scanoss · francostramana · Mar 22, 2024 · Mar 22, 2024
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/policies/copyleft-policy-check.ts b/src/policies/copyleft-policy-check.ts
@@ -4,6 +4,11 @@ import { PolicyCheck } from './policy-check';
 import { Component, getComponents } from '../services/result.service';
 import { generateTable } from '../utils/markdown.utils';
 
+/**
+ * This class checks if any of the components identified in the scanner results are subject to copyleft licenses.
+ * It filters components based on their licenses and looks for those with copyleft obligations.
+ * It then generates a summary and detailed report of the findings.
+ */
 export class CopyleftPolicyCheck extends PolicyCheck {
   constructor() {
     super(`${CHECK_NAME}: Copyleft Policy`);

diff --git a/src/policies/undeclared-policy-check.ts b/src/policies/undeclared-policy-check.ts
@@ -6,6 +6,13 @@ import * as inputs from '../app.input';
 import { parseSBOM } from '../utils/sbom.utils';
 import { generateTable } from '../utils/markdown.utils';
 
+/**
+ * Verifies that all components identified in scanner results are declared in the project's SBOM.
+ * The run method compares components found by the scanner against those declared in the SBOM.
+ *
+ * It identifies and reports undeclared components, generating a summary and detailed report of the findings.
+ *
+ */
 export class UndeclaredPolicyCheck extends PolicyCheck {
   constructor() {
     super(`${CHECK_NAME}: Undeclared Policy`);

diff --git a/src/services/result.service.ts b/src/services/result.service.ts
@@ -15,6 +15,14 @@ export interface Component {
   licenses: License[];
 }
 
+/**
+ * This function groups components by their `purl` and aggregates their licenses,
+ * ensuring that each unique `purl` is represented once with a comprehensive list of licenses.
+ *
+ * @param results - The raw scanner results to be processed of type {@link ScannerResults}
+ * @returns An array of {@link Component} objects, each representing a unique component
+ *          with an aggregated list of licenses.
+ */
 export function getComponents(results: ScannerResults): Component[] {
   const components = new Array<Component>();
 
@@ -76,6 +84,12 @@ export function getComponents(results: ScannerResults): Component[] {
   return unqiqueComponents;
 }
 
+/**
+ * This function generate an array of {@link License } from raw scanner results {@link ScannerResults }
+ *
+ * @param results - The raw scanner results to be processed of type {@link ScannerResults}
+ * @returns An array of {@link License} objects
+ */
 export function getLicenses(results: ScannerResults): License[] {
   const licenses = new Array<License>();
 

diff --git a/src/services/scan.service.ts b/src/services/scan.service.ts
@@ -17,19 +17,47 @@ export async function uploadResults(): Promise<void> {
 }
 
 export interface Options {
-  sbomType?: string;
+  /**
+   * Whether SBOM ingestion is enabled. Optional.
+   */
   sbomEnabled?: boolean;
+
+  /**
+   * Specifies the SBOM processing type: "identify" or "ignore". Optional.
+   */
+  sbomType?: string;
+
+  /**
+   * Absolute path to the SBOM file. Required if sbomEnabled is set to true.
+   */
   sbomFilepath?: string;
 
+  /**
+   * Enables scanning for dependencies, utilizing scancode internally. Optional.
+   */
   dependenciesEnabled?: boolean;
 
+  /**
+   * Credentials for SCANOSS, enabling unlimited scans. Optional.
+   */
   apiKey?: string;
   apiUrl?: string;
 
+  /**
+   * Absolute path where scan results are saved. Required.
+   */
   outputFilepath: string;
+
+  /**
+   * Absolute path of the folder or file to scan. Required.
+   */
   inputFilepath: string;
 }
 
+/**
+ * `ScanService` is a class that wraps the `scanoss.py` Docker image, providing a simplified interface
+ * for configuring and executing source code scans
+ */
 export class ScanService {
   private options: Options;
   constructor(options?: Options) {
@@ -60,6 +88,18 @@ export class ScanService {
                     ${this.options.apiKey ? `--key ${this.options.apiKey}` : ''}`.replace(/\n/gm, ' ');
   }
 
+  /**
+   * Constructs the command segment for SBOM ingestion based on the current configuration. This method checks if SBOM
+   * ingestion is enabled and verifies the SBOM file's existence before constructing the command.
+   *
+   * @example
+   * // When SBOM ingestion is enabled with a specified SBOM file and type:
+   * // sbomEnabled = true, sbomFilepath = "/src/SBOM.json", sbomType = "identify"
+   * // returns "--identify /src/SBOM.json"
+   *
+   * @returns A command string segment for SBOM ingestion or an empty string if conditions are not met.
+   * @private
+   */
   private async detectSBOM(): Promise<string> {
     if (!this.options.sbomEnabled || !this.options.sbomFilepath) return '';