chore(hfh):SP-4186 include licenses in hfh response

Author: agustingroh

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.33.0] - 2026-03-26
+### Added
+- Added `License` nested message to `HFHResponse.Version` with `name`, `spdx_id`, `is_spdx_approved`, and `url` fields
+- Added `licenses` repeated field to `HFHResponse.Version` to include license information in High precision Folder Hashing scan responses
 
 ## [0.32.1] - 2026-03-13
 ### Fixed
@@ -251,6 +255,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Vulnerabilities
 - Added REST endpoint support for each service also
 
+[0.33.0]: https://github.com/scanoss/papi/compare/v0.32.1...v0.33.0
 [0.32.1]: https://github.com/scanoss/papi/compare/v0.32.0...v0.32.1
 [0.32.0]: https://github.com/scanoss/papi/compare/v0.31.0...v0.32.0
 [0.31.0]: https://github.com/scanoss/papi/compare/v0.30.0...v0.31.0

api/scanningv2/scanoss-scanning.pb.go

@@ -167,5 +167,7 @@ enum ErrorCode {
   // Component version not found
   VERSION_NOT_FOUND = 4;
 
+
+
 }
 

protobuf/scanoss/api/common/v2/scanoss-common.proto

@@ -93,11 +93,27 @@ Each component object contains:
           "versions": [
             {
               "version": "1.30.0",
-              "score": 0.95
+              "score": 0.95,
+              "licenses": [
+                {
+                  "name": "MIT License",
+                  "spdx_id": "MIT",
+                  "is_spdx_approved": true,
+                  "url": "https://spdx.org/licenses/MIT.html"
+                }
+              ]
             },
             {
               "version": "1.29.0",
-              "score": 0.87
+              "score": 0.87,
+              "licenses": [
+                {
+                  "name": "MIT License",
+                  "spdx_id": "MIT",
+                  "is_spdx_approved": true,
+                  "url": "https://spdx.org/licenses/MIT.html"
+                }
+              ]
             }
           ],
           "rank": 1,
@@ -110,7 +126,21 @@ Each component object contains:
           "versions": [
             {
               "version": "2.1.0",
-              "score": 0.78
+              "score": 0.78,
+              "licenses": [
+                {
+                  "name": "Apache License 2.0",
+                  "spdx_id": "Apache-2.0",
+                  "is_spdx_approved": true,
+                  "url": "https://spdx.org/licenses/Apache-2.0.html"
+                },
+                {
+                  "name": "MIT License",
+                  "spdx_id": "MIT",
+                  "is_spdx_approved": true,
+                  "url": "https://spdx.org/licenses/MIT.html"
+                }
+              ]
             }
           ],
           "rank": 3,
@@ -128,7 +158,15 @@ Each component object contains:
           "versions": [
             {
               "version": "2.31.0",
-              "score": 0.92
+              "score": 0.92,
+              "licenses": [
+                {
+                  "name": "Apache License 2.0",
+                  "spdx_id": "Apache-2.0",
+                  "is_spdx_approved": true,
+                  "url": "https://spdx.org/licenses/Apache-2.0.html"
+                }
+              ]
             }
           ],
           "rank": 1,

protobuf/scanoss/api/scanning/v2/README.md

@@ -124,10 +124,25 @@ message HFHRequest {
 message HFHResponse {
     // Component version details
     message Version {
+
+        // Component license
+        message License {
+            // Full name of the license
+            string name = 1;
+            // SPDX license identifier. See https://spdx.org/licenses/
+            string spdx_id = 2 [json_name = "spdx_id"];
+            // Indicates whether this license is approved by the SPDX organization
+            bool is_spdx_approved = 3 [json_name = "is_spdx_approved"];
+            // URL pointing to the full license text
+            string url = 4;
+        }
+
         // Component version
         string version = 1;
         // Component score (0-1)
         float score = 2;
+        // Licenses
+        repeated License licenses = 3;
     }
     // Matched component details
     message Component {

protobuf/scanoss/api/scanning/v2/scanoss-scanning.proto

@@ -210,10 +210,40 @@
           "type": "number",
           "format": "float",
           "title": "Component score (0-1)"
+        },
+        "licenses": {
+          "type": "array",
+          "items": {
+            "type": "object",
+            "$ref": "#/definitions/HFHResponseVersionLicense"
+          },
+          "title": "Licenses"
         }
       },
       "title": "Component version details"
     },
+    "HFHResponseVersionLicense": {
+      "type": "object",
+      "properties": {
+        "name": {
+          "type": "string",
+          "title": "Full name of the license"
+        },
+        "spdx_id": {
+          "type": "string",
+          "title": "SPDX license identifier. See https://spdx.org/licenses/"
+        },
+        "is_spdx_approved": {
+          "type": "boolean",
+          "title": "Indicates whether this license is approved by the SPDX organization"
+        },
+        "url": {
+          "type": "string",
+          "title": "URL pointing to the full license text"
+        }
+      },
+      "title": "Component license"
+    },
     "StatusResponseDB": {
       "type": "object",
       "properties": {