Skip to content

Introduce Independent License Clarity Thresholds Mechanism#1689

Merged
tdruez merged 6 commits into
aboutcode-org:mainfrom
NucleonGodX:clarity-compliance
Jun 30, 2025
Merged

Introduce Independent License Clarity Thresholds Mechanism#1689
tdruez merged 6 commits into
aboutcode-org:mainfrom
NucleonGodX:clarity-compliance

Conversation

@NucleonGodX
Copy link
Copy Markdown
Contributor

@NucleonGodX NucleonGodX commented Jun 12, 2025
edited by AyanSinhaMahapatra
Loading

Fixes #1678

Summary of Changes

This pull request introduces a new module for managing license clarity thresholds:

About the policies.yml Structure for License Clarity Thresholds
The policies.yml file is a YAML configuration used to define various compliance policies for ScanCode.io and related tools. With these changes, a new section called license_clarity_thresholds is introduced specifically for clarity score compliance.

Example policies.yml for clarity thresholds:

license_clarity_thresholds:
  80: ok        # Scores 80 and above are 'ok'
  50: warning   # Scores 50 to 79 are 'warning'
  # Scores below 50 are automatically considered 'error'

  • Validation of threshold policy structure:

    • Keys must be integers
    • Values must be one of: ok, warning, error
    • No duplicate thresholds
    • Thresholds must be in strictly descending order

  • Evaluation logic for mapping clarity scores to compliance alerts (ok, warning, error)

  • Comprehensive test suite covering:

    • Valid and invalid YAML configurations
    • Duplicate and unordered thresholds
    • Single and multiple thresholds

Note: This module is self-contained and not yet integrated into the main compliance or project logic. It is intended for review and further development.

Future Work

  • Integration with summary generation to include clarity compliance alerts in outputs
  • UI and reporting integration to show clarity compliance results alongside existing license compliance alerts
  • Documentation updates to guide users on configuring and using license clarity thresholds in policies.yml

@NucleonGodX
initial addition of license clarity logic
d161b95 
Signed-off-by: NucleonGodX <racerpro41@gmail.com>
@NucleonGodX NucleonGodX marked this pull request as draft June 12, 2025 18:30
@NucleonGodX NucleonGodX marked this pull request as ready for review June 16, 2025 12:43
@NucleonGodX
integrate clarity compliance
54e5db2 
Signed-off-by: NucleonGodX <racerpro41@gmail.com>
@NucleonGodX
testing extend for clarity-score
11a9116 
Signed-off-by: NucleonGodX <racerpro41@gmail.com>
@NucleonGodX
Copy link
Copy Markdown
Contributor Author

NucleonGodX commented Jun 20, 2025

Changes Made:
Renamed policies.py → license_policies.py.
Created independent license_clarity.py module which works independently
Added comprehensive test coverage for both modules

Next Steps:
The next steps would be integrating it to be added to the summary generation after the scan single package pipeline, and also storing it as extra_data and displaying it in the UI, and adding it to check compliance so that it can be integrated in CI directly.(All this already discussed in the weekly meet)

tdruez
tdruez requested changes Jun 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@tdruez tdruez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@NucleonGodX The code changes look fine in general.
Make sure to run make valid to fix the code format before a commit (currently failing the CI)

Renamed policies.py → license_policies.py.

This is out of scope and unneeded for now. Please revert this part and keep the PR focus on the "License Clarity" implementation.
If another module needs a rename, it needs to be discussed and handled separately as it may break external usage and dependencies on that module.

Comment thread scanpipe/pipes/license_clarity.py Outdated
Comment thread scanpipe/pipes/license_clarity.py Outdated
Comment thread scanpipe/tests/pipes/test_license_clarity.py Outdated
@NucleonGodX
test file added in data and suggestions applied
5494cb0 
Signed-off-by: NucleonGodX <racerpro41@gmail.com>
@NucleonGodX
rename changes reverted
9202edb 
Signed-off-by: NucleonGodX <racerpro41@gmail.com>
@NucleonGodX
Copy link
Copy Markdown
Contributor Author

NucleonGodX commented Jun 23, 2025

Thanks for the suggestions, I've applied them @tdruez

@tdruez
Copy link
Copy Markdown
Contributor

tdruez commented Jun 23, 2025

@NucleonGodX LGTM!
@pombredanne can you have a look before the merge?

Next Steps:
The next steps would be integrating it to be added to the summary generation after the scan single package pipeline, and > also storing it as extra_data and displaying it in the UI, and adding it to check compliance so that it can be integrated in CI > directly.(All this already discussed in the weekly meet)

Sounds like a plan!

@NucleonGodX NucleonGodX mentioned this pull request Jun 27, 2025
Merged
@tdruez tdruez merged commit 820d7a7 into aboutcode-org:main Jun 30, 2025
6 of 7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdruez tdruez tdruez requested changes

Assignees

No one assigned

Labels

None yet

Projects

No open projects
GSoC 2025: SCIO/SCTK for use in CI/CD @NucleonGodX
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add license clarity score-based Compliance support

2 participants

@NucleonGodX @tdruez