New CLI options:

• A new CLI option --package-only has been added which performs
  a faster package scan by skipping the package assembly step and
  also skipping license/copyright detection on package metadata.

Major API/other changes:

• Output Format Version updated to 3.1.0 (minor version bump)
• Drops python 3.7 and adopts python 3.12
• New license match attributes:
  • from_file
  • matched_text_diagnostics is added for --license-text-diagnostics
• In codebase-level license_detections we have a new attribute
  reference_matches
• SPDX license expressions everywhere side-by-side with ScanCode
  license expressions.
• All rule attribute level data provided in codebase level todo items.

Changes in Output Data Structure:

• The data structure of the JSON output has changed for
  licenses at file level, and license detections at top-level.
  But note that all the changes are additions to the JSON output,
  so we have a minor version bump 3.0.0 to 3.1.0:

  • There is a new attribute from_file in matches which is in
    license_detections in:

    • File level license_detections
    • Codebase level license_detections
    • license_detections and other_license_detections in
      file-level package_data
    • license_detections and other_license_detections in
      codebase level packages

  • On using the CLI option --license-text-diagnostics there is
    now a new license match attribute matched_text_diagnostics
    with the matched text and highlighted diagnostics, instead of
    having this replace the plain matched_text.

  • A new reference_matches attribute is added to codebase-level
    license_detections which is same as the matches attribute
    in other license detections.

  • We now have SPDX license expressions everywhere we have
    ScanCode license expressions for ease of use and adopting
    SPDX everywhere. A new attribute license_expression_spdx
    is added to:

    • license_detections in file and codebase level
    • in package license_detections and other_license_detections
    • matches for license_detections everywhere

  • Adds all rule atrribute level info in codebase level todo
    data, to assist in review. This includes length, text, notes,
    referenced_filenames, and the boolean attributes (like
    is_license_notice, is_license_intro etc, as applicable).

• New and updated licenses, including support for newly released
  SPDX license list versions:

  • SPDX License List 3.22:
    This release of the SPDX license list had 48 new licenses,
    and several of them we already had as licenses/rules, and
    these has been modified to be consistent with the SPDX list.
    And the rest have been added as new licenses.
    For more details see Update to spdx 3.22 #3554

  • SPDX License List 3.23:
    This release of the SPDX license list had 43 new licenses,
    and out of them 22 were present as licenses and 10 were
    present as rules already. There were 4 new license/exception
    texts added, and the rest were either texts with small variations,
    additions to texts or several rule texts together.
    For more details see Support SPDX License List 3.23 #3653

  • We also have lots of other misc new licenses and rules added to
    LicenseDB, see PRs below for more details:
    Add new licenses and license updates #3663
    Update license rules #3642
    Add new and updated licenses #3586
    Yet more license rules #3584
    Add new license detection rules #3575
    More licenses #3570
    Add license detection rules #3568
    Add license rules #3562

• Improve debian namespace detection based on clues and fix
  namespace and qualifier bugs for debian purls.
  For more details see Add missing namespace to debian packages scancode.io#899
  and distro is passed as None for RPM packages #3443
  Also improve debian manifests parsing and purl parsing from
  filenames. Support for Collect Debian data live, aka. purl2meta purldb#245
  Bumps debian-inspector to v31.1.0

• Bump commoncode to v31.0.3

• Upgraded spdx-tools dependency to v0.8.
  See Upgrade spdx-tools to version 0.8 #3455

Support for Conan package parser:

• We now support the parsing of Conan manifest files, such as
  conanfile.py, as described here https://docs.conan.io/2.0/reference/conanfile.html.
  We also support source extraction from conandata.yml, as described here
  https://docs.conan.io/2/tutorial/creating_packages/handle_sources_in_packages.html#using-the-conandata-yml-file.

What's Changed

• fix: allow fedora based packages by @philcali in fix: allow fedora based packages #3479
• Upgrade spdx-tools to v0.8.1 Upgrade spdx-tools to version 0.8 #3455 by @armintaenzertng in Upgrade spdx-tools to v0.8.1 #3455 #3456
• Added docs server script, dark mode & copybutton for docs by @OmkarPh in Added docs server script, dark mode & copybutton for docs #3549
• npm: support aliases in yarn lock v1 by @schischi in npm: support aliases in yarn lock v1 #3555
• Add license rules by @AyanSinhaMahapatra in Add license rules #3562
• Fix failing tests by @AyanSinhaMahapatra in Fix failing tests #3563
• Add more license rules by @pombredanne in Add more license rules #3567
• Add license detection rules by @AyanSinhaMahapatra in Add license detection rules #3568
• More licenses by @AyanSinhaMahapatra in More licenses #3570
• Update to spdx 3.22 by @AyanSinhaMahapatra in Update to spdx 3.22 #3554
• Add new license detection rules by @pombredanne in Add new license detection rules #3575
• TestRule.test_dump_rule_file: sort the rule file lists. by @licquia in TestRule.test_dump_rule_file: sort the rule file lists. #3582
• Fix reference to install section by @rettichschnidi in Fix reference to install section #3583
• Add new and updated licenses by @AyanSinhaMahapatra in Add new and updated licenses #3586
• Fix-up an accidental use of SPDX's WITH operator in a rule by @fviernau in Fix-up an accidental use of SPDX's WITH operator in a rule #3628
• Update home.rst by @machuii in Update home.rst #3627
• Fix SCTK doc build by @AyanSinhaMahapatra in Fix SCTK doc build #3636
• Yet more license rules by @AyanSinhaMahapatra in Yet more license rules #3584
• Update license detections by @AyanSinhaMahapatra in Update license detections #3620
• Support conan in packagedcode by @keshav-space in Support conan in packagedcode #3650
• Update LicenseDB by @AyanSinhaMahapatra in Update LicenseDB #3641
• Update debian package manifest parsing by @AyanSinhaMahapatra in Update debian package manifest parsing #3647
• Fix debian source purl parsing in status by @AyanSinhaMahapatra in Fix debian source purl parsing in status #3661
• Support SPDX License List 3.23 by @AyanSinhaMahapatra in Support SPDX License List 3.23 #3653
• Add new licenses and license updates by @AyanSinhaMahapatra in Add new licenses and license updates #3663
• Update llgpl as a license exception by @AyanSinhaMahapatra in Update llgpl as a license exception #3680
• Update license rules by @AyanSinhaMahapatra in Update license rules #3642
• Add Misc updates by @pombredanne in Add Misc updates #3662
• Update package handlers by @AyanSinhaMahapatra in Update package handlers #3682
• Support cargo workspaces by @AyanSinhaMahapatra in Support cargo workspaces #3602
• Validate CLI inputs and paths crash when supplying YAML file to --from-json #3596 by @pombredanne in Validate CLI inputs and paths #3596 #3609
• Support Python 3.12 by @AyanSinhaMahapatra in Support Python 3.12 #3658
• Add a faster package scan with --package-only by @AyanSinhaMahapatra in Add a faster package scan with --package-only #3689
• Refine referenced filenames Refine referenced_filenames in license rules #3547 by @AyanSinhaMahapatra in Refine referenced filenames #3547 #3681
• Release prep v32.1.0 by @AyanSinhaMahapatra in Release prep v32.1.0 #3701

New Contributors

• @philcali made their first contribution in fix: allow fedora based packages #3479
• @schischi made their first contribution in npm: support aliases in yarn lock v1 #3555
• @licquia made their first contribution in TestRule.test_dump_rule_file: sort the rule file lists. #3582
• @rettichschnidi made their first contribution in Fix reference to install section #3583
• @machuii made their first contribution in Update home.rst #3627

Full Changelog: v32.0.8...v32.1.0