feat(scanoss-plugin): implement ort.yml configuration parsing & add SCANOSS snippet report generation

- Implement snippet choice functionality for SCANOSS integration
- Add support for processing exclude paths from ort.yml configuration
- Add dedicated SCANOSS snippet report similar to FossID reporting

Signed-off-by: Agustin Isasmendi <[email protected]>

Author: isasmendiagus

libs/scanoss-0.10.1-with-dependencies-exclude-slf4j-simple.jar

@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    // Apply precompiled plugins.
+    id("ort-plugin-conventions")
+}
+
+dependencies {
+    api(projects.reporter)
+
+    ksp(projects.reporter)
+
+    implementation(projects.model)
+    implementation(projects.plugins.reporters.asciidocReporter)
+    implementation(projects.plugins.reporters.freemarkerReporter)
+    implementation(projects.utils.commonUtils)
+    implementation(projects.utils.ortUtils)
+
+    implementation(libs.kotlinx.coroutines)
+
+    testImplementation(libs.mockk)
+}

plugins/reporters/scanoss/build.gradle.kts

@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.reporters.scanoss
+
+import java.io.File
+
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.plugins.reporters.asciidoc.AsciiDocTemplateReporterConfig
+import org.ossreviewtoolkit.plugins.reporters.asciidoc.HtmlTemplateReporter
+import org.ossreviewtoolkit.reporter.Reporter
+import org.ossreviewtoolkit.reporter.ReporterFactory
+import org.ossreviewtoolkit.reporter.ReporterInput
+
+
+@OrtPlugin(
+    displayName = "SCANOSS Snippet Reporter",
+    description = "Generates a detailed report of the SCANOSS snippet findings.",
+    factory = ReporterFactory::class
+)
+class ScanossSnippetReporter(override val descriptor: PluginDescriptor = ScanossSnippetReporterFactory.descriptor) :
+    Reporter by delegateReporter {
+    companion object {
+        private val delegateReporter = HtmlTemplateReporter(
+            ScanossSnippetReporterFactory.descriptor,
+            AsciiDocTemplateReporterConfig(templateIds = listOf("scanoss_snippet"), templatePaths = null)
+        )
+    }
+
+    override fun generateReport(input: ReporterInput, outputDir: File): List<Result<File>> {
+        val hasScanossResults = input.ortResult.scanner?.scanResults?.any { it.scanner.name == "SCANOSS" } == true
+        require(hasScanossResults) { "No SCANOSS scan results have been found." }
+
+        return delegateReporter.generateReport(input, outputDir)
+    }
+}
+

plugins/reporters/scanoss/src/main/kotlin/ScanossSnippetReporter.kt

@@ -0,0 +1,2 @@
+# Use Unix line endings for Freemarker templates for consistency across platforms.
+**/*.ftl	text eol=lf

plugins/reporters/scanoss/src/main/resources/templates/.gitattributes

@@ -0,0 +1,144 @@
+[#--
+    Copyright (C) 2023 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        https://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+    SPDX-License-Identifier: Apache-2.0
+    License-Filename: LICENSE
+--]
+
+:publisher: OSS Review Toolkit
+[#assign now = .now]
+:revdate: ${now?date?iso_local}
+
+:title-page:
+:sectnums:
+:toc:
+
+= SCANOSS Snippets
+List of all the provenances with their files and snippets.
+[#list ortResult.scanner.scanResults as scanResult]
+
+[#--[#if scanResult.scanner.name != "FossId"] [#continue] [/#if]--]
+
+[#assign snippetsLimitIssue = helper.getSnippetsLimitIssue()]
+
+[#if snippetsLimitIssue?has_content]
+[WARNING]
+====
+${snippetsLimitIssue}
+====
+[/#if]
+
+[#if scanResult.provenance.vcsInfo??]
+    [#assign url = scanResult.provenance.vcsInfo.url]
+[#else]
+    [#assign url = scanResult.provenance.sourceArtifact.url]
+[/#if]
+== Provenance '${url}'
+
+[#assign summary = scanResult.summary]
+
+Scan start time : ${summary.startTime} +
+End time : ${summary.startTime} +
+[#if scanResult.provenance.vcsInfo??]
+    [#assign gitRepoUrl = url]
+    [#assign gitRevision = scanResult.provenance.vcsInfo.revision]
+    Git repo URL: ${gitRepoUrl} +
+    Git revision: ${gitRevision}
+
+    [#if gitRepoUrl?contains("github.com")]
+        [#assign githubBaseURL = '${gitRepoUrl?remove_ending(".git")}/blob/${gitRevision}']
+    [/#if]
+[/#if]
+
+[#list helper.groupSnippetsByFile(summary.snippetFindings) as filePath, snippetFindings ]
+
+[#if gitRepoUrl?? && gitRepoUrl?contains("github.com")]
+    [#assign localFileURL = '${githubBaseURL}/${filePath}[${filePath}]']
+[#else]
+    [#assign localFileURL = "${filePath}"]
+[/#if]
+[#assign licenses = helper.collectLicenses(snippetFindings)]
+
+*${localFileURL}* +
+License(s):
+[#list licenses as license]
+  ${license}[#sep],
+[/#list]
+
+[#list helper.groupSnippetsBySourceLines(snippetFindings) as sourceLocation, snippetFinding]
+[#assign snippetCount = snippetFinding.snippets?size]
+
+[width=100%]
+[cols="1,3,4,1,1"]
+|===
+| Source Location | pURL | License | Score | Release Date
+
+.${snippetCount*2}+|
+Partial match +
+${sourceLocation.startLine?c}-${sourceLocation.endLine?c}
+
+
+[#list snippetFinding.snippets as snippet ]
+
+| ${snippet.purl!""}
+| ${snippet.license!""}
+| ${snippet.score!""}
+| ${snippet.additionalData['release_date']}
+
+4+a|
+.Create a snippet choice for this snippet or mark it as false positive
+[%collapsible]
+====
+Add the following lines to the *.ort.yml* file.
+
+To **choose** this snippet:
+[source,yaml]
+--
+snippet_choices:
+- provenance:
+    url: "${scanResult.provenance.vcsInfo.url}"
+  choices:
+  - given:
+      source_location:
+        path: "${filePath}"
+        start_line: ${snippetFinding.sourceLocation.startLine?c}
+        end_line: ${snippetFinding.sourceLocation.endLine?c}
+    choice:
+      purl: "${snippet.purl!""}"
+      reason: "ORIGINAL_FINDING"
+      comment: "Explain why this snippet choice was made"
+--
+Or to mark this location has having ONLY **false positives snippets**:
+[source,yaml]
+--
+snippet_choices:
+- provenance:
+    url: "${scanResult.provenance.vcsInfo.url}"
+  choices:
+  - given:
+      source_location:
+        path: "${filePath}"
+        start_line: ${snippetFinding.sourceLocation.startLine?c}
+        end_line: ${snippetFinding.sourceLocation.endLine?c}
+    choice:
+      reason: "NO_RELEVANT_FINDING"
+      comment: "Explain why this location has only false positives snippets"
+--
+====
+[/#list]
+|===
+[/#list]
+[/#list]
+[/#list]

plugins/reporters/scanoss/src/main/resources/templates/asciidoc/scanoss_snippet.ftl

@@ -0,0 +1,10 @@
+[#ftl]
+[#-- @implicitly included --]
+
+[#-- @ftlvariable name="projects" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="pack    ages" type="kotlin.collections.Set<org.ossreviewtoolkit.reporter.utils.FreemarkerTemplateProcessor.PackageModel>" --]
+[#-- @ftlvariable name="ortResult" type="org.ossreviewtoolkit.model.OrtResult" --]
+[#-- @ftlvariable name="licenseTextProvider" type="org.ossreviewtoolkit.reporter.LicenseTextProvider" --]
+[#-- @ftlvariable name="LicenseView" type="org.ossreviewtoolkit.model.licenses.LicenseView" --]
+[#-- @ftlvariable name="helper" type="org.ossreviewtoolkit.plugins.reporters.freemarker.FreemarkerTemplateProcessor.TemplateHelper" --]
+[#-- @ftlvariable name="projectsAsPackages" type="kotlin.collections.Set<org.ossreviewtoolkit.model.Identifier>" --]