Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache-2.0 SPDX identifier flagged as "unknown-spdx OR unknown-spdx OR unknown-spdx" #4006

Open
ryanandrewarnold opened this issue Dec 5, 2024 · 2 comments
Open

Apache-2.0 SPDX identifier flagged as "unknown-spdx OR unknown-spdx OR unknown-spdx" #4006

ryanandrewarnold opened this issue Dec 5, 2024 · 2 comments
Labels
bug

Comments

@ryanandrewarnold
Copy link

Description

Apache-2.0 short SPDX identifier in open source file being identified as unknown-spdx OR unknown-spdx OR unknown-spdx

How To Reproduce

Scan file in scancode.io (v34.9.0)
https://github.com/zephyrproject-rtos/zephyr/blob/v3.7.0/samples/bluetooth/handsfree_ag/CMakeLists.txt

Scancode.io output

    - matches:
        - score: '100.0'
          matcher: 1-spdx-id
          end_line: 1
          rule_url:
          from_file:
          start_line: 1
          matched_text: '#SPDX - License - Identifier : Apache - 2.0'
          match_coverage: '100.0'
          matched_length: 6
          rule_relevance: 100
          rule_identifier: spdx-license-identifier-unknown_spdx_or_unknown_spdx_or_unknown_spdx-edef7e26fd3b1736b8497407c50f2b33f5520db1
          license_expression: unknown-spdx OR unknown-spdx OR unknown-spdx
          spdx_license_expression: LicenseRef-scancode-unknown-spdx OR LicenseRef-scancode-unknown-spdx
            OR LicenseRef-scancode-unknown-spdx
      identifier: unknown_spdx_or_unknown_spdx_or_unknown_spdx-3704a577-7b9b-395b-66e4-e141e179cec0
      license_expression: unknown-spdx OR unknown-spdx OR unknown-spdx
      license_expression_spdx: LicenseRef-scancode-unknown-spdx OR LicenseRef-scancode-unknown-spdx
        OR LicenseRef-scancode-unknown-spdx

System configuration

  • What OS are you running on? Linux
  • What version of scancode-toolkit was used to generate the scan file? v32.3.0
  • What installation method was used to install/run scancode? Scancode.io v34.9.0 Docker image
@mjherzog
Copy link
Member

mjherzog commented Dec 5, 2024

@ryanandrewarnold The SPDX License Identifier in this file does not have the correct syntax. It should be "SPDX-License-Identifier: Apache-2.0". The correct syntax is used, for example< in https://github.com/zephyrproject-rtos/zephyr/blob/v3.7.0/samples/bluetooth/handsfree_ag/src/main.c. So the fix is to correct the file.

@ryanandrewarnold
Copy link
Author

Thanks @mjherzog Are there cases where things of this nature (typos, incorrect syntax, etc) are frequent or common enough to warrant an additional .rule? We thought it might match to:
https://github.com/aboutcode-org/scancode-toolkit/blob/develop/src/licensedcode/data/rules/spdx_license_id_apache-2.0_for_apache-2.0.RULE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mjherzog @ryanandrewarnold