Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Analyzer issue when scanning non VCS directory #8187

Closed
alexandruz opened this issue Jan 28, 2024 · 6 comments
Closed

Analyzer issue when scanning non VCS directory #8187

alexandruz opened this issue Jan 28, 2024 · 6 comments
Labels
analyzer About the analyzer tool duplicate An issue that duplicates another issue

Comments

@alexandruz
Copy link
Contributor

Scanning a non-VCS directory gives the following error:

Steps:

  1. Download zip from github, unzip.
  2. run - ort analyze
  3. Error.
Exception in thread "main" java.lang.IllegalArgumentException: The VcsInfo(...)
at org.ossreviewtoolkit.model.OrtResult.getFilePathRelativeToAnalyzerRoot(OrtResult.kt:233)
at org.ossreviewtoolkit.model.OrtResult.getDefinitionFilePathRelativeToAnalyzerRoot(OrtResult.kt:199)
...

Based on the https://github.com/oss-review-toolkit/ort/blob/main/model/src/main/kotlin/OrtResult.kt#L230 it shouldn't terminate in Exception in thread main, right?

Is there a workaround or ORT can only scan VCS repositories?
Thanks.
@sschuberth
Copy link
Member

Closing this as a duplicate of #2896 and linked issues. In short, analyzing a directory that is not under version control is currently not supported.

@sschuberth sschuberth closed this as not planned Won't fix, can't repro, duplicate, stale Jan 28, 2024
@sschuberth sschuberth added duplicate An issue that duplicates another issue analyzer About the analyzer tool labels Jan 28, 2024
@sschuberth
Copy link
Member

Just curious @alexandruz, is your specific use-case maybe related to #4242, i.e. the analysis of archives uploaded to FOSSID via the API?

@alexandruz
Copy link
Contributor Author

Yes, it's pretty much a similar workflow. Scanning archives without a VCS repository is the main use-case.

@sschuberth
Copy link
Member

Thanks for confirming. Can you share some more details about FOSSID's use of ORT? I've heard rumors that FOSSID plans to use another SCA solution. However, if it'd help you continuing to use ORT, and if it'd also help @nnobelis for his use-case, we might be able to prioritize work on this.

@alexandruz
Copy link
Contributor Author

Yes, we definitely plan to continue using ORT, and many of our customers are very much relying on ORT in combination with our tools. However, it's also true that we are developing other solutions that do not rely on ORT. In the future, we expect to offer a mix of both ORT-based and non-ORT-based solutions.

@sschuberth
Copy link
Member

Thanks again for the insights @alexandruz! Esp. if at least the ORT analyzer is a part of ORT you'll continue to use, let's maybe have a chat how we could potentially collaborate. Feel free to reach out to me under my commit email address.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
analyzer About the analyzer tool duplicate An issue that duplicates another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexandruz @sschuberth