Running Tern with -r and -c gives different results #999
Comments
|
Just in case you need, Tern at commit 273e3c8 Distributor ID: Ubuntu |
|
Scanning fossology/fossology:3.10 and postgres:9.5.25 with scancode extension provided package information.
|
|
I ran a regular Tern scan on |
|
@JustinWonjaePark I do see the issue you are describing -- if I run @nishakm when you are back from vacation can you poke at this? I'll see how far I get before vacation and leave any updates here. When Tern is run with scancode for Even more strange is that even when the cache is populated with package info from a previous Tern run, running Tern with scancode does not pull the cached package metadata into the report. (I think this behavior is related to #1000 as well). It's also interesting that Justin is seeing packages with scancode for other containers like postgres:9.5.25 which has a debian stretch base OS. I'm running scancode with postgres right now (likely overnight) to see what I find there and will report back. |
|
Confirmed that running (with a populated cache) Tern + Scancode with the |
|
@rnjudge I am not able to reproduce the package level inventory stuff. Default inventory: With scancode inventory: Debian doesn't have package level license metadata. |
|
Nisha and I discussed this and the issue is reproducible when you:
What's strange is that this seems to be unique to |
|
I am still unable to reproduce this issue :(. I have attached my output files here.
I get package level info in all 3 scenarios. Also, from the log, it looks like the layers are loaded from the cache as expected. |
|
It's probably worth noting my scancode version: |
|
Bingo! |
|
I am also running scancode 21.6.7. I will update for future debug on this. |
|
Looks like scancode errors out with a |
|
OK, I am having a hard time running scancode on the debian images. It's possible that the package inventory on debian images is just broken for scancode :( |
|
This issue with scancode is still open: nexB/scancode-toolkit#2467 |
|
@rnjudge @JustinWonjaePark It looks like tern's operation of augmenting the results of inventory runs by different methods works as expected, i.e. Running tern using the default method and then running scancode does not remove the data collected by running the default method. However, the |
|
@nishakm I am ok with changing the title as you need. |
nishakm
changed the title
If the redo flag is set, the executor should not load data from the cache. Hence we pass the redo flag to the load_from_cache function used in the scancode executor. Fixes tern-tools#999 Signed-off-by: Nisha K <nishak@vmware.com>
If the redo flag is set, the executor should not load data from the cache. Hence we pass the redo flag to the load_from_cache function used in the scancode executor. Fixes tern-tools#999 Signed-off-by: Nisha K <nishak@vmware.com>
If the redo flag is set, the executor should not load data from the cache. Hence we pass the redo flag to the load_from_cache function used in the scancode executor. Fixes #999 Signed-off-by: Nisha K <nishak@vmware.com>
Problem Statement
When you run tern without Scancode extension to create report,
you can get installed package information in
"packages":tern repot -f json -i debian:buster -o debian.jsonBut you usually don't get file level license information with out scancode extension.
So, if you want to get file level information, you need to run it with Scancode
tern repot -f json -x scancode -i debian:buster -o debian_scancode.jsonBut on report with Scancode extension run, package information is (usually)missing.
So, if you want both package information and file level information, you need to run the scan twice,
and merge the reports by yourself.
Describe the Proposal
Make an option (or change Scancode extension behavior) to combine the result of 'general' scan result and result result with Scancode extension.
The text was updated successfully, but these errors were encountered: