scanner: Add Nomos plugin

Signed-off-by: Prakash Mishra <[email protected]>

Author: Prakash-Mishra-9ghz

plugins/scanners/nomos/build.gradle.kts

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+
+    id("ort-plugin-conventions")
+    
+}
+
+dependencies {
+    api(projects.model)
+    api(projects.scanner)
+
+    implementation(projects.utils.commonUtils)
+
+    implementation(projects.utils.ortUtils)
+    implementation(projects.utils.spdxUtils)
+
+    ksp(projects.scanner)
+    
+    implementation("com.fasterxml.jackson.core:jackson-databind:2.17.0") 
+    implementation("com.fasterxml.jackson.module:jackson-module-kotlin:2.17.0")
+}

plugins/scanners/nomos/src/main/kotlin/Nomossa.kt

@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.nomos
+
+import java.io.File
+import java.time.Instant
+
+import org.apache.logging.log4j.kotlin.logger
+
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.ScannerDetails
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.scanner.LocalPathScannerWrapper
+import org.ossreviewtoolkit.scanner.ScanContext
+import org.ossreviewtoolkit.scanner.ScannerMatcher
+import org.ossreviewtoolkit.scanner.ScannerWrapperFactory
+import org.ossreviewtoolkit.utils.common.CommandLineTool
+import org.ossreviewtoolkit.utils.common.ProcessCapture
+import org.ossreviewtoolkit.utils.ort.createOrtTempDir
+import org.ossreviewtoolkit.utils.common.safeDeleteRecursively
+
+object NomossaCommand : CommandLineTool {
+    override fun command(workingDir: File?): String {
+        return listOfNotNull(workingDir, "nomossa").joinToString(File.separator)
+    }
+
+    override fun transformVersion(output: String): String {
+        // Example output: nomossasa build version: 4.5.1.1 r(ff4fa7)
+        val versionRegex = Regex("""(\d+\.\d+\.\d+)(?:\.\d+)?""")
+        return versionRegex.find(output)?.groupValues?.get(1).orEmpty() // Returns 4.5.1
+    }
+
+
+        override fun getVersionArguments() = "-V"
+
+}
+
+/**
+ * A wrapper for [Nomossa](https://github.com/fossology/fossology).
+ *
+ * This plugin integrates FOSSology's Nomossa scanner into ORT by calling its CLI
+ * and mapping its output to ORT's scan result format.
+ */
+@OrtPlugin(
+    displayName = "Nomossa",
+    description = "A wrapper for [Nomossa](https://github.com/fossology/fossology).",
+    factory = ScannerWrapperFactory::class
+)
+class Nomossa(
+    override val descriptor: PluginDescriptor = NomossaFactory.descriptor,
+    private val config: NomossaConfig
+) : LocalPathScannerWrapper() {
+    
+    companion object {
+        private const val OUTPUT_FORMAT_OPTION = "--output-format=json" // Nomossa output format
+    }
+
+    private val commandLineOptions by lazy { getCommandLineOptions() }
+
+    internal fun getCommandLineOptions(): List<String> {
+        val options = LinkedHashSet(config.additionalOptions)
+        options.add("-J")
+        options.add("-l")
+        options.add("-n")
+        options.add(config.cpuCount.toString())
+        return options.toList()
+    }
+
+
+    override val configuration by lazy {
+        
+        config.additionalOptions.joinToString(" ")
+    }
+
+    override val matcher by lazy { ScannerMatcher.create(details, config) }
+
+    override val version by lazy {
+        require(NomossaCommand.isInPath()) {
+            "The '${NomossaCommand.command()}' command is not available in the PATH environment."
+        }
+
+        NomossaCommand.getVersion()
+    }
+
+    override val readFromStorage = config.readFromStorage
+    override val writeToStorage = config.writeToStorage
+
+    override fun runScanner(path: File, context: ScanContext): String {
+
+        val process = runNomossa(path)
+
+        val resultText = process.stdout
+        logger.info { "Nomossa raw output:\n$resultText" }
+
+
+        return with(process) {
+            if (isError && stdout.isNotBlank()) logger.debug { stdout }
+            if (stderr.isNotBlank()) logger.debug { stderr }
+
+            stdout
+        }
+    }
+
+    override fun parseDetails(result: String): ScannerDetails {
+        return ScannerDetails(
+            name = descriptor.id,
+            version = version,
+            configuration = config.additionalOptions.joinToString(" ")
+        )
+    }
+
+    override fun createSummary(result: String, startTime: Instant, endTime: Instant): ScanSummary =
+        parseNomossaResult(result).toScanSummary(startTime, endTime)
+
+    /**
+     * Execute Nomossa with the configured arguments to scan the given [path] and produce [resultFile].
+     */
+    internal fun runNomossa(path: File): ProcessCapture =
+        ProcessCapture(
+            NomossaCommand.command(),
+            *commandLineOptions.toTypedArray(),
+            "-d", path.absolutePath // Scan this directory
+        )
+
+}
+

plugins/scanners/nomos/src/main/kotlin/NomossaConfig.kt

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.nomos
+
+import org.ossreviewtoolkit.plugins.api.OrtPluginOption
+import org.ossreviewtoolkit.scanner.ScannerMatcherCriteria
+import org.ossreviewtoolkit.scanner.ScanStorage
+import org.ossreviewtoolkit.model.ScannerDetails
+
+
+/**
+ * Configuration options for the Nomossa scanner.
+ */
+data class NomossaConfig(
+    /**
+     * Command line options that affect scan results. These are used when matching stored results.
+     */
+    @OrtPluginOption(defaultValue = "-J,-l")
+    val additionalOptions: List<String>,
+
+    /**
+     * The scanner name pattern used when looking up scan results from storage.
+     */
+    override val regScannerName: String?,
+
+    /**
+     * The minimum version of scan results to use from storage.
+     */
+    override val minVersion: String?,
+
+    /**
+     * The maximum version of scan results to use from storage.
+     */
+    override val maxVersion: String?,
+
+    /**
+     * The configuration string for identifying matching scan results in storage.
+     */
+    override val configuration: String?,
+
+    /**
+     * Whether to read scan results from storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val readFromStorage: Boolean,
+
+    /**
+     * Whether to write scan results to storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val writeToStorage: Boolean
+) : ScannerMatcherCriteria{
+
+     /**
+     * Number of CPU processes Nomossa should use.
+     */
+    @OrtPluginOption(defaultValue = "2")
+    val cpuCount: Int = 2
+    
+    }

plugins/scanners/nomos/src/main/kotlin/NomossaResultExtensions.kt

@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.nomos
+
+import java.time.Instant
+import org.ossreviewtoolkit.model.LicenseFinding
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.TextLocation
+
+import org.apache.logging.log4j.kotlin.logger
+import org.ossreviewtoolkit.utils.spdx.*
+
+import org.ossreviewtoolkit.model.Issue
+
+
+fun NomossaResult.toScanSummary(startTime: Instant, endTime: Instant): ScanSummary {
+    val licenseFindings = results.flatMap { fileResult ->
+        fileResult.licenses.map { rawLicense ->
+
+            val safeLicense = if (rawLicense.matches(Regex("^[A-Za-z0-9.\\-+]+$"))) {
+                rawLicense
+            } else {
+                "LicenseRef-Nomossa-${rawLicense.replace(Regex("[^A-Za-z0-9.+-]"), "-")}"      //License not found
+            }
+
+            LicenseFinding(
+                license = safeLicense,  //  use raw string
+                location = TextLocation(
+                    path = fileResult.file,
+                    startLine = 1,
+                    endLine = 1
+                )
+            )
+        }
+    }.toSortedSet(
+        compareBy(
+            { it.license.toString() },
+            { it.location.path },
+            { it.location.startLine }
+        )
+    )
+
+    return ScanSummary(
+        startTime = startTime,
+        endTime = endTime,
+        licenseFindings = licenseFindings,
+        issues = emptyList(), //no SPDX parsing issues anymore
+        copyrightFindings = sortedSetOf()
+    )
+}

plugins/scanners/nomos/src/main/kotlin/NomossaResultParser.kt

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.nomos
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.databind.SerializationFeature
+import com.fasterxml.jackson.module.kotlin.jacksonObjectMapper
+import com.fasterxml.jackson.module.kotlin.readValue
+import com.fasterxml.jackson.databind.DeserializationFeature
+
+data class NomossaResult(
+    val results: List<NomossaFileResult>
+)
+
+data class NomossaFileResult(
+    val file: String,
+    val licenses: List<String>
+)
+
+private val nomossaMapper: ObjectMapper = jacksonObjectMapper().apply {
+    findAndRegisterModules()
+    disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS)
+    disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
+}
+
+/**
+ * Parses the JSON result string returned by Nomossa into a [NomossaResult] object.
+ */
+fun parseNomossaResult(result: String): NomossaResult =
+    nomossaMapper.readValue(result)