feat(scanoss): Add release date to snippet findings

isasmendiagus · isasmendiagus · commit b39f4b89abd9 · 2025-03-12T22:45:28.000+01:00
Include releaseDate in snippetFindings additionalData and add a new
column to display this information in generated reports.

Signed-off-by: Agustin Isasmendi &lt;agustin.isasmendi@scanoss.com&gt;
diff --git a/plugins/reporters/scanoss/src/main/resources/templates/asciidoc/scanoss_snippet.ftl b/plugins/reporters/scanoss/src/main/resources/templates/asciidoc/scanoss_snippet.ftl
@@ -79,9 +79,9 @@ License(s):
 [#assign snippetCount = snippetFinding.snippets?size]
 
 [width=100%]
-[cols="1,3,4,1"]
+[cols="1,3,4,1,2"]
 |===
-| Source Location | pURL | License | Score
+| Source Location | pURL | License | Score | Release Date
 
 .${snippetCount*2}+|
 Partial match +
@@ -93,6 +93,7 @@ ${sourceLocation.startLine?c}-${sourceLocation.endLine?c}
 | ${snippet.purl!""}
 | ${snippet.license!""}
 | ${snippet.score!""}
+| ${snippet.additionalData['release_date']}
 
 4+a|
 .Create a snippet choice for this snippet or mark it as false positive
diff --git a/plugins/scanners/scanoss/src/main/kotlin/ScanOssResultParser.kt b/plugins/scanners/scanoss/src/main/kotlin/ScanOssResultParser.kt
@@ -84,6 +84,7 @@ internal fun generateSummary(startTime: Instant, endTime: Instant, results: List
         licenseFindings = licenseFindings,
         copyrightFindings = copyrightFindings,
         snippetFindings = snippetFindings
+
     )
 }
 
@@ -154,12 +155,14 @@ private fun getSnippets(details: ScanFileDetails): Set<Snippet> {
     val vcsInfo = VcsHost.parseUrl(url.takeUnless { it == "none" }.orEmpty())
     val provenance = RepositoryProvenance(vcsInfo, ".")
 
+    val additionalData = mapOf("release_date" to details.releaseDate)
+
     return buildSet {
         purls.forEach { purl ->
             locations.forEach { snippetLocation ->
                 val license = licenses.andOrNull()?.sorted() ?: SpdxLicenseIdExpression(SpdxConstants.NOASSERTION)
 
-                add(Snippet(score, snippetLocation, provenance, purl, license))
+                add(Snippet(score, snippetLocation, provenance, purl, license, additionalData))
             }
         }
     }
diff --git a/plugins/scanners/scanoss/src/test/kotlin/ScanOssResultParserTest.kt b/plugins/scanners/scanoss/src/test/kotlin/ScanOssResultParserTest.kt
@@ -126,7 +126,8 @@ class ScanOssResultParserTest : WordSpec({
                                 "."
                             ),
                             "pkg:github/vdurmont/semver4j",
-                            SpdxExpression.parse("CC-BY-SA-2.0")
+                            SpdxExpression.parse("CC-BY-SA-2.0"),
+                            additionalData = mapOf("release_date" to "2019-09-13")
                         )
                     )
                 )
diff --git a/plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerDirectoryTest.kt b/plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerDirectoryTest.kt
@@ -107,7 +107,8 @@ class ScanOssScannerDirectoryTest : StringSpec({
                                 VcsInfo(VcsType.GIT, "https://github.com/scanoss/ort.git", ""), "."
                             ),
                             "pkg:github/scanoss/ort",
-                            SpdxExpression.parse("Apache-2.0")
+                            SpdxExpression.parse("Apache-2.0"),
+                            additionalData = mapOf("release_date" to "2021-03-18")
                         )
                     )
                 )

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ internal fun generateSummary(startTime: Instant, endTime: Instant, results: List`
`84`	`84`	`licenseFindings = licenseFindings,`
`85`	`85`	`copyrightFindings = copyrightFindings,`
`86`	`86`	`snippetFindings = snippetFindings`
	`87`	`+`
`87`	`88`	`)`
`88`	`89`	`}`
`89`	`90`
`@@ -154,12 +155,14 @@ private fun getSnippets(details: ScanFileDetails): Set<Snippet> {`
`154`	`155`	`val vcsInfo = VcsHost.parseUrl(url.takeUnless { it == "none" }.orEmpty())`
`155`	`156`	`val provenance = RepositoryProvenance(vcsInfo, ".")`
`156`	`157`
	`158`	`+ val additionalData = mapOf("release_date" to details.releaseDate)`
	`159`	`+`
`157`	`160`	`return buildSet {`
`158`	`161`	`purls.forEach { purl ->`
`159`	`162`	`locations.forEach { snippetLocation ->`
`160`	`163`	`val license = licenses.andOrNull()?.sorted() ?: SpdxLicenseIdExpression(SpdxConstants.NOASSERTION)`
`161`	`164`
`162`		`- add(Snippet(score, snippetLocation, provenance, purl, license))`
	`165`	`+ add(Snippet(score, snippetLocation, provenance, purl, license, additionalData))`
`163`	`166`	`}`
`164`	`167`	`}`
`165`	`168`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,8 @@ class ScanOssResultParserTest : WordSpec({`
`126`	`126`	`"."`
`127`	`127`	`),`
`128`	`128`	`"pkg:github/vdurmont/semver4j",`
`129`		`- SpdxExpression.parse("CC-BY-SA-2.0")`
	`129`	`+ SpdxExpression.parse("CC-BY-SA-2.0"),`
	`130`	`+ additionalData = mapOf("release_date" to "2019-09-13")`
`130`	`131`	`)`
`131`	`132`	`)`
`132`	`133`	`)`
Original file line number	Diff line number	Diff line change
`@@ -107,7 +107,8 @@ class ScanOssScannerDirectoryTest : StringSpec({`
`107`	`107`	`VcsInfo(VcsType.GIT, "https://github.com/scanoss/ort.git", ""), "."`
`108`	`108`	`),`
`109`	`109`	`"pkg:github/scanoss/ort",`
`110`		`- SpdxExpression.parse("Apache-2.0")`
	`110`	`+ SpdxExpression.parse("Apache-2.0"),`
	`111`	`+ additionalData = mapOf("release_date" to "2021-03-18")`
`111`	`112`	`)`
`112`	`113`	`)`
`113`	`114`	`)`