Skip to content

Migrate SCANOSS implementation to use SCANOSS SDK #10265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 5, 2025
Merged

Migrate SCANOSS implementation to use SCANOSS SDK #10265

merged 3 commits into from
May 5, 2025

Conversation

@isasmendiagus
Copy link
Contributor

@isasmendiagus isasmendiagus commented May 5, 2025

This PR migrates the SCANOSS integration from direct API calls to the official Java SDK.

Changes include:

  • Removing path anonymization (to be implemented in upstream SDK later)
  • Replacing custom API implementations with SDK methods
  • Setting matcher property to null to prevent loading results from scan storage

@isasmendiagus
refactor(scanoss): Remove path anonymization from SCANOSS implementation
497788c 
Remove the path anonymization functionality from the existing SCANOSS
implementation as preparation for migrating to the Java SCANOSS SDK.

This is a temporary removal. While path anonymization is not yet available
in the SDK, we plan to implement this feature in the upstream SDK in the
future.

This approach allows us to consolidate all SCANOSS functionality in the SDK
rather than maintaining custom implementations.

Signed-off-by: Agustin Isasmendi <[email protected]>
@isasmendiagus
refactor(scanoss): Replace direct API calls with SCANOSS SDK
ff0224c 
Replace custom direct API calls to SCANOSS with the official Java SDK.
This change improves maintainability by leveraging the SDK's functionality
instead of maintaining custom implementation for API interactions.

Signed-off-by: Agustin Isasmendi <[email protected]>
@isasmendiagus
refactor(scanoss): Set SCANOSS matcher property to null
e5571b4 
It forces the SCANOSS scanner's matcher property to null to prevent loading
results from scan storage. This follows the same approach implemented for
other snippet scanners, where the consensus was that snippet scanner
results should never come from scan storage.

This fixes an issue where `context.excludes` was being nullified in
`ScanOss.scanPath()`, preventing proper application of exclusion
patterns.

Signed-off-by: Agustin Isasmendi <[email protected]>
@isasmendiagus isasmendiagus requested a review from a team as a code owner May 5, 2025 15:47
@isasmendiagus isasmendiagus mentioned this pull request May 5, 2025
Closed
@sschuberth sschuberth enabled auto-merge (rebase) May 5, 2025 17:38
mnonnenmacher
mnonnenmacher reviewed May 5, 2025
View reviewed changes
plugins/scanners/scanoss/src/main/kotlin/ScanOss.kt
)
)
}
override val matcher: ScannerMatcher? = null
Copy link
Member

@mnonnenmacher mnonnenmacher May 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@isasmendiagus You should also change the property below to override val readFromStorage = false and remove the readFromStorage property from the config class, like it is also done in FossId.
I'm not requesting a change because you can also do it separately.

Copy link
Contributor Author

@isasmendiagus isasmendiagus May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't seen that. I'll implement the change on PR #10287

Copy link
Member

@sschuberth sschuberth May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@isasmendiagus, please create a separate PR for this, as I want to get this in earlier than our discussion about the report generation PR will come to a conclusion.

Copy link
Member

@sschuberth sschuberth May 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See #10291.

@codecov
Copy link

codecov bot commented May 5, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 56.46%. Comparing base (b13bfe0) to head (e5571b4).
Report is 3 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #10265      +/-   ##
============================================
+ Coverage     56.39%   56.46%   +0.06%     
- Complexity     1602     1603       +1     
============================================
  Files           331      331              
  Lines         12261    12261              
  Branches       1141     1141              
============================================
+ Hits           6915     6923       +8     
+ Misses         4897     4889       -8     
  Partials        449      449
Flag Coverage Δ
funTest-docker 68.73% <ø> (+0.12%) ⬆️
funTest-non-docker 33.42% <ø> (ø)
test-ubuntu-24.04 40.23% <ø> (ø)
test-windows-2022 40.21% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@sschuberth sschuberth merged commit dfa4ee1 into oss-review-toolkit:main May 5, 2025
25 checks passed
@isasmendiagus isasmendiagus mentioned this pull request May 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sschuberth sschuberth sschuberth approved these changes

@mnonnenmacher mnonnenmacher mnonnenmacher left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@isasmendiagus @sschuberth @mnonnenmacher