Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maven-Dependency (scope: compile) is not added as artifact if scope: test is excluded in .ort.yml #10022

Open
thomasscheer opened this issue Mar 11, 2025 · 0 comments
Open

Maven-Dependency (scope: compile) is not added as artifact if scope: test is excluded in .ort.yml #10022

thomasscheer opened this issue Mar 11, 2025 · 0 comments
Labels
analyzer About the analyzer tool

Comments

@thomasscheer
Copy link

thomasscheer commented Mar 11, 2025
edited by sschuberth
Loading

Describe the bug

Package-Manager: maven

pom.xml: A transitive dependency with scope:compile is not beeing added to artifact list, whit exclude: scope: test in .ort.yml

To Reproduce

Steps to reproduce the behavior:

pom.xml:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>test</groupId>
    <artifactId>test-project</artifactId>
    <version>1.0</version>

    <properties>
        <maven.compiler.source>21</maven.compiler.source>
        <maven.compiler.target>21</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <spring.boot.version>3.3.2</spring.boot.version>
        <grpc-spring-version>3.1.0.RELEASE</grpc-spring-version>
        <grpc.version>1.63.2</grpc.version><!-- align with version used by grpc spring -->
    </properties>


    <profiles>
        <profile>
            <id>ci</id>
            <properties>
                <dockerfile.skip>false</dockerfile.skip>
                <dockerfile.push>true</dockerfile.push>
            </properties>
            <distributionManagement>
                <repository>
                    <id>feature-branch-repo</id>
                    <name>feature-branch-repo</name>
                    <url>${featureRepoUrl}</url>
                </repository>
            </distributionManagement>
        </profile>
    </profiles>

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>io.opentelemetry.instrumentation</groupId>
                <artifactId>opentelemetry-instrumentation-bom</artifactId>
                <version>2.7.0</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>

    <dependencies>

        <!-- grpc - we are a router! -->
        <dependency>
            <groupId>net.devh</groupId>
            <artifactId>grpc-server-spring-boot-starter</artifactId>
            <version>${grpc-spring-version}</version>
        </dependency>

        <dependency> <!-- we use io.grpc.Context, which is not coming with spring boot grpc starter -->
            <groupId>io.grpc</groupId>
            <artifactId>grpc-context</artifactId>
            <version>${grpc.version}</version>
        </dependency>

        <!-- spring: provide metrics -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>
        <dependency>
            <groupId>io.micrometer</groupId>
            <artifactId>micrometer-registry-prometheus</artifactId>
            <scope>runtime</scope>
            <version>1.13.0</version>
        </dependency>
        <dependency> <!-- configuration is validated -->
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-validation</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>
        <dependency> <!-- webclient used for oauth token management -->
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>

        <dependency> <!-- vr configuration is read from mysql -->
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jdbc</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>

        <!-- json format logging for logback -->
        <!-- https://mvnrepository.com/artifact/net.logstash.logback/logstash-logback-encoder -->
        <dependency>
            <groupId>net.logstash.logback</groupId>
            <artifactId>logstash-logback-encoder</artifactId>
            <version>7.4</version>
        </dependency>

        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.14.0</version>
        </dependency>

        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.32</version>
        </dependency>

        <dependency>
            <groupId>com.google.code.gson</groupId>
            <artifactId>gson</artifactId>
            <version>2.10.1</version>
        </dependency>

        <dependency>
            <groupId>com.google.protobuf</groupId>
            <artifactId>protobuf-java</artifactId>
            <version>3.25.3</version>
        </dependency>
        <dependency>
            <groupId>com.google.protobuf</groupId>
            <artifactId>protobuf-java-util</artifactId>
            <version>3.25.3</version>
        </dependency>

        <!-- opentelemetry for using the java agent -->
        <dependency>
            <groupId>io.opentelemetry</groupId>
            <artifactId>opentelemetry-sdk</artifactId>
        </dependency>
        <dependency>
            <groupId>io.opentelemetry</groupId>
            <artifactId>opentelemetry-api</artifactId>
        </dependency>
        <dependency> <!-- Annotation @WithSpan -->
            <groupId>io.opentelemetry.instrumentation</groupId>
            <artifactId>opentelemetry-instrumentation-annotations</artifactId>
        </dependency>

        <dependency>
            <groupId>com.mysql</groupId>
            <artifactId>mysql-connector-j</artifactId>
            <version>9.0.0</version>
        </dependency>

        <!-- TEMP built lib with pgv validation dependency: need it, because the genios-cloud-interface proto comes with validation -->
        <dependency>
            <groupId>build.buf.protoc-gen-validate</groupId>
            <artifactId>pgv-java-grpc</artifactId>
            <version>1.1.0</version>
            <exclusions>
                <exclusion>
                    <groupId>io.grpc</groupId> <!-- conflict -->
                    <artifactId>grpc-core</artifactId>
                </exclusion>
                <exclusion>
                    <groupId>io.grpc</groupId> <!-- conflict -->
                    <artifactId>grpc-protobuf</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <!-- test -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <version>${spring.boot.version}</version>
        </dependency>
        <!-- Grpc-Test-Support -->
        <dependency>
            <groupId>net.devh</groupId> <!-- used for in-process spring boot integration test -->
            <artifactId>grpc-client-spring-boot-starter</artifactId>
            <version>${grpc-spring-version}</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>io.grpc</groupId>
            <artifactId>grpc-testing</artifactId>
            <version>${grpc.version}</version>
            <scope>test</scope>
        </dependency>

        <!-- https://mvnrepository.com/artifact/com.auth0/java-jwt -->
        <dependency>
            <groupId>com.auth0</groupId>
            <artifactId>java-jwt</artifactId>
            <version>4.4.0</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk18on</artifactId>
            <version>1.78.1</version>
        </dependency>


    </dependencies>

</project>
  1. ort analyzer: use pom.xml and .ort.yml with analyzer with uncommented exclude-scope-part

.ort.yml

analyzer:
  enabled_package_managers: [ "Maven", "GradleInspector" ]
  package_managers:
    GradleInspector:
      options:
        javaVersion: 17
    Gradle:
      options:
        javaVersion: 17
  skip_excluded: true

excludes:
  scopes:
    - pattern: "test.*"
      reason: "TEST_DEPENDENCY_OF"
      comment: "Packages for testing only."
  1. ort analyzer: use pom.xml and .ort.yml with analyzer with commented exclude-scope-part

.ort.yml

analyzer:
  enabled_package_managers: [ "Maven", "GradleInspector" ]
  package_managers:
    GradleInspector:
      options:
        javaVersion: 17
    Gradle:
      options:
        javaVersion: 17
  skip_excluded: true

excludes:
#  scopes:
#    - pattern: "test.*"
#      reason: "TEST_DEPENDENCY_OF"
#      comment: "Packages for testing only."
  1. in 1: e.g. grpc-core is missing from artifact list (113 packages)
    in 2: e.g. grpc-core is available (155 packages)

Expected behavior

grpc-core is a transitive dependency from Maven:net.devh:grpc-client-spring-boot-starter:3.1.0.RELEASE and should be added independant from exclude: scope: test

Console / log output

at least, e.g. grpc-core is mentioned in log:
[DefaultDispatcher-worker-1] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request GET /nexus/repository/xxx/io/grpc/grpc-core/1.63.2/grpc-core-1.63.2.pom HTTP/1.1

Environment

 ______________________________
/        \_______   \__    ___/ The OSS Review Toolkit, version 53.0.0,
|    |   | |       _/ |    |    built with JDK 21.0.6+7-LTS, running under Java
|    |   | |    |   \ |    |    Executing 'requirements' as 'ort' on Linux
\________/ |____|___/ |____|    with 20 CPUs and a maximum of 4096 MiB of memor

Environment variables:
ORT_CONFIG_DIR = /home/ort/.ort/config
ORT_DATA_DIR = /home/ort/.ort
HOME = /home/ort
JAVA_HOME = /opt/java/openjdk
ANDROID_HOME = /opt/android-sdk

Looking for ORT configuration in the following file:
        /home/ort/.ort/config/config.yml

13:14:43.576 [main] INFO  org.reflections.Reflections - Reflections took 267 ms to scan 96 urls, producing 157 keys and 1387 values
PackageManagerFactory plugins:
        * Bazel
        * Bower
        * Bundler
        * Cargo
        * Carthage
        * CocoaPods
        * Composer
        * Conan
        * GoMod
        * Gradle
        * GradleInspector
        * Maven
        * NPM
        * NuGet
        * PIP
        * Pipenv
        * PNPM
        * Poetry
        * Pub
        * SBT
        * SpdxDocumentFile
        * Stack
        * SwiftPM
        * Tycho
        * Unmanaged
        * Yarn
        * Yarn2

13:14:43.787 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.scanners.askalono.AskalonoCommand is a Kotlin object.
13:14:43.789 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.bazel.BazelCommand is a Kotlin object.
13:14:43.790 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.bower.BowerCommand is a Kotlin object.
13:14:43.791 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.scanners.boyterlc.BoyterLcCommand is a Kotlin object.
13:14:43.792 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.bazel.BuildozerCommand is a Kotlin object.
13:14:43.792 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.cargo.CargoCommand is a Kotlin object.
13:14:43.793 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.cocoapods.CocoaPodsCommand is a Kotlin object.
13:14:43.793 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.composer.ComposerCommand is a Kotlin object.
13:14:43.794 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.conan.ConanCommand is a Kotlin object.
13:14:43.794 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.versioncontrolsystems.git.GitCommand is a Kotlin object.
13:14:43.795 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.versioncontrolsystems.git.GitRepoCommand is a Kotlin object.
13:14:43.796 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.go.GoCommand is a Kotlin object.
13:14:43.796 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.scanners.licensee.LicenseeCommand is a Kotlin object.
13:14:43.797 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.versioncontrolsystems.mercurial.MercurialCommand is a Kotlin object.
13:14:43.799 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.node.npm.NpmCommand is a Kotlin object.
13:14:43.799 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.nuget.utils.NuGetInspector is a Kotlin object.
13:14:43.800 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.python.PipenvCommand is a Kotlin object.
13:14:43.801 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.node.pnpm.PnpmCommand is a Kotlin object.
13:14:43.801 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.python.PoetryCommand is a Kotlin object.
13:14:43.803 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.pub.Pub is a PackageManager.
13:14:43.830 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.python.utils.PythonInspector is a Kotlin object.
13:14:43.832 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.sbt.SbtCommand is a Kotlin object.
13:14:43.832 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.scanners.scancode.ScanCodeCommand is a Kotlin object.
13:14:43.833 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.stack.StackCommand is a Kotlin object.
13:14:43.834 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.swiftpm.SwiftCommand is a Kotlin object.
13:14:43.835 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.node.yarn2.Yarn2 is a PackageManager.
13:14:43.842 [main] DEBUG org.ossreviewtoolkit.plugins.commands.requirements.RequirementsCommand - class org.ossreviewtoolkit.plugins.packagemanagers.node.yarn.YarnCommand is a Kotlin object.
Scanners:
        - Askalono: Requires 'askalono' in no specific version. Tool not found.
        - BoyterLc: Requires 'lc' in no specific version. Tool not found.
        - Licensee: Requires 'licensee' in no specific version. Tool not found.
13:14:43.868 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:43.872 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'scancode --version' in '/home/ort'...
13:14:44.584 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - ScanCode version: 32.3.2
13:14:44.585 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - ScanCode Output Format version: 4.0.0
13:14:44.585 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - SPDX License list version: 3.26
13:14:44.585 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * ScanCode: Requires 'scancode' in version >=30.0.0. Found version 32.3.2.

PackageManagers:
13:14:44.591 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:44.594 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'bazel --version' in '/home/ort'...
13:14:54.765 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - bazel 7.0.1
13:14:54.765 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
13:14:54.765 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 2025/03/11 13:14:44 Downloading https://releases.bazel.build/7.0.1/release/bazel-7.0.1-linux-x86_64...
13:14:54.765 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 2025/03/11 13:14:44 Skipping basic authentication for releases.bazel.build because no credentials found in /home/ort/.netrc
13:14:54.765 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Bazel: Requires 'bazel' in version >=7.0.0. Found version 7.0.1.
13:14:54.768 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:54.771 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'bower --version' in '/home/ort'...
13:14:54.688 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 1.8.14
13:14:54.688 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Bower: Requires 'bower' in version >=1.8.8. Found version 1.8.14.
13:14:54.691 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:54.694 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'buildozer --version' in '/home/ort'...
13:14:54.709 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - buildozer version: redacted
13:14:54.710 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - buildozer scm revision: redacted
13:14:54.710 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        + Buildozer: Requires 'buildozer' in no specific version. Found version redacted.
13:14:54.714 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:54.717 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'cargo --version' in '/home/ort'...
13:14:54.805 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - cargo 1.84.0 (66221abde 2024-11-19)
13:14:54.805 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Cargo: Requires 'cargo' in no specific version. Found version 1.84.0.
13:14:54.807 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:54.809 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'pod --version --allow-root' in '/home/ort'...
13:14:55.562 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 1.16.2
13:14:55.562 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * CocoaPods: Requires 'pod' in version >=1.11.0. Found version 1.16.2.
13:14:55.564 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:55.566 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'composer --no-ansi --version' in '/home/ort'...
13:14:55.663 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Composer version 2.8.6 2025-02-25 13:03:50
13:14:55.663 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
13:14:55.663 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - PHP version 8.3.17 (/usr/bin/php8.3)
13:14:55.663 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Run the "diagnose" command to get more detailed diagnostics output.
13:14:55.663 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Composer: Requires 'composer' in version >=1.5.0. Found version 2.8.6.
13:14:55.666 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:55.669 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'conan --version' in '/home/ort'...
13:14:56.239 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Conan version 1.66.0
13:14:56.239 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Conan: Requires 'conan' in version >=1.44.0 and <2.0.0. Found version 1.66.0.
13:14:56.243 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:56.247 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'go version' in '/home/ort'...
13:14:56.279 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - go version go1.24.0 linux/amd64
13:14:56.279 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Go: Requires 'go' in version >=1.21.1. Found version 1.24.0.
13:14:56.282 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:56.285 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'npm --version' in '/home/ort'...
13:14:56.422 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 10.9.2
13:14:56.422 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Npm: Requires 'npm' in version >=6.0.0 and <11.0.0. Found version 10.9.2.
13:14:56.425 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:56.428 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'nuget-inspector --version' in '/home/ort'...
13:14:56.862 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 0.9.12
13:14:56.862 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        + NuGetInspector: Requires 'nuget-inspector' in no specific version. Could not determine the version.
13:14:56.866 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:56.869 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'pipenv --version' in '/home/ort'...
13:14:57.590 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - pipenv, version 2023.12.1
13:14:57.591 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Pipenv: Requires 'pipenv' in version >=2018.10.9. Found version 2023.12.1.
13:14:57.595 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:57.598 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'pnpm --version' in '/home/ort'...
13:14:57.965 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 9.15.4
13:14:57.965 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Pnpm: Requires 'pnpm' in version >=5.0.0 and <10.0.0. Found version 9.15.4.
13:14:57.968 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:57.971 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'poetry --version' in '/home/ort'...
13:14:58.481 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Poetry (version 2.0.1)
13:14:58.481 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Poetry: Requires 'poetry' in no specific version. Found version 2.0.1.
13:14:58.483 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:58.486 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'dart --version' in '/home/ort'...
13:14:58.509 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Dart SDK version: 2.18.4 (stable) (Tue Nov 1 15:15:07 2022 +0000) on "linux_x64"
13:14:58.509 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Pub: Requires 'dart' in version >=2.10.0. Found version 2.18.4.
13:14:58.512 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:58.515 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'python-inspector --version' in '/home/ort'...
13:14:58.805 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Python-inspector version: 0.10.0
13:14:58.805 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * PythonInspector: Requires 'python-inspector' in version >=0.9.2. Found version 0.10.0.
13:14:58.807 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:14:58.810 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'sbt --version' in '/home/ort'...
13:15:10.900 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - copying runtime jar...
13:15:10.900 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - sbt version in this project: 1.10.0
13:15:10.900 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - sbt script version: 1.10.0
13:15:10.900 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
13:15:10.901 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - [info] [launcher] getting org.scala-sbt sbt 1.10.0  (this may take some time)...
13:15:10.901 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - [info] [launcher] getting Scala 2.12.19 (for sbt)...
13:15:10.901 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Sbt: Requires 'sbt' in no specific version. Found version copying runtime jar...
sbt version in this project: 1.10.0
sbt script version: 1.10.0.
13:15:10.904 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:10.909 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'stack --version' in '/home/ort'...
13:15:10.948 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Version 3.3.1, Git revision 7540878295db1899b55855cc765ab1eacdf30f3c x86_64 hpack-0.37.0
13:15:10.948 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Stack: Requires 'stack' in version >=2.1.1. Found version 3.3.1.
13:15:10.951 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:10.957 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'swift --version' in '/home/ort'...
13:15:11.449 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Swift version 6.0.3 (swift-6.0.3-RELEASE)
13:15:11.449 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Target: x86_64-unknown-linux-gnu
13:15:11.449 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Swift: Requires 'swift' in no specific version. Found version 6.0.3.
13:15:11.453 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:11.456 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'yarn --version' in '/home/ort'...
13:15:11.624 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - 1.22.22
13:15:11.624 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Yarn: Requires 'yarn' in version >=1.3.0 and <1.23.0. Found version 1.22.22.

VersionControlSystems:
13:15:11.626 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:11.629 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'git --version' in '/home/ort'...
13:15:11.632 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - git version 2.34.1
13:15:11.632 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Git: Requires 'git' in version >=2.29.0. Found version 2.34.1.
13:15:11.644 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:11.647 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'repo --version' in '/home/ort'...
13:15:11.742 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - <repo not installed>
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - repo launcher version 2.50
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -        (from /opt/android-sdk/cmdline-tools/bin/repo)
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - git 2.34.1
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Python 3.10.12 (main, Feb  4 2025, 14:57:36) [GCC 11.4.0]
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - OS Linux 5.15.167.4-microsoft-standard-WSL2 (#1 SMP Tue Nov 5 00:21:55 UTC 2024)
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - CPU x86_64 (x86_64)
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Bug reports: https://issues.gerritcodereview.com/issues/new?component=1370071
13:15:11.743 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * GitRepo: Requires 'repo' in no specific version. Found version 2.50 (launcher).
13:15:11.747 [main] DEBUG org.ossreviewtoolkit.utils.common.EnvironmentVariableFilter - Filtering out these variables from the environment: [ANDROID_USER_HOME]
13:15:11.752 [main] INFO  org.ossreviewtoolkit.utils.common.ProcessCapture - Running 'hg --version' in '/home/ort'...
13:15:11.949 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Mercurial Distributed SCM (version 6.9.1)
13:15:11.949 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - (see https://mercurial-scm.org for more information)
13:15:11.950 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
13:15:11.950 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - Copyright (C) 2005-2025 Olivia Mackall and others
13:15:11.950 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - This is free software; see the source for copying conditions. There is NO
13:15:11.950 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture - warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13:15:11.950 [main] DEBUG org.ossreviewtoolkit.utils.common.ProcessCapture -
        * Mercurial: Requires 'hg' in no specific version. Found version 6.9.1.

Prefix legend:
        - The tool was not found in the PATH environment.
        + The tool was found in the PATH environment, but not in the required version.
        * The tool was found in the PATH environment in the required version.

ScanCode license texts found in '/opt/scancode-license-data'.

Not all tools requirements were satisfied:
        ! Some tools were not found in their required versions.

And specify (relevant parts of) your ORT configuration (config.yml):

ort:
  forceOverwrite: true
  addAuthorsToCopyrights: true
  enableRepositoryPackageCurations: true 
  enableRepositoryPackageConfigurations: true
severeIssueThreshold: ERROR
  severeRuleViolationThreshold: ERROR

  analyzer:
    skipExcluded: true
    allowDynamicVersions: true
    enabled: true
    enabledPackageManagers: [ GradleInspector, Gradle , Yarn, NPM, PIP, Maven ]
    options:
      file:
        parallelThreads: 20 #speed up analysis increasing threads for execution
    package_managers:
      GradleInspector:
        options:
          #javaHome: "/usr/lib/jvm/java-17-openjdk-amd64/"
          javaVersion: 17
      Gradle:
        options:
          #javaHome: "/usr/lib/jvm/java-17-openjdk-amd64/"
          javaVersion: 17

Additional context

Add any other context about the problem here.
@thomasscheer thomasscheer added the to triage Issues that need triaging label Mar 11, 2025
@sschuberth sschuberth added analyzer About the analyzer tool and removed to triage Issues that need triaging labels Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer About the analyzer tool
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sschuberth @thomasscheer