Open
Conversation
There was a problem hiding this comment.
Pull request overview
This PR extends the Python ORT result model layer to support scanner results, including parsing snippet findings from ORT YAML output, and updates project metadata/dependencies accordingly.
Changes:
- Add scanner-related models (
ScannerRun,ScanResult,ScanSummary,ScannerDetails) plus supporting types (snippet findings, provenance resolution results, file lists, storage configs). - Add SPDX license-expression validation for snippet and license findings.
- Update YAML loader and project/tooling configs (version bump, dependencies, pre-commit hooks, README usage example).
Reviewed changes
Copilot reviewed 30 out of 31 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Locks new runtime deps and bumps dev tools (ruff/ty). |
| tests/test_scan_result.py | Adds tests covering scanner run + scan result parsing from YAML. |
| src/ort/utils/yaml_loader.py | Simplifies loader selection (CSafeLoader fallback). |
| src/ort/models/vcstype.py | Renames validator to satisfy naming/linting. |
| src/ort/models/text_location.py | Makes TextLocation hashable/comparable for set usage. |
| src/ort/models/snippet_finding.py | Adds SnippetFinding model (hashable for sets). |
| src/ort/models/snippet.py | Adds Snippet model + SPDX expression validation. |
| src/ort/models/scanner_run.py | Adds ScannerRun model to parse scanner run output. |
| src/ort/models/scanner_details.py | Adds ScannerDetails model. |
| src/ort/models/scan_summary.py | Adds ScanSummary model (findings + issues). |
| src/ort/models/scan_result.py | Adds ScanResult model (provenance/scanner/summary). |
| src/ort/models/provenance_resolution_result.py | Adds provenance resolution result model for scanner run. |
| src/ort/models/provenance.py | Refactors provenance hierarchy for scan/snippet provenance parsing. |
| src/ort/models/ort_result.py | Adds optional scanner section to OrtResult. |
| src/ort/models/license_finding.py | Adds LicenseFinding model + SPDX expression validation. |
| src/ort/models/file_list.py | Adds FileList and Entry models for scanner file lists. |
| src/ort/models/copyright_finding.py | Adds CopyrightFinding model. |
| src/ort/models/config/scanner_configuration.py | Adds scanner configuration model. |
| src/ort/models/config/scan_storage_configuration.py | Adds scan storage configuration models + storage type enum. |
| src/ort/models/config/s3_file_storage_configuration.py | Adds S3 file storage config model. |
| src/ort/models/config/provenance_storage_configuration.py | Adds provenance storage config model. |
| src/ort/models/config/postgres_connection.py | Adds Postgres connection config model. |
| src/ort/models/config/local_file_storage_configuration.py | Adds local file storage config model. |
| src/ort/models/config/http_file_storage_configuration.py | Adds HTTP file storage config model. |
| src/ort/models/config/file_storage_configuration.py | Adds file storage root config model. |
| src/ort/models/config/file_list_storage_configuration.py | Adds file list storage config model. |
| src/ort/models/config/file_archiver_configuration.py | Adds file archiver config model. |
| src/ort/models/base_run.py | Updates SPDX header metadata. |
| pyproject.toml | Bumps package version, adds deps, updates tool versions/ruff ignores. |
| prek.toml | Bumps hook versions and adds license-expression to ty hook deps. |
| README.md | Expands docs with installation + YAML parsing example. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,45 @@ | |||
| # SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info> | |||
| # # SPDX-FileCopyrightText: 2026 CARIAD SE | |||
| @@ -0,0 +1,55 @@ | |||
| # SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info> | |||
| # # SPDX-FileCopyrightText: 2026 CARIAD SE | |||
Comment on lines
+37
to
+55
| @field_validator("license", mode="before") | ||
| @classmethod | ||
| def validate_spdx(cls, value): | ||
| try: | ||
| licensing = get_spdx_licensing() | ||
| licensing.parse(value) | ||
| return value | ||
| except ExpressionError as e: | ||
| raise ValidationError( | ||
| [ | ||
| { | ||
| "type": "value_error.license_expression", | ||
| "loc": ("license",), | ||
| "msg": str(e), | ||
| "input": value, | ||
| } | ||
| ], | ||
| cls, | ||
| ) |
Comment on lines
+64
to
+82
| @field_validator("license", mode="before") | ||
| @classmethod | ||
| def validate_spdx(cls, value): | ||
| try: | ||
| licensing = get_spdx_licensing() | ||
| licensing.parse(value) | ||
| return value | ||
| except ExpressionError as e: | ||
| raise ValidationError( | ||
| [ | ||
| { | ||
| "type": "value_error.license_expression", | ||
| "loc": ("license",), | ||
| "msg": str(e), | ||
| "input": value, | ||
| } | ||
| ], | ||
| cls, | ||
| ) |
Comment on lines
24
to
34
| @@ -34,52 +34,64 @@ def validate_provenance(cls, v): | |||
| return UnknownProvenance() | |||
| @@ -0,0 +1,52 @@ | |||
| # SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info> | |||
| # # SPDX-FileCopyrightText: 2026 CARIAD SE | |||
Comment on lines
+39
to
+45
| def __hash__(self) -> int: | ||
| return hash(str(self.provenance)) | ||
|
|
||
| def __eq__(self, other) -> bool: | ||
| if not isinstance(other, ScanResult): | ||
| return NotImplemented | ||
| return self.provenance == other.provenance |
Comment on lines
+37
to
+39
| issues: dict[Identifier, set[Issue]] = Field( | ||
| default_factory=dict, | ||
| description="A map of [Identifier]s associated with a set of [Issue]s that occurred during a scan besides the" |
Comment on lines
+30
to
+44
| license_findings: set[LicenseFinding] = Field( | ||
| default_factory=set, | ||
| alias="licenses", | ||
| description="The detected license findings.", | ||
| ) | ||
| copyright_findings: set[CopyrightFinding] = Field( | ||
| default_factory=set, | ||
| alias="copyrights", | ||
| description="The detected copyright findings.", | ||
| ) | ||
| snippet_findings: set[SnippetFinding] = Field( | ||
| default_factory=set, | ||
| alias="snippets", | ||
| description="The detected snippet findings.", | ||
| ) |
| @@ -0,0 +1,27 @@ | |||
| # SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info> | |||
| # # SPDX-FileCopyrightText: 2026 CARIAD SE | |||
Signed-off-by: Helio Chissini de Castro <dev@heliocastro.info> Signed-off-by: Helio Chissini de Castro <helio.chissini.de.castro@cariad.technology>
heliocastro
force-pushed
the
feat/scanner_result
branch
from
c0a1e89 to
04cd0be
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.