You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@cgi-ricardo thanks for the report, this is a bug indeed.
Note that we are able to detect the license correctly in the context of a package, where we extract license statements in the specific context of the package manifest and then scan that statement for licenses.
But we also scan the package manfiest files (here the pom.xml) with a license scanner without using the context, as a whole file, and there we are getting false positives:
Note that we are also detecting that there is something wrong with the match and hence considering this as a clue instead of a detection, and so not reporting this in the resource license_expression too.
But we can do better:
Add specific rules to detect this as a public-domain license
Do more to combine file and package license detections to remove ambiguity in these cases.
This detection issue is actually present in scancode-toolkit, so moving it there. Also attaching the scancode-toolkit scan results.
Describe the bug
Running scancode for the following github package (https://github.com/stleary/JSON-java/tree/20230227), it doesn't detect the license inside the pom.xml file (https://github.com/stleary/JSON-java/blob/20230227/pom.xml)
System configuration
Expected behavior
Expect to detect the Public Domain license.
The text was updated successfully, but these errors were encountered: