feat(scanner): Add Nomos plugin for license scanning

Signed-off-by: Prakash Mishra <[email protected]>

chore(scanner): Update display name, fix detekt issue, and add copyright

Signed-off-by: Prakash Mishra <[email protected]>

Author: Prakash-Mishra-9ghz

NOTICE

@@ -18,3 +18,4 @@ Copyright (C) 2023-2024 Double Open Oy
 Copyright (C) 2024 Robert Bosch GmbH
 Copyright (C) 2024 Cariad SE
 Copyright (C) 2025 Quartett mobile GmbH
+Copyright (C) 2025 Prakash Mishra

plugins/scanners/fossologynomossa/build.gradle.kts

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    // Apply precompiled plugins.
+    id("ort-plugin-conventions")
+
+    // Apply third-party plugins.
+    alias(libs.plugins.kotlinSerialization)
+}
+
+dependencies {
+    api(projects.model)
+    api(projects.scanner)
+
+    implementation(projects.utils.commonUtils)
+    implementation(projects.utils.ortUtils)
+    implementation(projects.utils.spdxUtils)
+
+    implementation(libs.kotlinx.serialization.json)
+
+    ksp(projects.scanner)
+
+}

plugins/scanners/fossologynomossa/src/main/kotlin/Nomossa.kt

@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import java.io.File
+import java.time.Instant
+
+import kotlin.math.max
+
+import org.apache.logging.log4j.kotlin.logger
+
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.scanner.LocalPathScannerWrapper
+import org.ossreviewtoolkit.scanner.ScanContext
+import org.ossreviewtoolkit.scanner.ScannerMatcher
+import org.ossreviewtoolkit.scanner.ScannerWrapperFactory
+import org.ossreviewtoolkit.utils.common.CommandLineTool
+import org.ossreviewtoolkit.utils.common.ProcessCapture
+
+object NomossaCommand : CommandLineTool {
+    override fun command(workingDir: File?) =
+        listOfNotNull(workingDir, "FOSSology-nomossa").joinToString(File.separator)
+
+    override fun transformVersion(output: String) =
+        // Example output:
+        // nomos build version: 4.5.1.1 r(ff4fa7)
+        output.removePrefix("nomos build version: ").substringBefore(' ') // Returns 4.5.1
+
+    override fun getVersionArguments() = "-V"
+}
+
+/**
+ * A wrapper for [Nomossa](https://github.com/fossology/fossology/tree/master/src/nomos).
+ *
+ * This plugin integrates FOSSology's Nomossa scanner into ORT by calling its CLI
+ * and mapping its output to ORT's scan result format.
+ */
+@OrtPlugin(
+    id = "Nomossa",
+    displayName = "Nomossa (FOSSology)",
+    description = "A wrapper for [Nomossa](https://github.com/fossology/fossology/tree/master/src/nomos).",
+    factory = ScannerWrapperFactory::class
+)
+class Nomossa(
+    override val descriptor: PluginDescriptor = NomossaFactory.descriptor,
+    private val config: NomossaConfig
+) : LocalPathScannerWrapper() {
+    private val commandLineOptions by lazy { getCommandLineOptions() }
+
+    internal fun getCommandLineOptions() =
+        buildList {
+            addAll(config.additionalOptions)
+            add("-n")
+            add(max(2, Runtime.getRuntime().availableProcessors() - 1).toString())
+        }
+
+    override val configuration by lazy {
+        config.additionalOptions.joinToString(" ")
+    }
+
+    override val matcher by lazy { ScannerMatcher.create(details, config) }
+
+    override val version by lazy {
+        require(NomossaCommand.isInPath()) {
+            "The '${NomossaCommand.command()}' command is not available in the PATH environment."
+        }
+
+        NomossaCommand.getVersion()
+    }
+
+    override val readFromStorage = config.readFromStorage
+    override val writeToStorage = config.writeToStorage
+
+    override fun runScanner(path: File, context: ScanContext): String {
+        val process = runNomossa(path)
+
+        return with(process) {
+            if (isError && stdout.isNotBlank()) logger.debug { stdout }
+            if (stderr.isNotBlank()) logger.debug { stderr }
+
+            stdout
+        }
+    }
+
+    override fun createSummary(result: String, startTime: Instant, endTime: Instant): ScanSummary =
+        parseNomossaResult(result).toScanSummary(startTime, endTime)
+
+    /**
+     * Execute Nomossa with the configured arguments to scan the given [path].
+     */
+    internal fun runNomossa(path: File): ProcessCapture =
+        ProcessCapture(
+            NomossaCommand.command(),
+            *commandLineOptions.toTypedArray(),
+            "-d", path.absolutePath // Scan this directory
+        )
+}

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaConfig.kt

@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import org.ossreviewtoolkit.plugins.api.OrtPluginOption
+import org.ossreviewtoolkit.scanner.ScannerMatcherCriteria
+
+/**
+ * Configuration options for the Nomossa scanner.
+ */
+data class NomossaConfig(
+    /**
+     * Command line options that affect scan results. These are used when matching stored results.
+     */
+    @OrtPluginOption(defaultValue = "-J,-S,-l")
+    val additionalOptions: List<String>,
+
+    /**
+     * The scanner name pattern used when looking up scan results from storage.
+     */
+    override val regScannerName: String?,
+
+    /**
+     * The minimum version of scan results to use from storage.
+     */
+    override val minVersion: String?,
+
+    /**
+     * The maximum version of scan results to use from storage.
+     */
+    override val maxVersion: String?,
+
+    /**
+     * The configuration string for identifying matching scan results in storage.
+     */
+    override val configuration: String?,
+
+    /**
+     * Whether to read scan results from storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val readFromStorage: Boolean,
+
+    /**
+     * Whether to write scan results to storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val writeToStorage: Boolean
+) : ScannerMatcherCriteria

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaResultExtensions.kt

@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import java.io.File
+import java.time.Instant
+
+import org.ossreviewtoolkit.model.LicenseFinding
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.TextLocation
+import org.ossreviewtoolkit.utils.spdx.SpdxConstants
+import org.ossreviewtoolkit.utils.spdx.SpdxExpression
+
+internal fun NomossaResult.toScanSummary(startTime: Instant, endTime: Instant): ScanSummary {
+    val licenseFindings = results.flatMap { fileResult ->
+        val fileContent = File(fileResult.file).readText()
+
+        fileResult.licenses.map { licenseInfo ->
+            val licenseExpression = runCatching { SpdxExpression.parse(licenseInfo.license) }.getOrNull()
+
+            val safeLicense = when {
+                licenseExpression == null -> SpdxConstants.NOASSERTION
+                licenseExpression.isValid() -> licenseInfo.license
+                else -> "LicenseRef-Nomossa-${licenseInfo.license.replace(Regex("[^A-Za-z0-9.+-]"), "-")}"
+            }
+            val (startLine, endLine) = byteOffsetsToLineNumbers(fileContent, licenseInfo.start, licenseInfo.end)
+
+            LicenseFinding(
+                license = safeLicense,
+                location = TextLocation(
+                    path = fileResult.file,
+                    startLine = startLine,
+                    endLine = endLine
+                )
+            )
+        }
+    }.toSet()
+
+    return ScanSummary(
+        startTime = startTime,
+        endTime = endTime,
+        licenseFindings = licenseFindings,
+        issues = emptyList(),
+        copyrightFindings = sortedSetOf()
+    )
+}
+
+internal fun byteOffsetsToLineNumbers(fileContent: String, startOffset: Int, endOffset: Int): Pair<Int, Int> {
+    var startLine = 1
+    var endLine = 1
+
+    for ((index, char) in fileContent.withIndex()) {
+        if (index >= startOffset && index >= endOffset) break
+
+        if (char == '\n') {
+            if (index < startOffset) startLine++
+            if (index < endOffset) endLine++
+        }
+    }
+
+    return Pair(startLine, endLine)
+}

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaResultParser.kt

@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.Json
+
+@Serializable
+internal data class NomossaResult(
+    val results: List<NomossaFileResult>
+)
+
+@Serializable
+internal data class NomossaFileResult(
+    val file: String,
+    val licenses: List<NomossaLicenseInfo>
+)
+
+@Serializable
+internal data class NomossaLicenseInfo(
+    val license: String,
+    val start: Int,
+    val end: Int,
+    val len: Int
+)
+
+private val json = Json {
+    ignoreUnknownKeys = true
+}
+
+/**
+ * Parses the JSON result string returned by Nomossa into a [NomossaResult] object.
+ */
+internal fun parseNomossaResult(result: String): NomossaResult = json.decodeFromString(result)