Is your feature request related to a problem? Please describe.
When the issued OSS Notice is .txt, add a new line in front of the OSS Name that is printed first.

• How to issue OSS Notice in .txt : Select Notice in txt format in Packaging > Notice tab.
  

Is your feature request related to a problem? Please describe.
Add alert when the number of OSS versions is 1

oss.length == 1	oss.length > 1
nothing	popup

Describe the solution you'd like
Add a condition when length == 1.

Is your feature request related to a problem? Please describe.

• Add auto-updating CHANGELOG.md on develop branch

Describe the solution you'd like

• Currently, only apply automatically to the main branch
• Using the matrix function of Github actions, both develop and main branches will be applied automatically.

Is your feature request related to a problem? Please describe.
When pressed button like below(in Project List > SRC tab) ,

FOSSLight recommends an oss name by checking the oss list.
If the download location is not stored in the OSS List only for the OSS Name that is an Unconfirmed Open Source Warning message, recommend the OSS Name according to the OSS Naming Rule.

Describe the solution you'd like

• OSS Naming Rule :
  — GitHub link: (owner)-(repository)
  ex) https://github.com/fosslight/fosslight ⇒ fosslight-fosslight
  — pypi link : pypi:(module_name)
  — npm link : npm:(module_name)
• maven link : (group_id):(artifact_id)
  — pub link : pub:(module_name)
• pods link : cocoapods:(module_name)

Is your feature request related to a problem? Please describe.
Hover over creator, reviewer in Project List to show ID.

I found the typo "donwloadId" in a few classes.

src/main/java/oss/fosslight/controller/ExcelDownloadController.java
src/main/java/oss/fosslight/controller/OssController.java
src/main/java/oss/fosslight/util/ExcelDownLoadUtil.java

I think we should change donwloadId to downloadId.

Describe the bug
Comment History only shows in packaging tab.

To Reproduce
when you click the Show Comment History button in packaging tab.

Expected behavior
Comment history supposed to be showed up in identification tab and packaging tab both.

The past comments has to be showed up like this.

Screenshots

Identification tab shows none of the comments.

System Environment (please complete the following information):

• Browser chrome
• Version 92.0.4515.159 (64bit)
• Etc

Additional context

Describe the bug
When I click verify in Packaging, file count is displayed as 0.
If I click "File List" after verifying, the list of files in the attached compressed file is not output.

To Reproduce
Steps to reproduce the behavior:

1. docker-compose up --build
2. Create a project.
3. After performing identification, go to the Packaging tab.
4. After uploading the zip file, click the Verify button.

Expected behavior

1. "File Count" should print the number of files in the corresponding Path.
2. When you click "File List", the list of files in the zip file should be printed in the downloaded txt file.

System Environment (please complete the following information):

• Browser : chrome
• macOS

Is your feature request related to a problem? Please describe.
AS-IS : When saving comments, a window appears to select the destination to send mail, and you send mail to the selected target.
TO-BE : When saving comments, set the sending target to all and send an email when saving comments

Describe the solution you'd like

Is your feature request related to a problem? Please describe.
indexOf methods are used in several classes, including src/main/java/oss/fosslight/controller/AdviceController.java.

Describe the solution you'd like
I think it is appropriate to use contains rather than indexOf because the method only checks for existence.
Also, I think using contains is better in terms of readability.

Describe alternatives you've considered
I referred to this link.

Is your feature request related to a problem? Please describe.
Delete "Need check" in the Obligation Type from the search box in the License List

ScreenShot

Description

• Rename "Excel Download" Button to "Export" in License List, OSS List, Project List, 3rd Party List, Self-Check List

Describe the bug
The Demo site returned 504 Gateway Timeout ,23:48 JST 5th June

To Reproduce
Steps to reproduce the behavior: Try to access the Demo site by using Firefox on macOS

Expected behavior
The fosslight's sign up screen are shown.

Screenshots

System Environment (please complete the following information):

• Browser Firefox
• Version 89.0
• Etc OS macOS Big Sur 11.4

Additional context

Describe the bug
Warning occurs when build source code.

> Task :compileJava
/home/gradle/src/src/main/java/oss/fosslight/scheduler/SchedulerWorkerTask.java:35: warning: Field 'log' already exists.
@Slf4j
^
/home/gradle/src/src/main/java/oss/fosslight/service/NvdDataService.java:40: warning: Field 'log' already exists.
@Slf4j

To Reproduce

• Run the command "docker-compose up --build"

Expected behavior

• Remove warning messages.

System Environment (please complete the following information):

• macOS

Is your feature request related to a problem? Please describe.

• Hide reject buttons on identification, package tab
  • Project List > Identification > Reject button
  • Project List > Packaging > Reject button

Describe the solution you'd like

• Hide reject button

Is your feature request related to a problem? Please describe.

Currently, if reviewer wants to change project status to "Reopen/Complete", reviewer must comments.

Describe the solution you'd like

In the Project List > change status button, when the reviewer clicks the Reopen/Complete button, it can be OK even if nothing is written in the comment.

Is your feature request related to a problem? Please describe.
Currently, only SRC sheets are loaded and saved. change to load and save all sheets starting with SRC

Describe the solution you'd like

In the oss_report_src api, try importing an excel file with multiple tabs starting with SRC and check that all are loaded and saved.

Is your feature request related to a problem? Please describe.
Clicking the restriction icon action

• TO-BE: License detail information pops up.

Restriction icon location

• Project List > Project > Identification > BOM tab
• 3rd Party list > 3rd Party
• Self-check list > self-check

Is your feature request related to a problem? Please describe.
If you click Project > Basic Information > Drop button, you can drop the project without writing any comments.
However, I think it will be helpful for future projects when the reason for the drop is clearly stated.
Therefore, when you click the drop button, if you have not entered a comment, a message appears asking you to enter a comment.

Describe the solution you'd like
The function currently executed when the button is clicked is as follows. Only if distributionStatus does not apply, you will be prompted for a comment if no comment is entered. Change to check whether comments are entered regardless of distributionStatus.

Is your feature request related to a problem? Please describe.
Drop added to the status condition when searching for a project

Describe the solution you'd like
Adds a drop state to the Project Search Status.

Description

• Modify pop-up phrases that occur when you press the reopen button in Project > Basic Information
• Creator Date : -> Created Date
• delete this phrase "Are you sure you want to reject?"

Screenshot

Type of change

Please insert 'x' one of the type of change.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Documentation update
• Refactoring, Maintenance
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Is your feature request related to a problem? Please describe.

• modify OSS list function that allow users to search download location regardless of https://, http://, www

Describe the solution you'd like

• check request home page url . if url starts with http:// or www. , save new homepage url that starts with https://

Is your feature request related to a problem? Please describe.
Edit the alert entry in https://lgtm.com/projects/g/fosslight/fosslight/?mode=list

Is your feature request related to a problem? Please describe.
Add User Guide and Restriction to license popup

Describe the solution you'd like

Is your feature request related to a problem? Please describe.
Display creator/modifier by name rather than ID in OSS List and License List. (Like Project List)

Is your feature request related to a problem? Please describe.
OSS details (tab that appears when you click OSS name in OSS List) > Click delete > Display a progress bar with a light gray background to prevent clicking other buttons on the screen until deletion is complete.

• Calling an existing function for the UI with the gray background progress bar (you can check it by pressing the Search button in the OSS List)

Is your feature request related to a problem? Please describe.
Add license information display when clicking the Restriction icon

Describe the solution you'd like
Click the Restriction icon to pop up the license information.

The picture below shows the license information when you click the license icon.

Is your feature request related to a problem? Please describe.
I was always confused that I saw two groups of buttons that look exactly same on the Identification page when I tried to identify my projects.

Describe the solution you'd like
They technically work same so I think it'd be better to delete one of them to clarify its function, which should be on the upper side of OSS table. Then, the number of files on the table won't be a problem.

Describe alternatives you've considered
Keep the below buttons on to be revealed out when you scroll up and down.

Describe the bug

The 'Uncaught TypeError:Cannot read property 'replace' of undefined error on the license details page is caused by an invalid conditional expression in code located at /src/main/webapp/WEB-INF/views/admin/license/view-js.jsp It occurs due to If data.detail.restriction does not exist, undefined type is entered as a conditional expression. Therefore, in the current conditional expression, undefined is not '', so the condition is true and the replace property that the undefined type does not have is accessed and an error occurs.

if(data.detail.restriction != ''){
	$('#restriction').append(data.detail.restriction.replace(/,/gi, ", "));
}

To Reproduce

(User) → License List → License Search → Click License → License Details Page
(It occurs only when there is no restriction information such as Academic Free License v1.2, Apache License 1.1.)

Screenshots

System Environment

• Browser : Chrome
• Version : 92.0.4515.131

Additional context
I suggest the following code modifications:

if(data.detail.restriction){
	$('#restriction').append(data.detail.restriction.replace(/,/gi, ", "));
}

If we use a conditional expression like the code above, it returns false successfully when restriction is undefined or ''. So we avoid calling the replace property when restriction is undefined or '' and avoid Uncaught TypeError.

Is your feature request related to a problem? Please describe.
I found the typo "encordedFilename" in a DownloadProcController.java

Describe the solution you'd like
change value name "encordedFilename" to "encodedFilename"

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
First of all, it is not a critical bug in the system. However, this makes debugging difficult. The reason for this error is that the receiveMessage method executes the JSON.parse method once more for the data, which is a javascript object. To explain in more detail, whenever the method addEventListener existing in ../resources/basic/js/basic.js is called, receiveMessage is also called. At this time, the receiveMessage method is a callback method and an event object is entered as a parameter. In the function, an appropriate function is performed according to the event.data value. In the current system, the type of event.data may be object or string. However, in the previous code, the error occurred because the object type data was once again tried to be a javascript object using the JSON.parse method.

To Reproduce
This is a problem that applies to all parts of the current FOSSLight service that are the scope of the call target of addEventListener.

Expected behavior
It is expected that all error messages that occur will be removed.

Screenshots

System Environment (please complete the following information):

• Chrome
• 93.0.4577.82
• MacOS Bigsur 11.4

Additional context
I suggest the code below.

function receiveMessage(event) {

	var data = event.data;

	if (typeof data === 'object') {
	}
	else if (typeof data === 'string') {
		data = JSON.parse(event.data);
	}

	switch(data.action){
		case 'create':
			createTab(data.tabData[0], data.tabData[1]);
			console.log(data.tabData[0] + data.tabData[1]);
			break;
			...

current code

function receiveMessage(event) {

	var data = event.data;

	switch(data.action){
		case 'create':
			createTab(data.tabData[0], data.tabData[1]);
			console.log(data.tabData[0] + data.tabData[1]);
			break;
			...

Describe the bug
When we excute docker-compose for starting this project,
docker-compose automatically generate db folder(for mariadb) and web-data folder(for web) .
That folders are unreleated to project because They are personal data.
So we have to ignore that folders.

To Reproduce
Add folders name to .gitignore

Is your feature request related to a problem? Please describe.
3rd Party List > 3rd party reviewer was b_admin, but admin a_admin changed the reviewer to c_admin.

• AS-IS: a_admin(a_id) assigned c_admin(c_id)
• TO-BE: a_admin(a_id) changed a reviewer from b_admin (b_id) to c_admin (c_id)
  • Receiver: changed reviewer, CC: Previous reviewer

Reference. In the case of a project, an email is sent to TO-BE when the reviewer is changed.

Describe the bug
When I sign in fosslight system as an Admin, Admin can administrate user in [System>User management] tab. But Admin can't create divsion. So Admin cannot set user's division. Is there any way to create division?

To Reproduce

• Add functions to create divsion.
• Add UI in [System>User management] tab.

Expected behavior
When someone signed in as an Admin, Admin can create divsion in [System>User management] tab.

Screenshots

Is your feature request related to a problem? Please describe.

add deactivate flag on search oss list API.

Describe the solution you'd like

modify ApiOSSMapper getOSSInfo.
add deactivate flag as deactivate

Is your feature request related to a problem? Please describe.
We plan to save the log after executing docker-compose --build -d in the github action and display it after the github actions are finished.

Describe alternatives you've considered
It will probably save and display docker-compose logs.

Is your feature request related to a problem? Please describe.

fosslight_db(db) container has restart: always option, but fosslight_web(web) hasn't.

I think fosslight_web have to restart in case of a crash.

Describe the solution you'd like
Add 'restart: always' option in fosslight_web container of docker-compose

Describe the bug
Packaging > Click verify after uploading the file.

fosslight_web  | INFO  21-08-24 01:39:04[http-nio-8180-exec-10] [o.f.s.impl.VerificationServiceImpl:501] - VERIFY START : 14
fosslight_web  | ERROR 21-08-24 01:39:04[http-nio-8180-exec-10] [o.f.s.impl.VerificationServiceImpl:1041] - Cannot run program "/service/verify/verify": error=13, Permission denied 

To Reproduce
Run the FOSSLight using docker.

Expected behavior
Verify the packaging file without error.

System Environment (please complete the following information):

• Browser :chrome

Is your feature request related to a problem? Please describe.
Add label:improvement to also appear as child of Feature in release draft

Describe the solution you'd like
Edit release-drafter-config.yml so that label:improvement and label:enhancement are under feature.

Describe the bug
FOSSLight uses 6 open source package repositories (GitHub, Maven, PyPI, npm, Pub, CocoaPods) to check various information of open source. However, only 4 open source package repositories are specified in fosslight_create.sql, OssServiceImpl::checkOssName function, and OssServiceImpl::saveOssCheckName function.

• db/initdb.d/fosslight_create.sql
  

• OssServiceImpl::checkOssName
  

  fosslight/src/main/java/oss/fosslight/service/impl/OssServiceImpl.java

  Line 1602 in a5ed084

  public List<ProjectIdentification> checkOssName(List<ProjectIdentification> list){

 switch(urlSearchSeq) {
    case 0: // github
        p = Pattern.compile("((http|https)://github.com/([^/]+)/([^/]+))");
		break;
	case 1: // npm
	    p = Pattern.compile("((http|https)://www.npmjs.com/package/([^/]+))");
		break;
	case 2: // pypi
	    p = Pattern.compile("((http|https)://pypi.org/project/([^/]+))");
		break;
	case 3: // maven
	    p = Pattern.compile("((http|https)://mvnrepository.com/artifact/([^/]+)/([^/]+))");
		break;
	default:
	    break;
}

• OssServiceImpl::saveOssCheckName
  

  fosslight/src/main/java/oss/fosslight/service/impl/OssServiceImpl.java

  Line 1758 in a5ed084

  public Map<String, Object> saveOssCheckName(ProjectIdentification paramBean, String targetName) {

switch(urlSearchSeq) {
    case 0: // github
        p = Pattern.compile("((http|https)://github.com/([^/]+)/([^/]+))");
		break;
	case 1: // npm
	    p = Pattern.compile("((http|https)://www.npmjs.com/package/([^/]+))");
		break;
	case 2: // pypi
	    p = Pattern.compile("((http|https)://pypi.org/project/([^/]+))");
		break;
	case 3: // maven
	    p = Pattern.compile("((http|https)://mvnrepository.com/artifact/([^/]+)/([^/]+))");
		break;
	default:
	    break;
}

To Reproduce
Added 2 open source package repository information (Pub, CocoaPods) to the source code.

Is your feature request related to a problem? Please describe.

> ./gradlew
zsh: permission denied: ./gradlew

gradlew is not execution in this project.

> ls -al gradlew
-rw-r--r--  1 epicarts  staff  5960  8 10 02:10 gradlew

gradlew hasn't x permission.

Describe the solution you'd like
Change file permission -rw-r--r--(644) to -rwxr-xr-x(755).

Describe alternatives you've considered

https://start.spring.io/
The permission generated on this site is -rwxr-xr-x

https://github.com/spring-projects/spring-boot
This spring project has -rwxr-xr-x

Description what problem is

Nickname on the SRC/BIN tab is renamed to OSS name unintentionally even if checked by admin on the BOM tab.

Screenshot

1. the row checked by admin on BOM tab. (you can see it on the far right)
   

2. change OSS name of the row on SRC tab to 'cairo456', another registered OSS name I registered.
   

3. but, when try to save, you can see the popup suggesting that you rename it to 'cairo', original OSS name.
   

4. then, when click ok button, it renamed to 'cairo' unintentionally.
   

Is your feature request related to a problem? Please describe.
Every time I add a project, the operating system is set to be empty so that I need to choose one of the system options.

Describe the solution you'd like
It would be convenient to set the first one -Linux, in this case - as a default.

Describe alternatives you've considered

Additional context

Describe the bug
When I upload a packaging file in Windows, ProcessBuilder cannot find the file.

To Reproduce
1.Project List-> Packaging column
2. Upload OSS Package

Expected behavior
a file is uploaded normally.

Screenshots

System Environment (please complete the following information):

• Browser : chrome
• os : windows

Additional context
I looked up the problem and found that /bin/bash doesn't exist on Windows.
I try replaced /bin/bash with cmd.exe, and replacing the switch -c with /c.
However, modifications do not solve the problem.

Is your feature request related to a problem? Please describe.
Korean and English are now being mixed up in comments, which may cause misunderstandings of source code to developers.

Describe the solution you'd like
Needs to translate all the comments written in Korean to English for a clear description for global contribution.

Describe alternatives you've considered
Switching back to Korean(?)

Additional context
Related code: https://github.com/fosslight/fosslight/blob/develop/src/main/java/oss/fosslight/domain/CoMailManager.java

-> Think this needs to be labeled as 'chore' or 'documentation'.

Fosslight 가이드에 보면 vulnerability check을 위해 NVD에서 매일 data feed를 받아와 저장한다고 되어 있습니다.

하지만 Fosslight를 직접 설치하여 사용해본 결과 그 기능이 작동하지 않는 것 같습니다.

예를 들어, vulnerability에 tomcat 검색해봐도 뜨지 않습니다.

Is your feature request related to a problem? Please describe

When the user wants to know the details of the detected license in the OSS Details tab, a separate link is not provided, which makes it difficult for the user to check the details.

Describe the solution you'd like

Displays the Detected License as a link and opens the detailed information tab of the license when clicked.

Description

• Move the Drop button to the right of the Delete button in "Project > Basic Information"

Screenshot

Type of change

Please insert 'x' one of the type of change.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Documentation update
• Refactoring, Maintenance
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Is your feature request related to a problem? Please describe.
I think it would be useful if the vulnerability discovered notification contains a CVE detail link.

Describe the solution you'd like
Modify a mail body with text and associated links in the CVE ID column.

Describe alternatives you've considered
An alternative is to add a separate link column.

Additional context

• as-is

• to-be