1. Home
  2. Categories
  3. Support
  4. PGSCAN can't resolve embedded license file

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

PGSCAN can't resolve embedded license file

  • S

    We are using ProGet 2023 and pgscan 1.5.8.

    We are using pgscan as part of a weekly CI build job which uploads the results to ProGet.

    We keep getting issues related to "Unknown License" in the reports for some of the libraries. They are all due to embedded license files in those libraries.

    I assign the correct license in ProGet, but the same issues keep showing up for those libraries in subsequent reports. I would think setting it in ProGet would fix this.

    Is there something that I'm missing?

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @scampbell_8969,

    It's hard to say without knowing which specific packages you're referring to, but there are several known issues with ProGet 2023's license detection. It is something we're currently redoing in ProGet 2024. We plan to get this new detection logic in ProGet 2023, at least as a preview feature, in the coming weeks

    Here's a screenshot of working code:
    87b9da79-fb03-48f3-897d-2c210919b4c5-image.png

    I assume these are all publicly available packages. Can you share the SBOM files for your Releases? This will be extremely valuable for us to test with.

    It's kinda hard to find packages with embedded licenses to be honest.

    Thanks,
    Alana

    0
  • S

    I'm not able to attach an SBOM file to this.

    I'm not familiar with the "Add License File" screen in the picture you attached. What I've been doing (besides assigning the license in ProGet) is updating the License Type with the URL of the embedded license. Neither seems to help.

    e5eb1515-377d-4d7a-895e-dfd6668a5e32-image.png

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    Hi @scampbell_8969 ,

    The screenshot is not yet available, it's code that we're testing.

    In the meantime, you need to navigate to the package in a ProGetfeed, then assign the license. It will add a special url like package:// that is used to associate the package with the license.

    Can you email the files to support at inedo dot com, with the subject [QA-1368], then we can ffind it? Just let us know when you email the files

    0 S 1 Reply
  • S

    @atripp I just emailed the SBOM.

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    @scampbell_8969 excellent, please stay tuned, we'll get back within a couple weeks

    0 S 1 Reply
  • S

    @atripp OK

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation