feat(scanner): Add Nomos plugin for license scanning

Signed-off-by: Prakash Mishra <prakashmishra9921@gmail.com>

chore(scanner): Update display name, fix detekt issue, and add copyright

Signed-off-by: Prakash Mishra <prakashmishra9921@gmail.com>

Author: Prakash-Mishra-9ghz

NOTICE

@@ -17,3 +17,4 @@ Copyright (C) 2022-2024 EPAM Systems, Inc.
 Copyright (C) 2023-2024 Double Open Oy
 Copyright (C) 2024 Robert Bosch GmbH
 Copyright (C) 2024 Cariad SE
+Copyright (C) 2025 Prakash Mishra

plugins/scanners/fossologynomossa/build.gradle.kts

@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2025 Prakash Mishra
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    id("org.jetbrains.kotlin.plugin.serialization") version "1.8.22"
+    id("ort-plugin-conventions")
+}
+
+dependencies {
+    api(projects.model)
+    api(projects.scanner)
+
+    implementation(projects.utils.commonUtils)
+
+    implementation(projects.utils.ortUtils)
+    implementation(projects.utils.spdxUtils)
+
+    ksp(projects.scanner)
+
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.8.1")
+}

plugins/scanners/fossologynomossa/src/main/kotlin/Nomossa.kt

@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2025 Prakash Mishra
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import java.io.File
+import java.time.Instant
+
+import org.apache.logging.log4j.kotlin.logger
+
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.ScannerDetails
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.scanner.LocalPathScannerWrapper
+import org.ossreviewtoolkit.scanner.ScanContext
+import org.ossreviewtoolkit.scanner.ScannerMatcher
+import org.ossreviewtoolkit.scanner.ScannerWrapperFactory
+import org.ossreviewtoolkit.utils.common.CommandLineTool
+import org.ossreviewtoolkit.utils.common.ProcessCapture
+
+object NomossaCommand : CommandLineTool {
+    override fun command(workingDir: File?): String {
+        return listOfNotNull(workingDir, "nomossa").joinToString(File.separator)
+    }
+
+    override fun transformVersion(output: String): String {
+        // Example output: nomossasa build version: 4.5.1.1 r(ff4fa7)
+        val versionRegex = Regex("""(\d+\.\d+\.\d+)(?:\.\d+)?""")
+        return versionRegex.find(output)?.groupValues?.get(1).orEmpty() // Returns 4.5.1
+    }
+
+    override fun getVersionArguments() = "-V"
+}
+
+/**
+ * A wrapper for [Nomossa](https://github.com/fossology/fossology).
+ *
+ * This plugin integrates FOSSology's Nomossa scanner into ORT by calling its CLI
+ * and mapping its output to ORT's scan result format.
+ */
+@OrtPlugin(
+    id = "FOSSology-Nomossa",
+    displayName = "FOSSology-Nomossa",
+    description = "A wrapper for [Nomossa](https://github.com/fossology/fossology).",
+    factory = ScannerWrapperFactory::class
+)
+class Nomossa(
+    override val descriptor: PluginDescriptor = NomossaFactory.descriptor,
+    private val config: NomossaConfig
+) : LocalPathScannerWrapper() {
+
+    private val commandLineOptions by lazy { getCommandLineOptions() }
+
+    internal fun getCommandLineOptions(): List<String> {
+        val options = LinkedHashSet(config.additionalOptions)
+        options.add("-J")
+        options.add("-l")
+        options.add("-n")
+        options.add(config.cpuCount.toString())
+        return options.toList()
+    }
+
+    override val configuration by lazy {
+        config.additionalOptions.joinToString(" ")
+    }
+
+    override val matcher by lazy { ScannerMatcher.create(details, config) }
+
+    override val version by lazy {
+        require(NomossaCommand.isInPath()) {
+            "The '${NomossaCommand.command()}' command is not available in the PATH environment."
+        }
+
+        NomossaCommand.getVersion()
+    }
+
+    override val readFromStorage = config.readFromStorage
+    override val writeToStorage = config.writeToStorage
+
+    override fun runScanner(path: File, context: ScanContext): String {
+        val process = runNomossa(path)
+
+        val resultText = process.stdout
+        logger.info { "Nomossa raw output:\n$resultText" }
+
+        return with(process) {
+            if (isError && stdout.isNotBlank()) logger.debug { stdout }
+            if (stderr.isNotBlank()) logger.debug { stderr }
+
+            stdout
+        }
+    }
+
+    override fun parseDetails(result: String): ScannerDetails {
+        return ScannerDetails(
+            name = descriptor.id,
+            version = version,
+            configuration = config.additionalOptions.joinToString(" ")
+        )
+    }
+
+    override fun createSummary(result: String, startTime: Instant, endTime: Instant): ScanSummary =
+        parseNomossaResult(result).toScanSummary(startTime, endTime)
+
+    /**
+     * Execute Nomossa with the configured arguments to scan the given [path].
+     */
+    internal fun runNomossa(path: File): ProcessCapture =
+        ProcessCapture(
+            NomossaCommand.command(),
+            *commandLineOptions.toTypedArray(),
+            "-d", path.absolutePath // Scan this directory
+        )
+}

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaConfig.kt

@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2025 Prakash Mishra
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import org.ossreviewtoolkit.plugins.api.OrtPluginOption
+import org.ossreviewtoolkit.scanner.ScannerMatcherCriteria
+
+/**
+ * Configuration options for the Nomossa scanner.
+ */
+data class NomossaConfig(
+    /**
+     * Command line options that affect scan results. These are used when matching stored results.
+     */
+    @OrtPluginOption(defaultValue = "-J,-l")
+    val additionalOptions: List<String>,
+
+    /**
+     * The scanner name pattern used when looking up scan results from storage.
+     */
+    override val regScannerName: String?,
+
+    /**
+     * The minimum version of scan results to use from storage.
+     */
+    override val minVersion: String?,
+
+    /**
+     * The maximum version of scan results to use from storage.
+     */
+    override val maxVersion: String?,
+
+    /**
+     * The configuration string for identifying matching scan results in storage.
+     */
+    override val configuration: String?,
+
+    /**
+     * Whether to read scan results from storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val readFromStorage: Boolean,
+
+    /**
+     * Whether to write scan results to storage.
+     */
+    @OrtPluginOption(defaultValue = "false")
+    val writeToStorage: Boolean
+) : ScannerMatcherCriteria {
+
+    /**
+     * Number of CPU processes Nomossa should use.
+     */
+    @OrtPluginOption(defaultValue = "2")
+    val cpuCount: Int = 2
+}

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaResultExtensions.kt

@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2025 Prakash Mishra
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import java.time.Instant
+
+import org.ossreviewtoolkit.model.LicenseFinding
+import org.ossreviewtoolkit.model.ScanSummary
+import org.ossreviewtoolkit.model.TextLocation
+
+internal fun NomossaResult.toScanSummary(startTime: Instant, endTime: Instant): ScanSummary {
+    val licenseFindings = results.flatMap { fileResult ->
+        fileResult.licenses.map { rawLicense ->
+
+            val safeLicense = if (rawLicense.matches(Regex("^[A-Za-z0-9.\\-+]+$"))) {
+                rawLicense
+            } else {
+                "LicenseRef-Nomossa-${rawLicense.replace(Regex("[^A-Za-z0-9.+-]"), "-")}" // License not found
+            }
+
+            LicenseFinding(
+                license = safeLicense, // use raw string
+                location = TextLocation(
+                    path = fileResult.file,
+                    startLine = 1,
+                    endLine = 1
+                )
+            )
+        }
+    }.toSortedSet(
+        compareBy(
+            { it.license.toString() },
+            { it.location.path },
+            { it.location.startLine }
+        )
+    )
+
+    return ScanSummary(
+        startTime = startTime,
+        endTime = endTime,
+        licenseFindings = licenseFindings,
+        issues = emptyList(), // no SPDX parsing issues anymore
+        copyrightFindings = sortedSetOf()
+    )
+}

plugins/scanners/fossologynomossa/src/main/kotlin/NomossaResultParser.kt

@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2025 Prakash Mishra
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.scanners.fossologynomossa
+
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.Json
+
+@Serializable
+internal data class NomossaResult(
+    val results: List<NomossaFileResult>
+)
+
+@Serializable
+internal data class NomossaFileResult(
+    val file: String,
+    val licenses: List<String>
+)
+
+private val json = Json {
+    ignoreUnknownKeys = true
+}
+
+/**
+ * Parses the JSON result string returned by Nomossa into a [NomossaResult] object.
+ */
+internal fun parseNomossaResult(result: String): NomossaResult = json.decodeFromString(result)