From 2d0f991ec0c359d9d8221c8a5382cf01f3f907c3 Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Thu, 27 Nov 2025 22:53:48 +0100 Subject: [PATCH 1/2] refactor: Align with `licenseSource` having changed to a `Set` Signed-off-by: Frank Viernau --- evaluator.rules.kts | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/evaluator.rules.kts b/evaluator.rules.kts index 0e2c4c05..787ce81f 100644 --- a/evaluator.rules.kts +++ b/evaluator.rules.kts @@ -1162,7 +1162,7 @@ fun RuleSet.commercialInDependencyRule() = packageRule("COMMERCIAL_IN_DEPENDENCY error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'commercial' " + "categorized license $license. This requires approval.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1182,7 +1182,7 @@ fun RuleSet.copyleftInDependencyRule() = packageRule("COPYLEFT_IN_DEPENDENCY") { error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'copyleft' " + "categorized license $license.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1202,7 +1202,7 @@ fun RuleSet.copyleftLimitedInDependencyRule() = dependencyRule("COPYLEFT_LIMITED error( "The dependency '${pkg.metadata.id.toCoordinates()}' is statically linked and licensed under the " + "ScanCode 'copyleft-limited' categorized license $license.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1220,9 +1220,9 @@ fun RuleSet.copyleftInSourceRule() = packageRule("COPYLEFT_IN_SOURCE") { } error( - "The ScanCode 'copyleft' categorized license $license was ${licenseSource.name.lowercase()} in project " + + "The ScanCode 'copyleft' categorized license $license was ${licenseSources.single().name.lowercase()} in project " + "'${pkg.metadata.id.toCoordinates()}'.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1240,9 +1240,9 @@ fun RuleSet.copyleftLimitedInSourceRule() = packageRule("COPYLEFT_LIMITED_IN_SOU } error( - "The ScanCode 'copyleft-limited' categorized license $license was ${licenseSource.name.lowercase()} in " + + "The ScanCode 'copyleft-limited' categorized license $license was ${licenseSources.single().name.lowercase()} in " + "project '${pkg.metadata.id.toCoordinates()}'.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1297,7 +1297,7 @@ fun RuleSet.freeRestrictedInDependencyRule() = packageRule("FREE_RESTRICTED_IN_D error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'free-restricted' " + "categorized license $license. This requires approval.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1319,7 +1319,7 @@ fun RuleSet.genericInDependencyRule() = packageRule("GENERIC_IN_DEPENDENCY") { "The dependency '${pkg.metadata.id.toCoordinates()}' might contain a license which is unknown to the " + " tooling. It was detected as $license which is just a trigger, but not a real license. Please " + "create a dedicated license identifier if the finding is valid.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1459,7 +1459,7 @@ fun RuleSet.patentInDependencyRule() = packageRule("PATENT_IN_DEPENDENCY") { error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'patent-license' " + "categorized license $license. This requires approval.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1479,7 +1479,7 @@ fun RuleSet.proprietaryFreeInDependencyRule() = packageRule("PROPRIETARY_FREE_IN error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'proprietary-free' " + "categorized license $license. This requires approval.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1501,7 +1501,7 @@ fun RuleSet.unkownInDependencyRule() = packageRule("UNKNOWN_IN_DEPENDENCY") { "The dependency '${pkg.metadata.id.toCoordinates()}' might contain a license which is unknown to the " + " tooling. It was detected as $license which is just a trigger, but not a real license. Please " + "create a dedicated license identifier if the finding is valid.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1521,7 +1521,7 @@ fun RuleSet.unstatedInDependencyRule() = packageRule("UNSTATED_IN_DEPENDENCY") { error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'unstated-licenses' " + "categorized license $license. This requires approval.", - howToFixLicenseViolationDefault(license.toString(), licenseSource) + howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) ) } } @@ -1591,9 +1591,9 @@ fun RuleSet.unhandledLicenseRule() = packageRule("UNHANDLED_LICENSE") { error( "The license $license is currently not covered by policy rules. " + - "The license was ${licenseSource.name.lowercase()} in package " + + "The license was ${licenseSources.single().name.lowercase()} in package " + "'${pkg.metadata.id.toCoordinates()}'.", - howToFixUnhandledLicense(license.toString(), licenseSource) + howToFixUnhandledLicense(license.toString(), licenseSources.single()) ) } } From 301d14675bd92ce5c8b4196559d22d201ad8adf1 Mon Sep 17 00:00:00 2001 From: Frank Viernau Date: Thu, 27 Nov 2025 23:02:41 +0100 Subject: [PATCH 2/2] feat(rules): Illustrate how to run a rule for all license sources once Signed-off-by: Frank Viernau --- evaluator.rules.kts | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/evaluator.rules.kts b/evaluator.rules.kts index 787ce81f..8748e43d 100644 --- a/evaluator.rules.kts +++ b/evaluator.rules.kts @@ -1173,7 +1173,7 @@ fun RuleSet.copyleftInDependencyRule() = packageRule("COPYLEFT_IN_DEPENDENCY") { -isExcluded() } - licenseRule("COPYLEFT_IN_DEPENDENCY", LicenseView.CONCLUDED_OR_DECLARED_AND_DETECTED) { + licenseRule("COPYLEFT_IN_DEPENDENCY", LicenseView.CONCLUDED_OR_DECLARED_AND_DETECTED, false) { require { +isCopyleft() -isExcluded() @@ -1181,8 +1181,7 @@ fun RuleSet.copyleftInDependencyRule() = packageRule("COPYLEFT_IN_DEPENDENCY") { error( "The dependency '${pkg.metadata.id.toCoordinates()}' is licensed under the ScanCode 'copyleft' " + - "categorized license $license.", - howToFixLicenseViolationDefault(license.toString(), licenseSources.single()) + "categorized license $license.","" ) } }