feat(scan):SP-4027 add support for scan tuning parameters

agustingroh · agustingroh · commit 20ab46892a82 · 2026-02-10T08:34:17.000-03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.0] - 2026-02-10
+### Added
+- Added support for scan tuning parameters
+### Changed
+- Upgraded scanoss-py version to v1.45.0
+
 ## [1.5.0] - 2026-01-19
 ### Added
 - Mark policy threads as fixed when policy checks pass (copyleft, undeclared, and dependency track)
@@ -44,4 +50,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.2.0]: https://github.com/scanoss/ado-code-scan/compare/v1.1.0...v1.2.0
 [1.3.0]: https://github.com/scanoss/ado-code-scan/compare/v1.2.0...v1.3.0
 [1.4.0]: https://github.com/scanoss/ado-code-scan/compare/v1.3.0...v1.4.0
-[1.5.0]: https://github.com/scanoss/ado-code-scan/compare/v1.4.0...v1.5.0
+[1.5.0]: https://github.com/scanoss/ado-code-scan/compare/v1.4.0...v1.5.0
+[1.6.0]: https://github.com/scanoss/ado-code-scan/compare/v1.5.0...v1.6.0
diff --git a/OVERVIEW.md b/OVERVIEW.md
@@ -169,7 +169,7 @@ When the pipeline is manually triggered or runs on a schedule, the results are u
 | depTrackProjectVersion   | Dependency Track project version (required if projectId not provided).                                                                                   | Optional       | -                                    |
 | apiUrl                   | SCANOSS API URL                                                                                                                                          | Optional       | `https://api.osskb.org/scan/direct`  |
 | apiKey                   | SCANOSS API Key                                                                                                                                          | Optional       | -                                    |
-| runtimeContainer         | Runtime URL                                                                                                                                              | Optional       | `ghcr.io/scanoss/scanoss-py:v1.37.1` |
+| runtimeContainer         | Runtime URL                                                                                                                                              | Optional       | `ghcr.io/scanoss/scanoss-py:v1.45.0` |
 | licensesCopyleftInclude  | List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.                                                     | Optional       | -                                    |
 | licensesCopyleftExclude  | List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.                                                       | Optional       | -                                    |
 | licensesCopyleftExplicit | Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.                                                              | Optional       | -                                    |
@@ -214,6 +214,12 @@ Additionally, if it is a Pull Request, a comment with a summary of the report wi
 
 ![Comments on PR Copyleft licenses](https://github.com/scanoss/integration-azure-DevOps/blob/main/.github/assets/pr_comment_copyleft.png?raw=true)
 
+## Scan Tuning Parameters
+
+The SCANOSS scan engine supports [scan tuning parameters](https://github.com/scanoss/scanoss.py/blob/main/docs/source/scanoss_settings_schema.rst#scan-tuning-parameters) for snippet matching.
+
+> **Important:** Scan tuning parameters must be configured through the `scanoss.json`. They are **not** configured as SCANOSS ADO input parameters.
+
 ## Dependency Track Integration
 
 The SCANOSS Code Scan Task integrates with Dependency Track to provide enhanced vulnerability tracking and policy enforcement. This integration consists of two main features:
diff --git a/codescantask/app.input.ts b/codescantask/app.input.ts
@@ -34,7 +34,7 @@ export const API_URL = tl.getInput('apiUrl');
 export const OUTPUT_FILEPATH = tl.getInput('outputFilepath') || "scanoss-raw.json";
 export const REPO_DIR = tl.getVariable('Build.Repository.LocalPath') || ''; // Get repository path
 export const POLICIES_HALT_ON_FAILURE = tl.getInput('policiesHaltOnFailure') === 'true';
-export const RUNTIME_CONTAINER = tl.getInput('runtimeContainer') || "ghcr.io/scanoss/scanoss-py:v1.40.1";
+export const RUNTIME_CONTAINER = tl.getInput('runtimeContainer') || "ghcr.io/scanoss/scanoss-py:v1.45.0";
 export const SKIP_SNIPPETS = tl.getInput('skipSnippets') === 'true';
 export const SCAN_FILES = tl.getInput('scanFiles') === 'true';
 export const SCANOSS_SETTINGS = tl.getInput('scanossSettings') === 'true';
diff --git a/codescantask/package-lock.json b/codescantask/package-lock.json
diff --git a/codescantask/package.json b/codescantask/package.json
@@ -1,6 +1,6 @@
 {
   "name": "azure-devops-integration",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "",
   "main": "index.js",
   "scripts": {
diff --git a/codescantask/services/scan.service.ts b/codescantask/services/scan.service.ts
@@ -71,7 +71,7 @@ export interface Options {
     inputFilepath: string;
 
     /**
-     * Runtime container to perform scan. Default [ghcr.io/scanoss/scanoss-py:v1.26.3]
+     * Runtime container to perform scan. Default [ghcr.io/scanoss/scanoss-py:v1.45.0]
      */
     runtimeContainer: string;
 
diff --git a/codescantask/task.json b/codescantask/task.json
@@ -9,7 +9,7 @@
   "author": "SCANOSS",
   "version": {
     "Major": 1,
-    "Minor": 5,
+    "Minor": 6,
     "Patch": 0
   },
   "instanceNameFormat": "SCANOSS Code Scan",
@@ -82,7 +82,7 @@
       "name": "runtimeContainer",
       "type": "string",
       "label": "Runtime container",
-      "defaultValue": "ghcr.io/scanoss/scanoss-py:v1.40.1",
+      "defaultValue": "ghcr.io/scanoss/scanoss-py:v1.45.0",
       "required": false,
       "helpMarkDown": "Specify runtime container to perform the scan."
     },
diff --git a/vss-extension-dev.json b/vss-extension-dev.json
@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "scanoss-code-scan-dev",
   "name": "SCANOSS Code Scan DEV",
-  "version": "0.21.71",
+  "version": "0.21.72",
   "publisher": "SCANOSS",
   "public": false,
   "targets": [
diff --git a/vss-extension.json b/vss-extension.json
@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "scanoss-code-scan",
   "name": "SCANOSS Code Scan",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "publisher": "SCANOSS",
   "public": true,
   "targets": [

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "azure-devops-integration",`
`3`		`- "version": "1.5.0",`
	`3`	`+ "version": "1.6.0",`
`4`	`4`	`"description": "",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts": {`