Conversation
Etsija
requested review from
MarcelBochtler,
bs-ondem,
lamppu,
mnonnenmacher,
nnobelis,
oheger-bosch,
sschuberth and
wkl3nk
as code owners
Etsija
force-pushed
the
detected-licenses
branch
from
e3b5257 to
5eca1e1
Compare
Contributor
|
One thing that crossed my mind while evaluating https://github.com/mstykow/provenant is: Where / how should we display (potentially different) results from different scanners that were all configured to be run? I'm not saying that we should address that question in this PR already, but it would be important to me that we don't go in a wrong direction here, which then makes adding this kind of information later on unnecessary hard. Probably again something we should try to discuss briefly in a meeting to start with. |
Contributor
Author
|
If it is possible to run several scanners in an ORT run, then I would think the relation would (or should, if it isn't already) be retained in |
sschuberth
previously requested changes
Apr 13, 2026
Etsija
force-pushed
the
detected-licenses
branch
2 times, most recently
from
549350d to
61bfdc7
Compare
sschuberth
dismissed
their stale review
LGTM UI-wise, thanks! Will leave the code review to @lamppu and @mnonnenmacher.
mnonnenmacher
requested changes
Apr 13, 2026
Etsija
force-pushed
the
detected-licenses
branch
from
61bfdc7 to
c8ffde7
Compare
Etsija
force-pushed
the
detected-licenses
branch
from
a020e0a to
c8ffde7
Compare
mnonnenmacher
requested changes
Apr 15, 2026
Etsija
force-pushed
the
detected-licenses
branch
from
c8ffde7 to
c3c01c4
Compare
Add classes for detected licenses, projects/packages with a detected license, and license detection data. Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Also update its call sites in search component. Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Implement three functions: - one for finding all distinct detected licenses (as SPDX expressions for now), along with the count of projects/packages the license was found from - one for listing all projects/packages that have a detected license - one for all license detections in a project/package Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Implement the UI as three-level table: - top table just lists all detected licenses with package counts - its subrow is another paginated table with all projects/packages from where the license was found - its subrow is the third paginated table which holds the license detection data for the license and project/package Refactor each table view into its own local component, for easier review and maintaining of the three-level table view. Resolves #2074. Signed-off-by: Jyrki Keisala <jyrki.keisala@doubleopen.org>
Etsija
force-pushed
the
detected-licenses
branch
from
c3c01c4 to
4dd045b
Compare
mnonnenmacher
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a view for all license detections from the Scanner to the ORT run details. It is implemented as three endpoints and correspondingly, the UI consists of three tables within each other:
1. Top-level view: all detected licenses with the corresponding package counts
2. All projects/packages that have a detected license
3. License detection data for a license and project/package
NOTE: This is the first, sub-optimal implementation of the feature. It is recognized that the database queries are far from optimal, and even for a relatively small project, the top-level query takes between 1-2 seconds. There are several points for optimization, most notably:
scanner_jobs.ort_run_id.scan_resultstopackage_provenances. The queries need a cross-product betweenscan_resultsandpackage_provenancesviascanner_runs, filtered by theprovenanceCondition()multi-column string comparison (matching URL/hash fields across two tables). There's no direct FK between the two — they're linked by matching denormalized text fields. Adding apackage_provenance_idFK column toscan_resultswould replace this expensive string-comparison filter with an indexed join.