Skip to content

--dependencies ignores skip patterns #171

New issue
New issue
Open
Open
--dependencies ignores skip patterns#171
Assignees
eeisegn
Labels
enhancementNew feature or request
@rettichschnidi

Description

@rettichschnidi
rettichschnidi
opened on Dec 9, 2025

Problem

When running scanoss-py scan --dependencies, the dependencies contained in skipped folders are still reported. The matches are ignored as expected.

Reproducing

  1. mkdir -p ignore-depenencies/ignore-me && cd ignore-depenencies
  2. Match to be ignored: curl https://raw.githubusercontent.com/jgm/pandoc/69df27105003425a67efd149a7bd81d944915535/data/templates/default.opendocument > ignore-me/default.opendocument
  3. Dependency to ignore: echo pytest > ignore-me/requirements.txt
  4. Create dummy file to prevent warning: echo "Prevent 'Warning: No files found to scan in folder: .'" > dummy
  5. Ignore the ignore-me directory: 
    cat << EOF > scanoss.json
{
  "settings": {
    "skip": {
      "patterns": {
        "scanning": [
          "ignore-me/"
        ]
      },
      "sizes": {}
    }
  },
  "bom": {}
}
EOF
  6. Observe problem: 
     $ scanoss-py scan --dependencies .
 Loading settings file scanoss.json...
 Searching . for dependencies...
 Searching . for files to fingerprint...
 Fingerprinting \
 Scanning |################################| 1/1
 Retrieving dependency data...
 {
   "dummy": [
     {
       "id": "none",
       "server": {
         "elapsed": "0.000186s",
         "flags": "0",
         "hostname": "p16",
         "kb_version": {
           "daily": "25.12.09",
           "monthly": "25.11"
         },
         "version": "5.4.19"
       }
     }
   ],
   "ignore-me/requirements.txt": [
     {
       "dependencies": [
         {
           "component": "pytest",
           "licenses": [
             {
               "is_spdx_approved": true,
               "name": "MIT",
               "spdx_id": "MIT"
             }
           ],
           "purl": "pkg:pypi/pytest",
           "url": "https://pypi.org/project/pytest",
           "version": "9.0.2"
         }
       ],
       "id": "dependency",
       "status": "pending"
     }
   ]
 }

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions