD2.1, CtrlXAutomation, CycloneDX, DocBookTemplate, EvaluatedModel, FossID, FossIdSnippet, HtmlTemplate, ManPageTemplate, Opossum, PdfTemplate, PlainTextTemplate, SpdxDocument, StaticHTML, TrustSource, WebApp].'
+complete -c ort -n "__fish_seen_subcommand_from report" -l report-formats -s f -r -d 'A comma-separated list of report formats to generate, any of [AOSD2.0, AOSD2.1, CtrlXAutomation, CycloneDX, DocBookTemplate, EvaluatedModel, FossID, FossIdSnippet, HtmlTemplate, ManPageTemplate, Opossum, PdfTemplate, PlainTextTemplate, ScanossSnippet, SpdxDocument, StaticHTML, TrustSource, WebApp].'
 complete -c ort -n "__fish_seen_subcommand_from report" -l copyright-garbage-file -r -F -d 'A file containing copyright statements which are marked as garbage. This can make the output inconsistent with the evaluator output but is useful when testing copyright garbage.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l custom-license-texts-dir -r -F -d 'A directory which maps custom license IDs to license texts. It should contain one text file per license with the license ID as the filename. A custom license text is used only if its ID has a \'LicenseRef-\' prefix and if the respective license text is not known by ORT.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l how-to-fix-text-provider-script -r -F -d 'The path to a Kotlin script which returns an instance of a \'HowToFixTextProvider\'. That provider injects how-to-fix texts in Markdown format for ORT issues.'

plugins/reporters/scanoss/build.gradle.kts

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    // Apply precompiled plugins.
+    id("ort-plugin-conventions")
+}
+
+dependencies {
+    api(projects.reporter)
+
+    ksp(projects.reporter)
+
+    implementation(projects.model)
+    implementation(projects.plugins.reporters.asciidocReporter)
+    implementation(projects.plugins.reporters.freemarkerReporter)
+    implementation(projects.utils.commonUtils)
+    implementation(projects.utils.ortUtils)
+
+    implementation(libs.kotlinx.coroutines)
+
+    testImplementation(libs.mockk)
+}

plugins/reporters/scanoss/src/main/kotlin/ScanossSnippetReporter.kt

@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.reporters.scanoss
+
+import java.io.File
+
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.plugins.reporters.asciidoc.AsciiDocTemplateReporterConfig
+import org.ossreviewtoolkit.plugins.reporters.asciidoc.HtmlTemplateReporter
+import org.ossreviewtoolkit.reporter.Reporter
+import org.ossreviewtoolkit.reporter.ReporterFactory
+import org.ossreviewtoolkit.reporter.ReporterInput
+
+@OrtPlugin(
+    displayName = "SCANOSS Snippet Reporter",
+    description = "Generates a detailed report of the SCANOSS snippet findings.",
+    factory = ReporterFactory::class
+)
+class ScanossSnippetReporter(override val descriptor: PluginDescriptor = ScanossSnippetReporterFactory.descriptor) :
+    Reporter by delegateReporter {
+    companion object {
+        private val delegateReporter = HtmlTemplateReporter(
+            ScanossSnippetReporterFactory.descriptor,
+            AsciiDocTemplateReporterConfig(templateIds = listOf("scanoss_snippet"), templatePaths = null)
+        )
+    }
+
+    override fun generateReport(input: ReporterInput, outputDir: File): List<Result<File>> {
+        val hasScanossResults = input.ortResult.scanner?.scanResults?.any { it.scanner.name == "SCANOSS" } == true
+        require(hasScanossResults) { "No SCANOSS scan results have been found." }
+
+        return delegateReporter.generateReport(input, outputDir)
+    }
+}

plugins/reporters/scanoss/src/main/resources/templates/.gitattributes

@@ -0,0 +1,2 @@
+# Use Unix line endings for Freemarker templates for consistency across platforms.
+**/*.ftl	text eol=lf

plugins/reporters/scanoss/src/main/resources/templates/asciidoc/scanoss_snippet.ftl

@@ -0,0 +1,141 @@
+[#--
+    Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        https://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+    SPDX-License-Identifier: Apache-2.0
+    License-Filename: LICENSE
+--]
+
+:publisher: OSS Review Toolkit
+[#assign now = .now]
+:revdate: ${now?date?iso_local}
+
+:title-page:
+:sectnums:
+:toc:
+
+= SCANOSS Snippets
+List of all the provenances with their files and snippets.
+[#list ortResult.scanner.scanResults as scanResult]
+
+[#assign snippetsLimitIssue = helper.getSnippetsLimitIssue()]
+
+[#if snippetsLimitIssue?has_content]
+[WARNING]
+====
+${snippetsLimitIssue}
+====
+[/#if]
+
+[#if scanResult.provenance.vcsInfo??]
+    [#assign url = scanResult.provenance.vcsInfo.url]
+[#else]
+    [#assign url = scanResult.provenance.sourceArtifact.url]
+[/#if]
+== Provenance '${url}'
+
+[#assign summary = scanResult.summary]
+
+Scan start time : ${summary.startTime} +
+End time : ${summary.startTime} +
+[#if scanResult.provenance.vcsInfo??]
+    [#assign gitRepoUrl = url]
+    [#assign gitRevision = scanResult.provenance.vcsInfo.revision]
+    Git repo URL: ${gitRepoUrl} +
+    Git revision: ${gitRevision}
+
+    [#if gitRepoUrl?contains("github.com")]
+        [#assign githubBaseURL = '${gitRepoUrl?remove_ending(".git")}/blob/${gitRevision}']
+    [/#if]
+[/#if]
+
+[#list helper.groupSnippetsByFile(summary.snippetFindings) as filePath, snippetFindings ]
+
+[#if gitRepoUrl?? && gitRepoUrl?contains("github.com")]
+    [#assign localFileURL = '${githubBaseURL}/${filePath}[${filePath}]']
+[#else]
+    [#assign localFileURL = "${filePath}"]
+[/#if]
+[#assign licenses = helper.collectLicenses(snippetFindings)]
+
+*${localFileURL}* +
+License(s):
+[#list licenses as license]
+  ${license}[#sep],
+[/#list]
+
+[#list helper.groupSnippetsBySourceLines(snippetFindings) as sourceLocation, snippetFinding]
+[#assign snippetCount = snippetFinding.snippets?size]
+
+[width=100%]
+[cols="1,3,4,1"]
+|===
+| Source Location | pURL | License | Score
+
+.${snippetCount*2}+|
+Partial match +
+${sourceLocation.startLine?c}-${sourceLocation.endLine?c}
+
+
+[#list snippetFinding.snippets as snippet ]
+
+| ${snippet.purl!""}
+| ${snippet.license!""}
+| ${snippet.score!""}
+
+4+a|
+.Create a snippet choice for this snippet or mark it as false positive
+[%collapsible]
+====
+Add the following lines to the *.ort.yml* file.
+
+To **choose** this snippet:
+[source,yaml]
+--
+snippet_choices:
+- provenance:
+    url: "${scanResult.provenance.vcsInfo.url}"
+  choices:
+  - given:
+      source_location:
+        path: "${filePath}"
+        start_line: ${snippetFinding.sourceLocation.startLine?c}
+        end_line: ${snippetFinding.sourceLocation.endLine?c}
+    choice:
+      purl: "${snippet.purl!""}"
+      reason: "ORIGINAL_FINDING"
+      comment: "Explain why this snippet choice was made"
+--
+Or to mark this location has having ONLY **false positives snippets**:
+[source,yaml]
+--
+snippet_choices:
+- provenance:
+    url: "${scanResult.provenance.vcsInfo.url}"
+  choices:
+  - given:
+      source_location:
+        path: "${filePath}"
+        start_line: ${snippetFinding.sourceLocation.startLine?c}
+        end_line: ${snippetFinding.sourceLocation.endLine?c}
+    choice:
+      reason: "NO_RELEVANT_FINDING"
+      comment: "Explain why this location has only false positives snippets"
+--
+====
+[/#list]
+|===
+[/#list]
+[/#list]
+[/#list]

plugins/reporters/scanoss/src/main/resources/templates/freemarker_implicit.ftl

@@ -0,0 +1,10 @@
+[#ftl]
+[#-- @implicitly included --]
+
+[#-- @ftlvariable name="projects" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="packages" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="ortResult" type="org.ossreviewtoolkit.model.OrtResult" --]
+[#-- @ftlvariable name="licenseTextProvider" type="org.ossreviewtoolkit.reporter.LicenseTextProvider" --]
+[#-- @ftlvariable name="LicenseView" type="org.ossreviewtoolkit.model.licenses.LicenseView" --]
+[#-- @ftlvariable name="helper" type="org.ossreviewtoolkit.plugins.reporters.freemarker.FreemarkerTemplateProcessor.TemplateHelper" --]
+[#-- @ftlvariable name="projectsAsPackages" type="kotlin.collections.Set<org.ossreviewtoolkit.model.Identifier>" --]