This is a channel focused on ScanCode support and not as noisy as the main discuss channel
@Thomshan this is proprietary alright : https://repo1.maven.org/maven2/javax/servlet/jsp/jsp-api/2.1/ the jsp_2_0.xsd file ins there has this license:
Copyright 2003 Sun Microsystems, Inc., 901 San Antonio Road, Palo Alto, California 94303, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and other countries. This document and the technology which it describes are distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Sun, Sun Microsystems, the Sun logo, Solaris, Java, J2EE, JavaServer Pages, Enterprise JavaBeans and the Java Coffee Cup logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Federal Acquisitions: Commercial Software - Government Users Subject to Standard License Terms and Conditions.
This document and the technology which it describes are distributed under licenses restricting their use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any.
there have been quite a few changes since 3.2.1rc2:
https://github.com/nexB/scancode-toolkit/compare/v3.2.1rc2...develop
like over 1000 commits
Showing 25,888 changed files with 281,590 additions and 385,844 deletions.
@balakrishna-mukundaraj May I suggest that you review the changes in one plugin such as:
https://github.com/nexB/scancode-toolkit/blob/develop/src/formattedcode/output_json.py
and
https://github.com/nexB/scancode-toolkit/blob/v3.2.1rc2/src/formattedcode/output_json.py
@balakrishna-mukundaraj that said the key change seems to be
@output_impl
class JsonPrettyOutput(OutputPlugin):
options = [
CommandLineOption(('--json-pp', 'output_json_pp',),
type=FileOptionType(mode=mode, lazy=True),
metavar='FILE',
help='Write scan output as pretty-printed JSON to FILE.',
help_group=OUTPUT_GROUP,
sort_order=10),
]
which becomes now:
@output_impl
class JsonPrettyOutput(OutputPlugin):
options = [
PluggableCommandLineOption(('--json-pp', 'output_json_pp',),
type=FileOptionType(mode='w', encoding='utf-8', lazy=True),
metavar='FILE',
help='Write scan output as pretty-printed JSON to FILE.',
help_group=OUTPUT_GROUP,
sort_order=10),
]
@guddutopper yes and no.
So the --package option will detect the packages and report dependencies (say in a pom.xml). So you will get the list in this way, at elast the list of direct dependencies.
It will not (yet) resolve nor fetch the dependencies tree to analyze them.
They would have to be in the scanned dir to be analyzed.
They would likely need to be extracted first with extractcode too, at least for now.
scancode --package -n4
and no -cl yet?