Support --todo option for reviews #593
Description
This won't actually be a review workflow proper but would just be a helpful guide when reviewing/looking into scans, with additions in the already present package/license explorer views. The format seems to be stable after several rounds of discussion, but still we can do this after the stable release, just in case.
See aboutcode-org/scancode-toolkit#3122 (comment) for the current state of this.
There are two kinds of issues here:
- license issues:
Here we should have either a red bug symbol or a exclamation mark symbol in the license detections list on the left pane of the license explorer, and have a new section in the details pen on the right, which will also show the review_comments (this section would be there only if the license detection is listed is an issue). Just having this part should be enough in the short term and would be a huge help in the license detection review.
Note that is review option is enabled, the license clues also show up as todo items and they are only listed once per unique detection, so this could be even used to remove duplicate clues. (This can be a improvement later)
- package issues:
There are two main types of package issues in the review, one is CANNOT_CREATE_PURL: The package data detected doesn't have enough fields to create a packageURL (required fields are type, name and version), which is a package manifest parsing/incomplete data issue. CANNOT_CREATE_TOP_LEVEL_PACKAGE: The package data detected couldn't be processed/merged into a scan-level package that is returned which is a package-assembly issue.
These are not reported currently in the package section as these are not top-level packages, so we'd have to also have these as incomplete package records in a section below the actual detected packages, similar to the license detection - license clue view.