scanoss 1.40.1__py3-none-any.whl → 1.41.1__py3-none-any.whl

scanoss/__init__.py

@@ -22,4 +22,4 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-__version__ = '1.40.1'
+__version__ = '1.41.1'

scanoss/cli.py

@@ -55,6 +55,7 @@ from . import __version__
 from .components import Components
 from .constants import (
     DEFAULT_API_TIMEOUT,
+    DEFAULT_COPYLEFT_LICENSE_SOURCES,
     DEFAULT_HFH_DEPTH,
     DEFAULT_HFH_MIN_ACCEPTED_SCORE,
     DEFAULT_HFH_RANK_THRESHOLD,
@@ -64,6 +65,7 @@ from .constants import (
     DEFAULT_TIMEOUT,
     MIN_TIMEOUT,
     PYTHON_MAJOR_VERSION,
+    VALID_LICENSE_SOURCES,
 )
 from .csvoutput import CsvOutput
 from .cyclonedx import CycloneDx
@@ -699,6 +701,17 @@ def setup_args() -> None:  # noqa: PLR0912, PLR0915
         p.add_argument('--exclude', help='Licenses to exclude from analysis (comma-separated list)')
         p.add_argument('--explicit', help='Use only these specific licenses for analysis (comma-separated list)')
 
+    # License source filtering
+    for p in [p_inspect_raw_copyleft, p_inspect_legacy_copyleft]:
+        p.add_argument(
+            '-ls', '--license-sources',
+            action='extend',
+            nargs='+',
+            choices=VALID_LICENSE_SOURCES,
+            help=f'Specify which license sources to check for copyleft violations. Each license object in scan results '
+                 f'has a source field indicating its origin. Default: {", ".join(DEFAULT_COPYLEFT_LICENSE_SOURCES)}',
+        )
+
     # Common options for (legacy) copyleft and undeclared component inspection
     for p in [p_inspect_raw_copyleft, p_inspect_raw_undeclared, p_inspect_legacy_copyleft, p_inspect_legacy_undeclared]:
         p.add_argument('-i', '--input', nargs='?', help='Path to scan results file to analyse')
@@ -1752,6 +1765,7 @@ def inspect_copyleft(parser, args):
             include=args.include,  # Additional licenses to check
             exclude=args.exclude,  # Licenses to ignore
             explicit=args.explicit,  # Explicit license list
+            license_sources=args.license_sources,  # License sources to check (list)
         )
         # Execute inspection and exit with appropriate status code
         status, _ = i_copyleft.run()

scanoss/constants.py

@@ -17,3 +17,6 @@ DEFAULT_HFH_RANK_THRESHOLD = 5
 DEFAULT_HFH_DEPTH = 1
 DEFAULT_HFH_RECURSIVE_THRESHOLD = 0.8
 DEFAULT_HFH_MIN_ACCEPTED_SCORE = 0.15
+
+VALID_LICENSE_SOURCES = ['component_declared', 'license_file', 'file_header', 'file_spdx_tag', 'scancode']
+DEFAULT_COPYLEFT_LICENSE_SOURCES = ['component_declared', 'license_file']

scanoss/data/build_date.txt

@@ -1 +1 @@
-date: 20251029145743, utime: 1761749863
+date: 20251217130422, utime: 1765976662

scanoss/data/osadl-copyleft.json

@@ -0,0 +1,133 @@
+{
+    "title": "OSADL Open Source License Obligations Checklist (https:\/\/www.osadl.org\/Checklists)",
+    "license": "Creative Commons Attribution 4.0 International license (CC-BY-4.0)",
+    "attribution": "A project by the Open Source Automation Development Lab (OSADL) eG. For further information about the project see the description at www.osadl.org\/checklists.",
+    "copyright": "(C) 2017 - 2024 Open Source Automation Development Lab (OSADL) eG and contributors, info@osadl.org",
+    "disclaimer": "The checklists and particularly the copyleft data have been assembled with maximum diligence and care; however, the authors do not warrant nor can be held liable in any way for its correctness, usefulness, merchantibility or fitness for a particular purpose as far as permissible by applicable law. Anyone who uses the information does this on his or her sole responsibility. For any individual legal advice, it is recommended to contact a lawyer.",
+    "timeformat": "%Y-%m-%dT%H:%M:%S%z",
+    "timestamp": "2025-10-30T11:23:00+0000",
+    "copyleft": 
+    {
+        "0BSD": "No",
+        "AFL-2.0": "No",
+        "AFL-2.1": "No",
+        "AFL-3.0": "No",
+        "AGPL-3.0-only": "Yes",
+        "AGPL-3.0-or-later": "Yes",
+        "Apache-1.0": "No",
+        "Apache-1.1": "No",
+        "Apache-2.0": "No",
+        "APSL-2.0": "Yes (restricted)",
+        "Artistic-1.0": "No",
+        "Artistic-1.0-Perl": "No",
+        "Artistic-2.0": "No",
+        "Bitstream-Vera": "No",
+        "blessing": "No",
+        "BlueOak-1.0.0": "No",
+        "BSD-1-Clause": "No",
+        "BSD-2-Clause": "No",
+        "BSD-2-Clause-Patent": "No",
+        "BSD-3-Clause": "No",
+        "BSD-3-Clause-Open-MPI": "No",
+        "BSD-4-Clause": "No",
+        "BSD-4-Clause-UC": "No",
+        "BSD-4.3TAHOE": "No",
+        "BSD-Source-Code": "No",
+        "BSL-1.0": "No",
+        "bzip2-1.0.5": "No",
+        "bzip2-1.0.6": "No",
+        "CC-BY-2.5": "No",
+        "CC-BY-3.0": "No",
+        "CDDL-1.0": "Yes (restricted)",
+        "CDDL-1.1": "Yes (restricted)",
+        "CPL-1.0": "Yes",
+        "curl": "No",
+        "ECL-1.0": "No",
+        "ECL-2.0": "No",
+        "EFL-2.0": "No",
+        "EPL-1.0": "Yes",
+        "EPL-2.0": "Yes (restricted)",
+        "EUPL-1.1": "Yes",
+        "EUPL-1.2": "Yes",
+        "FSFAP": "No",
+        "FSFUL": "No",
+        "FSFULLR": "No",
+        "FSFULLRWD": "No",
+        "FTL": "No",
+        "GPL-1.0-only": "Yes",
+        "GPL-1.0-or-later": "Yes",
+        "GPL-2.0-only": "Yes",
+        "GPL-2.0-only WITH Classpath-exception-2.0": "Yes (restricted)",
+        "GPL-2.0-or-later": "Yes",
+        "GPL-3.0-only": "Yes",
+        "GPL-3.0-or-later": "Yes",
+        "HPND": "No",
+        "IBM-pibs": "No",
+        "ICU": "No",
+        "IJG": "No",
+        "ImageMagick": "No",
+        "Info-ZIP": "No",
+        "IPL-1.0": "Yes",
+        "ISC": "No",
+        "JasPer-2.0": "No",
+        "LGPL-2.0-only": "Yes (restricted)",
+        "LGPL-2.0-or-later": "Yes (restricted)",
+        "LGPL-2.1-only": "Yes (restricted)",
+        "LGPL-2.1-or-later": "Yes (restricted)",
+        "LGPL-3.0-only": "Yes (restricted)",
+        "LGPL-3.0-or-later": "Yes (restricted)",
+        "Libpng": "No",
+        "libpng-2.0": "No",
+        "libtiff": "No",
+        "LicenseRef-scancode-bsla-no-advert": "No",
+        "LicenseRef-scancode-info-zip-2003-05": "No",
+        "LicenseRef-scancode-ppp": "No",
+        "Minpack": "No",
+        "MirOS": "No",
+        "MIT": "No",
+        "MIT-0": "No",
+        "MIT-CMU": "No",
+        "MPL-1.1": "Yes (restricted)",
+        "MPL-2.0": "Yes (restricted)",
+        "MPL-2.0-no-copyleft-exception": "Yes (restricted)",
+        "MS-PL": "Questionable",
+        "MS-RL": "Yes (restricted)",
+        "NBPL-1.0": "No",
+        "NCSA": "No",
+        "NTP": "No",
+        "OFL-1.1": "Yes (restricted)",
+        "OGC-1.0": "No",
+        "OLDAP-2.8": "No",
+        "OpenSSL": "Questionable",
+        "OSL-3.0": "Yes",
+        "PHP-3.01": "No",
+        "PostgreSQL": "No",
+        "PSF-2.0": "No",
+        "Python-2.0": "No",
+        "Qhull": "No",
+        "RSA-MD": "No",
+        "Saxpath": "No",
+        "SGI-B-2.0": "No",
+        "Sleepycat": "Yes",
+        "SMLNJ": "No",
+        "Spencer-86": "No",
+        "SSH-OpenSSH": "No",
+        "SSH-short": "No",
+        "SunPro": "No",
+        "Ubuntu-font-1.0": "Yes (restricted)",
+        "Unicode-3.0": "No",
+        "Unicode-DFS-2015": "No",
+        "Unicode-DFS-2016": "No",
+        "Unlicense": "No",
+        "UPL-1.0": "No",
+        "W3C": "No",
+        "W3C-19980720": "No",
+        "W3C-20150513": "No",
+        "WTFPL": "No",
+        "X11": "No",
+        "XFree86-1.1": "No",
+        "Zlib": "No",
+        "zlib-acknowledgement": "No",
+        "ZPL-2.0": "No"
+    }
+}

scanoss/filecount.py

@@ -26,6 +26,7 @@ import csv
 import os
 import pathlib
 import sys
+from contextlib import nullcontext
 
 from progress.spinner import Spinner
 
@@ -105,48 +106,46 @@ class FileCount(ScanossBase):
         """
         success = True
         if not scan_dir:
-            raise Exception(f'ERROR: Please specify a folder to scan')
+            raise Exception('ERROR: Please specify a folder to scan')
         if not os.path.exists(scan_dir) or not os.path.isdir(scan_dir):
             raise Exception(f'ERROR: Specified folder does not exist or is not a folder: {scan_dir}')
 
         self.print_msg(f'Searching {scan_dir} for files to count...')
-        spinner = None
-        if not self.quiet and self.isatty:
-            spinner = Spinner('Searching ')
-        file_types = {}
-        file_count = 0
-        file_size = 0
-        for root, dirs, files in os.walk(scan_dir):
-            self.print_trace(f'U Root: {root}, Dirs: {dirs}, Files {files}')
-            dirs[:] = self.__filter_dirs(dirs)  # Strip out unwanted directories
-            filtered_files = self.__filter_files(files)  # Strip out unwanted files
-            self.print_trace(f'F Root: {root}, Dirs: {dirs}, Files {filtered_files}')
-            for file in filtered_files:  # Cycle through each filtered file
-                path = os.path.join(root, file)
-                f_size = 0
-                try:
-                    f_size = os.stat(path).st_size
-                except Exception as e:
-                    self.print_trace(f'Ignoring missing symlink file: {file} ({e})')  # broken symlink
-                if f_size > 0:  # Ignore broken links and empty files
-                    file_count = file_count + 1
-                    file_size = file_size + f_size
-                    f_suffix = pathlib.Path(file).suffix
-                    if not f_suffix or f_suffix == '':
-                        f_suffix = 'no_suffix'
-                    self.print_trace(f'Counting {path} ({f_suffix} - {f_size})..')
-                    fc = file_types.get(f_suffix)
-                    if not fc:
-                        fc = [1, f_size]
-                    else:
-                        fc[0] = fc[0] + 1
-                        fc[1] = fc[1] + f_size
-                    file_types[f_suffix] = fc
-                    if spinner:
-                        spinner.next()
-        # End for loop
-        if spinner:
-            spinner.finish()
+        spinner_ctx = Spinner('Searching ') if (not self.quiet and self.isatty) else nullcontext()
+
+        with spinner_ctx as spinner:
+            file_types = {}
+            file_count = 0
+            file_size = 0
+            for root, dirs, files in os.walk(scan_dir):
+                self.print_trace(f'U Root: {root}, Dirs: {dirs}, Files {files}')
+                dirs[:] = self.__filter_dirs(dirs)  # Strip out unwanted directories
+                filtered_files = self.__filter_files(files)  # Strip out unwanted files
+                self.print_trace(f'F Root: {root}, Dirs: {dirs}, Files {filtered_files}')
+                for file in filtered_files:  # Cycle through each filtered file
+                    path = os.path.join(root, file)
+                    f_size = 0
+                    try:
+                        f_size = os.stat(path).st_size
+                    except Exception as e:
+                        self.print_trace(f'Ignoring missing symlink file: {file} ({e})')  # broken symlink
+                    if f_size > 0:  # Ignore broken links and empty files
+                        file_count = file_count + 1
+                        file_size = file_size + f_size
+                        f_suffix = pathlib.Path(file).suffix
+                        if not f_suffix or f_suffix == '':
+                            f_suffix = 'no_suffix'
+                        self.print_trace(f'Counting {path} ({f_suffix} - {f_size})..')
+                        fc = file_types.get(f_suffix)
+                        if not fc:
+                            fc = [1, f_size]
+                        else:
+                            fc[0] = fc[0] + 1
+                            fc[1] = fc[1] + f_size
+                        file_types[f_suffix] = fc
+                        if spinner:
+                            spinner.next()
+            # End for loop
         self.print_stderr(f'Found {file_count:,.0f} files with a total size of {file_size / (1 << 20):,.2f} MB.')
         if file_types:
             csv_dict = []

scanoss/inspection/policy_check/scanoss/copyleft.py

@@ -26,6 +26,8 @@ import json
 from dataclasses import dataclass
 from typing import Dict, List
 
+from scanoss.constants import DEFAULT_COPYLEFT_LICENSE_SOURCES
+
 from ...policy_check.policy_check import PolicyCheck, PolicyOutput, PolicyStatus
 from ...utils.markdown_utils import generate_jira_table, generate_table
 from ...utils.scan_result_processor import ScanResultProcessor
@@ -63,6 +65,7 @@ class Copyleft(PolicyCheck[Component]):
         include: str = None,
         exclude: str = None,
         explicit: str = None,
+        license_sources: list = None,
     ):
         """
         Initialise the Copyleft class.
@@ -77,6 +80,7 @@ class Copyleft(PolicyCheck[Component]):
         :param include: Licenses to include in the analysis
         :param exclude: Licenses to exclude from the analysis
         :param explicit: Explicitly defined licenses
+        :param license_sources: List of license sources to check
         """
         super().__init__(
             debug, trace, quiet, format_type, status, name='Copyleft Policy', output=output
@@ -85,6 +89,7 @@ class Copyleft(PolicyCheck[Component]):
         self.filepath = filepath
         self.output = output
         self.status = status
+        self.license_sources = license_sources or DEFAULT_COPYLEFT_LICENSE_SOURCES
         self.results_processor = ScanResultProcessor(
             self.debug,
             self.trace,
@@ -92,7 +97,8 @@ class Copyleft(PolicyCheck[Component]):
             self.filepath,
             include,
             exclude,
-            explicit)
+            explicit,
+            self.license_sources)
 
     def _json(self, components: list[Component]) -> PolicyOutput:
         """

scanoss/inspection/utils/license_utils.py

@@ -22,96 +22,90 @@ SPDX-License-Identifier: MIT
   THE SOFTWARE.
 """
 
-from ...scanossbase import ScanossBase
+from scanoss.osadl import Osadl
 
-DEFAULT_COPYLEFT_LICENSES = {
-    'agpl-3.0-only',
-    'artistic-1.0',
-    'artistic-2.0',
-    'cc-by-sa-4.0',
-    'cddl-1.0',
-    'cddl-1.1',
-    'cecill-2.1',
-    'epl-1.0',
-    'epl-2.0',
-    'gfdl-1.1-only',
-    'gfdl-1.2-only',
-    'gfdl-1.3-only',
-    'gpl-1.0-only',
-    'gpl-2.0-only',
-    'gpl-3.0-only',
-    'lgpl-2.1-only',
-    'lgpl-3.0-only',
-    'mpl-1.1',
-    'mpl-2.0',
-    'sleepycat',
-    'watcom-1.0',
-}
+from ...scanossbase import ScanossBase
 
 
 class LicenseUtil(ScanossBase):
     """
     A utility class for handling software licenses, particularly copyleft licenses.
 
-    This class provides functionality to initialize, manage, and query a set of
-    copyleft licenses. It also offers a method to generate URLs for license information.
+    Uses OSADL (Open Source Automation Development Lab) authoritative copyleft data
+    with optional include/exclude/explicit filters.
     """
 
     BASE_SPDX_ORG_URL = 'https://spdx.org/licenses'
-    BASE_OSADL_URL = 'https://www.osadl.org/fileadmin/checklists/unreflicenses'
 
     def __init__(self, debug: bool = False, trace: bool = True, quiet: bool = False):
         super().__init__(debug, trace, quiet)
-        self.default_copyleft_licenses = set(DEFAULT_COPYLEFT_LICENSES)
-        self.copyleft_licenses = set()
+        self.osadl = Osadl(debug=debug, trace=trace, quiet=quiet)
+        self.include_licenses = set()
+        self.exclude_licenses = set()
+        self.explicit_licenses = set()
 
     def init(self, include: str = None, exclude: str = None, explicit: str = None):
         """
-        Initialize the set of copyleft licenses based on user input.
-
-        This method allows for customization of the copyleft license set by:
-        - Setting an explicit list of licenses
-        - Including additional licenses to the default set
-        - Excluding specific licenses from the default set
+        Initialize copyleft license filters.
 
-        :param include: Comma-separated string of licenses to include
-        :param exclude: Comma-separated string of licenses to exclude
-        :param explicit: Comma-separated string of licenses to use exclusively
+        :param include: Comma-separated licenses to mark as copyleft (in addition to OSADL)
+        :param exclude: Comma-separated licenses to mark as NOT copyleft (override OSADL)
+        :param explicit: Comma-separated licenses to use exclusively (ignore OSADL)
         """
-        if self.debug:
-            self.print_stderr(f'Include Copyleft licenses: ${include}')
-            self.print_stderr(f'Exclude Copyleft licenses: ${exclude}')
-            self.print_stderr(f'Explicit Copyleft licenses: ${explicit}')
-        if explicit:
-            explicit = explicit.strip()
+        # Reset previous filters so init() can be safely called multiple times
+        self.include_licenses.clear()
+        self.exclude_licenses.clear()
+        self.explicit_licenses.clear()
+
+        # Parse explicit list (if provided, ignore OSADL completely)
         if explicit:
-            exp = [item.strip().lower() for item in explicit.split(',')]
-            self.copyleft_licenses = set(exp)
-            self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.explicit_licenses = {lic.strip().lower() for lic in explicit.split(',') if lic.strip()}
+            self.print_debug(f'Explicit copyleft licenses: {self.explicit_licenses}')
             return
-        # If no explicit licenses were set, set default ones
-        self.copyleft_licenses = self.default_copyleft_licenses.copy()
-        if include:
-            include = include.strip()
+
+        # Parse include list (mark these as copyleft in addition to OSADL)
         if include:
-            inc = [item.strip().lower() for item in include.split(',')]
-            self.copyleft_licenses.update(inc)
-        if exclude:
-            exclude = exclude.strip()
+            self.include_licenses = {lic.strip().lower() for lic in include.split(',') if lic.strip()}
+            self.print_debug(f'Include licenses: {self.include_licenses}')
+
+        # Parse exclude list (mark these as NOT copyleft, overriding OSADL)
         if exclude:
-            inc = [item.strip().lower() for item in exclude.split(',')]
-            for lic in inc:
-                self.copyleft_licenses.discard(lic)
-        self.print_debug(f'Copyleft licenses: ${self.copyleft_licenses}')
+            self.exclude_licenses = {lic.strip().lower() for lic in exclude.split(',') if lic.strip()}
+            self.print_debug(f'Exclude licenses: {self.exclude_licenses}')
 
     def is_copyleft(self, spdxid: str) -> bool:
         """
-        Check if a given license is considered copyleft.
+        Check if a license is copyleft.
+
+        Logic:
+        1. If explicit list provided → check if license in explicit list
+        2. If license in include list → return True
+        3. If license in exclude list → return False
+        4. Otherwise → use OSADL authoritative data
 
-        :param spdxid: The SPDX identifier of the license to check
-        :return: True if the license is copyleft, False otherwise
+        :param spdxid: SPDX license identifier
+        :return: True if copyleft, False otherwise
         """
-        return spdxid.lower() in self.copyleft_licenses
+        if not spdxid:
+            self.print_debug('No license ID provided for copyleft check')
+            return False
+
+        spdxid_lc = spdxid.lower()
+
+        # Explicit mode: use only the explicit list
+        if self.explicit_licenses:
+            return spdxid_lc in self.explicit_licenses
+
+        # Include filter: if license in include list, force copyleft=True
+        if spdxid_lc in self.include_licenses:
+            return True
+
+        # Exclude filter: if license in exclude list, force copyleft=False
+        if spdxid_lc in self.exclude_licenses:
+            return False
+
+        # No filters matched, use OSADL authoritative data
+        return self.osadl.is_copyleft(spdxid)
 
     def get_spdx_url(self, spdxid: str) -> str:
         """
@@ -122,14 +116,6 @@ class LicenseUtil(ScanossBase):
         """
         return f'{self.BASE_SPDX_ORG_URL}/{spdxid}.html'
 
-    def get_osadl_url(self, spdxid: str) -> str:
-        """
-        Generate the URL for the OSADL (Open Source Automation Development Lab) page of a license.
-
-        :param spdxid: The SPDX identifier of the license
-        :return: The URL of the OSADL page for the given license
-        """
-        return f'{self.BASE_OSADL_URL}/{spdxid}.txt'
 
 
 #

scanoss/inspection/utils/scan_result_processor.py

@@ -71,11 +71,13 @@ class ScanResultProcessor(ScanossBase):
         include: str = None,
         exclude: str = None,
         explicit: str = None,
+        license_sources: list = None,
     ):
         super().__init__(debug, trace, quiet)
         self.result_file_path = result_file_path
         self.license_util = LicenseUtil()
         self.license_util.init(include, exclude, explicit)
+        self.license_sources = license_sources
         self.results = self._load_input_file()
 
     def get_results(self) -> Dict[str, Any]:
@@ -162,9 +164,11 @@ class ScanResultProcessor(ScanossBase):
             self.print_debug(f'WARNING: Results missing licenses. Skipping: {new_component}')
             return
 
-        licenses_order_by_source_priority = self._get_licenses_order_by_source_priority(new_component['licenses'])
+        # Select licenses based on configuration (filtering or priority mode)
+        selected_licenses = self._select_licenses(new_component['licenses'])
+
         # Process licenses for this component
-        for license_item in licenses_order_by_source_priority:
+        for license_item in selected_licenses:
             if license_item.get('name'):
                 spdxid = license_item['name']
                 source = license_item.get('source')
@@ -309,19 +313,26 @@ class ScanResultProcessor(ScanossBase):
                 component['licenses'] = []
         return results_list
 
-    def _get_licenses_order_by_source_priority(self,licenses_data):
+    def _select_licenses(self, licenses_data):
         """
-        Select licenses based on source priority:
-        1. component_declared (highest priority)
-        2. license_file
-        3. file_header
-        4. scancode (lowest priority)
+        Select licenses based on configuration.
+
+        Two modes:
+        - Filtering mode: If license_sources specified, filter to those sources
+        - Priority mode: Otherwise, use original priority-based selection
 
-        If any high-priority source is found, return only licenses from that source.
-        If none found, return all licenses.
+        Args:
+            licenses_data: List of license dictionaries
 
-        Returns: list with ordered licenses by source.
+        Returns:
+            Filtered list of licenses based on configuration
         """
+        # Filtering mode, when license_sources is explicitly provided
+        if self.license_sources:
+            sources_to_include = set(self.license_sources) | {'unknown'}
+            return [lic for lic in licenses_data
+                    if lic.get('source') in sources_to_include or lic.get('source') is None]
+
         # Define priority order (highest to lowest)
         priority_sources = ['component_declared', 'license_file', 'file_header', 'scancode']