Possibility to exclude paths / files within a project from a scan

[MarcelBochtler]

Scenario:
I do have a repository with some huge files as test resources. Sometimes even binary files.
These result in ScanCode timeouts, when it tries to scans them.

The --skip-excluded CLI parameter currently only provides the possibility to exclude Packages and whole Projects.
See:

ort/scanner/src/main/kotlin/Scanner.kt

Lines 96 to 103 in 14a22cb

	// Determine the projects to scan as packages.
	val consolidatedProjects = consolidateProjectPackagesByVcs(ortResult.getProjects(skipExcluded))
	val projectPackages = consolidatedProjects.keys
	val projectPackageIds = projectPackages.map { it.id }
	val packages = ortResult.getPackages(skipExcluded)
	.filter { it.pkg.id !in projectPackageIds }
	.map { it.pkg }

Possible solution:
Use the --ignore option from ScanCode to ignore the files specified via a pathExclude in .ort.yml if --skip-excluded is used for the ORT scanner.

For FossID it is already possible to exclude files from the Project: #4976

[mnonnenmacher]

To implement this correctly it is required that the exclude configuration is reflected in the stored scan result, to make sure that the returned scan result matches the excludes if they are changed. This might be already solved by the scanner configuration compatibility check in the scan storage, if the excludes are passed as an option to ScanCode, but this needs to be verified.

[mnonnenmacher]

Open questions:

• Should this apply only to projects or to packages as well?
• Should this use path excludes or a new separate configuration?
• Should this be implemented scanner specific (e.g. the --ignore option for ScanCode) or in a generic way (e.g. deleting files before scanning)?

Bosch will make a concrete suggestion for an implementation and propose it to the community.