feat(scanoss): Add extra information to snippets

heliocastro · heliocastro · commit 041b2f364856 · 2025-09-06T10:26:55.000+02:00
SCANOSS server provides endpoints to retrieve the related snippet found,
but API call depends on the file hash, which is not provided on
current status.
Added file hash, file_url and source_hash into additionalData
instalation.

Co-authored-by: Agustin Isasmendi &lt;agustin.isasmendi@scanoss.com&gt;

Signed-off-by: Helio Chissini de Castro &lt;helio.chissini.de.castro@cariad.technology&gt;
diff --git a/plugins/scanners/scanoss/src/main/kotlin/ScanOssResultParser.kt b/plugins/scanners/scanoss/src/main/kotlin/ScanOssResultParser.kt
@@ -158,12 +158,13 @@ private fun createSnippetFindings(details: ScanFileDetails, localFilePath: Strin
     val vcsInfo = VcsHost.parseUrl(url.takeUnless { it == "none" }.orEmpty())
     val provenance = RepositoryProvenance(vcsInfo, ".")
 
-    // Purls can be empty if only one entry is provided
-    // and already taken by primaryPurl
-    val additionalData = if (purls.isNotEmpty()) {
-        mapOf("related_purls" to purls.joinToString(", ") { it.trim() })
-    } else {
-        emptyMap()
+    val additionalData = buildMap {
+        put("file_hash", details.fileHash)
+        put("file_url", details.fileUrl)
+        put("source_hash", details.sourceHash)
+        // Purls can be empty if only one entry is provided
+        // and already taken by primaryPurl
+        if (purls.isNotEmpty()) put("related_purls", purls.joinToString(",") { it.trim() })
     }
 
     // Convert both local and OSS line ranges to source locations.
diff --git a/plugins/scanners/scanoss/src/test/kotlin/ScanOssResultParserTest.kt b/plugins/scanners/scanoss/src/test/kotlin/ScanOssResultParserTest.kt
@@ -128,7 +128,12 @@ class ScanOssResultParserTest : WordSpec({
                                 "."
                             ),
                             "pkg:github/vdurmont/semver4j",
-                            SpdxExpression.parse("CC-BY-SA-2.0")
+                            SpdxExpression.parse("CC-BY-SA-2.0"),
+                            mapOf(
+                                "file_hash" to "6ff2427335b985212c9b79dfa795799f",
+                                "file_url" to "https://osskb.org/api/file_contents/6ff2427335b985212c9b79dfa795799f",
+                                "source_hash" to "bd4bff27f540f4f2c9de012acc4b48a3"
+                            )
                         )
                     )
                 )
@@ -154,9 +159,12 @@ class ScanOssResultParserTest : WordSpec({
                 snippets should haveSize(1)
                 snippets.first().purl shouldBe "pkg:github/kdrag0n/proton_bluecross"
 
-                // Verify remaining PURLs are stored in additionalData.
+                // Verify if related PURLs are stored in additionalData as CSV.
                 snippets.first().additionalData shouldBe
                     mapOf(
+                        "file_hash" to "581734935cfbe570d280a1265aaa2a6b",
+                        "file_url" to "https://api.scanoss.com/file_contents/581734935cfbe570d280a1265aaa2a6b",
+                        "source_hash" to "45dd1e50621a8a32f88fbe0251a470ab",
                         "related_purls" to "pkg:github/fake/fake_repository"
                     )
 
diff --git a/plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerDirectoryTest.kt b/plugins/scanners/scanoss/src/test/kotlin/ScanOssScannerDirectoryTest.kt
@@ -113,7 +113,12 @@ class ScanOssScannerDirectoryTest : StringSpec({
                                 VcsInfo(VcsType.GIT, "https://github.com/scanoss/ort.git", ""), "."
                             ),
                             "pkg:github/scanoss/ort",
-                            SpdxExpression.parse("Apache-2.0")
+                            SpdxExpression.parse("Apache-2.0"),
+                            mapOf(
+                                "file_hash" to "871fb0c5188c2f620d9b997e225b0095",
+                                "file_url" to "https://osskb.org/api/file_contents/871fb0c5188c2f620d9b997e225b0095",
+                                "source_hash" to "2e91edbe430c4eb195a977d326d6d6c0"
+                            )
                         )
                     )
                 )

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,12 @@ class ScanOssScannerDirectoryTest : StringSpec({`
`113`	`113`	`VcsInfo(VcsType.GIT, "https://github.com/scanoss/ort.git", ""), "."`
`114`	`114`	`),`
`115`	`115`	`"pkg:github/scanoss/ort",`
`116`		`- SpdxExpression.parse("Apache-2.0")`
	`116`	`+ SpdxExpression.parse("Apache-2.0"),`
	`117`	`+ mapOf(`
	`118`	`+ "file_hash" to "871fb0c5188c2f620d9b997e225b0095",`
	`119`	`+ "file_url" to "https://osskb.org/api/file_contents/871fb0c5188c2f620d9b997e225b0095",`
	`120`	`+ "source_hash" to "2e91edbe430c4eb195a977d326d6d6c0"`
	`121`	`+ )`
`117`	`122`	`)`
`118`	`123`	`)`
`119`	`124`	`)`