From dd0e0bdf0c7089be1977b3a498cafe912159518b Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Fri, 17 Jan 2025 16:59:34 +0400
Subject: [PATCH 01/18] Add support for download URL as --input-list in
 batch-create #1524 (#1544)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 docs/command-line-interface.rst              | 28 ++++++++++++++++----
 scanpipe/management/commands/batch-create.py | 17 ++++++++++--
 2 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/docs/command-line-interface.rst b/docs/command-line-interface.rst
index ef16047a8..9f0101f73 100644
--- a/docs/command-line-interface.rst
+++ b/docs/command-line-interface.rst
@@ -174,6 +174,10 @@ Required arguments (one of):
   | project-2      | pkg:deb/debian/curl@7.50.3      |
   +----------------+---------------------------------+
 
+.. tip::
+    In place of a local path, a download URL to the CSV file is supported for the
+    ``--input-list`` argument.
+
 Optional arguments:
 
 - ``--project-name-suffix`` Optional custom suffix to append to project names.
@@ -194,14 +198,15 @@ Optional arguments:
 Example: Processing Multiple Docker Images
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-Assume multiple Docker images are available in a directory named ``local-data/`` on
+Suppose you have multiple Docker images stored in a directory named ``local-data/`` on
 the host machine.
-To process these images with the ``analyze_docker_image`` pipeline using asynchronous
-execution::
+To process these images using the ``analyze_docker_image`` pipeline with asynchronous
+execution, you can use this command::
 
     $ docker compose run --rm \
-        --volume local-data/:/input-data:ro \
-        web scanpipe batch-create input-data/ \
+        --volume local-data/:/input-data/:ro \
+        web scanpipe batch-create
+            --input-directory /input-data/ \
             --pipeline analyze_docker_image \
             --label "Docker" \
             --execute --async
@@ -224,6 +229,19 @@ Each Docker image in the ``local-data/`` directory will result in the creation o
 project with the specified pipeline (``analyze_docker_image``) executed by worker
 services.
 
+Example: Processing Multiple Develop to Deploy Mapping
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To process an input list CSV file with the ``map_deploy_to_develop`` pipeline using
+asynchronous execution::
+
+    $ docker compose run --rm \
+        web scanpipe batch-create \
+            --input-list https://url/input_list.csv \
+            --pipeline map_deploy_to_develop \
+            --label "d2d_mapping" \
+            --execute --async
+
 `$ scanpipe list-pipeline [--verbosity {0,1,2,3}]`
 --------------------------------------------------
 
diff --git a/scanpipe/management/commands/batch-create.py b/scanpipe/management/commands/batch-create.py
index 47b5c36c5..cf56d5aa4 100644
--- a/scanpipe/management/commands/batch-create.py
+++ b/scanpipe/management/commands/batch-create.py
@@ -27,8 +27,11 @@
 from django.core.management import CommandError
 from django.core.management.base import BaseCommand
 
+import requests
+
 from scanpipe.management.commands import CreateProjectCommandMixin
 from scanpipe.management.commands import PipelineCommandMixin
+from scanpipe.pipes import fetch
 
 
 class Command(CreateProjectCommandMixin, PipelineCommandMixin, BaseCommand):
@@ -54,7 +57,8 @@ def add_arguments(self, parser):
                 "Path to a CSV file with project names and input URLs. "
                 "The first column must contain project names, and the second column "
                 "should list comma-separated input URLs (e.g., Download URL, PURL, or "
-                "Docker reference)."
+                "Docker reference). "
+                "In place of a local path, a download URL to the CSV file is supported."
             ),
         )
         parser.add_argument(
@@ -110,7 +114,16 @@ def handle_input_directory(self, **options):
                 self.created_project_count += 1
 
     def handle_input_list(self, **options):
-        input_file = Path(options["input_list"])
+        input_file = options["input_list"]
+
+        if input_file.startswith("http"):
+            try:
+                download = fetch.fetch_http(input_file)
+            except requests.exceptions.RequestException as e:
+                raise CommandError(e)
+            input_file = download.path
+
+        input_file = Path(input_file)
         if not input_file.exists():
             raise CommandError(f"The {input_file} file does not exist.")
 

From ce227cd622e6284728850a5102cc00628db937d7 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Fri, 17 Jan 2025 17:42:45 +0400
Subject: [PATCH 02/18] Add a report management command to generate XLSX
 reports #1524 (#1545)

* Add a report management command to generate XLSX reports #1524

Signed-off-by: tdruez <tdruez@nexb.com>

* Rename "todos" in "todo" in mapping for consistency #1524

Signed-off-by: tdruez <tdruez@nexb.com>

* Set the proper exclude for the report XLSX outputs #1524

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                          |   4 +
 docs/command-line-interface.rst        |  41 +++++++++
 scanpipe/forms.py                      |   2 +-
 scanpipe/management/commands/report.py | 121 +++++++++++++++++++++++++
 scanpipe/pipes/output.py               |  28 ++++--
 scanpipe/tests/test_commands.py        |  48 ++++++++++
 scanpipe/tests/test_views.py           |   2 +-
 scanpipe/views.py                      |   3 +-
 8 files changed, 236 insertions(+), 13 deletions(-)
 create mode 100644 scanpipe/management/commands/report.py

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 54d7dd356..0e930bb49 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -47,6 +47,10 @@ v34.9.4 (unreleased)
   sheets with a dedicated VULNERABILITIES sheet.
   https://github.com/aboutcode-org/scancode.io/issues/1519
 
+- Add a ``report`` management command that allows to generate XLSX reports for
+  multiple projects at once using labels and searching by project name.
+  https://github.com/aboutcode-org/scancode.io/issues/1524
+
 v34.9.3 (2024-12-31)
 --------------------
 
diff --git a/docs/command-line-interface.rst b/docs/command-line-interface.rst
index 9f0101f73..28875183b 100644
--- a/docs/command-line-interface.rst
+++ b/docs/command-line-interface.rst
@@ -68,6 +68,7 @@ ScanPipe's own commands are listed under the ``[scanpipe]`` section::
       list-project
       output
       purldb-scan-worker
+      report
       reset-project
       run
       show-pipeline
@@ -393,6 +394,46 @@ your outputs on the host machine when running with Docker.
 .. tip:: To specify a CycloneDX spec version (default to latest), use the syntax
   ``cyclonedx:VERSION`` as format value. For example: ``--format cyclonedx:1.5``.
 
+.. _cli_report:
+
+`$ scanpipe report --sheet SHEET`
+---------------------------------
+
+Generates an XLSX report of selected projects based on the provided criteria.
+
+Required arguments:
+
+- ``--sheet {package,dependency,resource,relation,message,todo}``
+  Specifies the sheet to include in the XLSX report. Available choices are based on
+  predefined object types.
+
+Optional arguments:
+
+- ``--output-directory OUTPUT_DIRECTORY``
+  The path to the directory where the report file will be created. If not provided,
+  the report file will be created in the current working directory.
+
+- ``--search SEARCH``
+  Filter projects by searching for the provided string in their name.
+
+- ``--label LABELS``
+  Filter projects by the provided label(s). Multiple labels can be provided by using
+  this argument multiple times.
+
+.. note::
+    Either ``--label`` or ``--search`` must be provided to select projects.
+
+Example usage:
+
+1. Generate a report for all projects tagged with "d2d" and include the **TODOS**
+worksheet::
+
+   $ scanpipe report --sheet todo --label d2d
+
+2. Generate a report for projects whose names contain the word "audit" and include the
+**PACKAGES** worksheet::
+
+   $ scanpipe report --sheet package --search audit
 
 .. _cli_check_compliance:
 
diff --git a/scanpipe/forms.py b/scanpipe/forms.py
index d8c539258..0d7c543ba 100644
--- a/scanpipe/forms.py
+++ b/scanpipe/forms.py
@@ -281,7 +281,7 @@ class ProjectReportForm(forms.Form):
             ("codebaseresource", "Resources"),
             ("codebaserelation", "Relations"),
             ("projectmessage", "Messages"),
-            ("todos", "TODOs"),
+            ("todo", "TODOs"),
         ],
         required=True,
         initial="discoveredpackage",
diff --git a/scanpipe/management/commands/report.py b/scanpipe/management/commands/report.py
new file mode 100644
index 000000000..f2912ae71
--- /dev/null
+++ b/scanpipe/management/commands/report.py
@@ -0,0 +1,121 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# http://nexb.com and https://github.com/aboutcode-org/scancode.io
+# The ScanCode.io software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode.io is provided as-is without warranties.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+# ScanCode.io should be considered or used as legal advice. Consult an Attorney
+# for any legal advice.
+#
+# ScanCode.io is a free software code scanning tool from nexB Inc. and others.
+# Visit https://github.com/aboutcode-org/scancode.io for support and download.
+
+from pathlib import Path
+from timeit import default_timer as timer
+
+from django.core.management import CommandError
+from django.core.management.base import BaseCommand
+
+import xlsxwriter
+
+from aboutcode.pipeline import humanize_time
+from scanpipe.models import Project
+from scanpipe.pipes import filename_now
+from scanpipe.pipes import output
+
+
+class Command(BaseCommand):
+    help = "Report of selected projects."
+
+    def add_arguments(self, parser):
+        super().add_arguments(parser)
+        parser.add_argument(
+            "--output-directory",
+            help=(
+                "The path to the directory where the report file will be created. "
+                "If not provided, the report file will be created in the current "
+                "working directory."
+            ),
+        )
+        parser.add_argument(
+            "--sheet",
+            required=True,
+            choices=list(output.object_type_to_model_name.keys()),
+            help="Specifies the sheet to include in the XLSX report.",
+        )
+        parser.add_argument(
+            "--search",
+            help="Select projects searching for the provided string in their name.",
+        )
+        parser.add_argument(
+            "--label",
+            action="append",
+            dest="labels",
+            default=list(),
+            help=(
+                "Filter projects by the provided label(s). Multiple labels can be "
+                "provided by using this argument multiple times."
+            ),
+        )
+
+    def handle(self, *args, **options):
+        start_time = timer()
+        self.verbosity = options["verbosity"]
+
+        output_directory = options["output_directory"]
+        labels = options["labels"]
+        search = options["search"]
+        sheet = options["sheet"]
+        model_name = output.object_type_to_model_name.get(sheet)
+
+        if not (labels or search):
+            raise CommandError(
+                "You must provide either --label or --search to select projects."
+            )
+
+        project_qs = Project.objects.all()
+        if labels:
+            project_qs = project_qs.filter(labels__name__in=labels)
+        if search:
+            project_qs = project_qs.filter(name__icontains=search)
+        project_count = project_qs.count()
+
+        if not project_count:
+            raise CommandError("No projects found for the provided criteria.")
+
+        if self.verbosity > 0:
+            msg = f"{project_count} project(s) will be included in the report."
+            self.stdout.write(msg, self.style.SUCCESS)
+
+        worksheet_queryset = output.get_queryset(project=None, model_name=model_name)
+        worksheet_queryset = worksheet_queryset.filter(project__in=project_qs)
+
+        filename = f"scancodeio-report-{filename_now()}.xlsx"
+        if output_directory:
+            output_file = Path(f"{output_directory}/{filename}")
+        else:
+            output_file = Path(filename)
+
+        with xlsxwriter.Workbook(output_file) as workbook:
+            output.queryset_to_xlsx_worksheet(
+                worksheet_queryset,
+                workbook,
+                exclude_fields=output.XLSX_EXCLUDE_FIELDS,
+                prepend_fields=["project"],
+                worksheet_name="TODOS",
+            )
+
+        run_time = timer() - start_time
+        if self.verbosity > 0:
+            msg = f"Report generated at {output_file} in {humanize_time(run_time)}."
+            self.stdout.write(msg, self.style.SUCCESS)
diff --git a/scanpipe/pipes/output.py b/scanpipe/pipes/output.py
index 786fad734..84a795b09 100644
--- a/scanpipe/pipes/output.py
+++ b/scanpipe/pipes/output.py
@@ -96,7 +96,7 @@ def get_queryset(project, model_name):
             CodebaseRelation.objects.select_related("from_resource", "to_resource")
         ),
         "projectmessage": ProjectMessage.objects.all(),
-        "todos": CodebaseResource.objects.files().status(flag.REQUIRES_REVIEW),
+        "todo": CodebaseResource.objects.files().status(flag.REQUIRES_REVIEW),
     }
 
     queryset = querysets.get(model_name)
@@ -309,6 +309,11 @@ def to_json(project):
     "codebaseresource": "resource",
     "codebaserelation": "relation",
     "projectmessage": "message",
+    "todo": "todo",
+}
+
+object_type_to_model_name = {
+    value: key for key, value in model_name_to_object_type.items()
 }
 
 
@@ -469,6 +474,16 @@ def _adapt_value_for_xlsx(fieldname, value, maximum_length=32767, _adapt=True):
     return value, error
 
 
+XLSX_EXCLUDE_FIELDS = [
+    "extra_data",
+    "package_data",
+    "license_detections",
+    "other_license_detections",
+    "license_clues",
+    "affected_by_vulnerabilities",
+]
+
+
 def to_xlsx(project):
     """
     Generate output for the provided ``project`` in XLSX format.
@@ -479,15 +494,8 @@ def to_xlsx(project):
     with possible error messages for a row when converting the data to XLSX
     exceed the limits of what can be stored in a cell.
     """
+    exclude_fields = XLSX_EXCLUDE_FIELDS.copy()
     output_file = project.get_output_file_path("results", "xlsx")
-    exclude_fields = [
-        "extra_data",
-        "package_data",
-        "license_detections",
-        "other_license_detections",
-        "license_clues",
-        "affected_by_vulnerabilities",
-    ]
 
     if not project.policies_enabled:
         exclude_fields.append("compliance_alert")
@@ -572,7 +580,7 @@ def add_vulnerabilities_sheet(workbook, project):
 
 
 def add_todos_sheet(workbook, project, exclude_fields):
-    todos_queryset = get_queryset(project, "todos")
+    todos_queryset = get_queryset(project, "todo")
     if todos_queryset:
         queryset_to_xlsx_worksheet(
             todos_queryset, workbook, exclude_fields, worksheet_name="TODOS"
diff --git a/scanpipe/tests/test_commands.py b/scanpipe/tests/test_commands.py
index 69c2152ee..3f3156dcd 100644
--- a/scanpipe/tests/test_commands.py
+++ b/scanpipe/tests/test_commands.py
@@ -22,6 +22,7 @@
 
 import datetime
 import json
+import tempfile
 import uuid
 from contextlib import redirect_stdout
 from io import StringIO
@@ -37,14 +38,18 @@
 from django.test import override_settings
 from django.utils import timezone
 
+import openpyxl
+
 from scanpipe.management import commands
 from scanpipe.models import CodebaseResource
 from scanpipe.models import DiscoveredPackage
 from scanpipe.models import Project
 from scanpipe.models import Run
 from scanpipe.models import WebhookSubscription
+from scanpipe.pipes import flag
 from scanpipe.pipes import purldb
 from scanpipe.tests import make_package
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
 
 scanpipe_app = apps.get_app_config("scanpipe")
@@ -1092,6 +1097,49 @@ def test_scanpipe_management_command_check_compliance(self):
         )
         self.assertEqual(expected, out_value)
 
+    def test_scanpipe_management_command_report(self):
+        project1 = make_project("project1")
+        label1 = "label1"
+        project1.labels.add(label1)
+        make_resource_file(project1, path="file.ext", status=flag.REQUIRES_REVIEW)
+        make_project("project2")
+
+        expected = "Error: the following arguments are required: --sheet"
+        with self.assertRaisesMessage(CommandError, expected):
+            call_command("report")
+
+        options = ["--sheet", "UNKNOWN"]
+        expected = "Error: argument --sheet: invalid choice: 'UNKNOWN'"
+        with self.assertRaisesMessage(CommandError, expected):
+            call_command("report", *options)
+
+        options = ["--sheet", "todo"]
+        expected = "You must provide either --label or --search to select projects."
+        with self.assertRaisesMessage(CommandError, expected):
+            call_command("report", *options)
+
+        expected = "No projects found for the provided criteria."
+        with self.assertRaisesMessage(CommandError, expected):
+            call_command("report", *options, *["--label", "UNKNOWN"])
+
+        output_directory = Path(tempfile.mkdtemp())
+        options.extend(["--output-directory", str(output_directory), "--label", label1])
+        out = StringIO()
+        call_command("report", *options, stdout=out)
+        self.assertIn("1 project(s) will be included in the report.", out.getvalue())
+        output_file = list(output_directory.glob("*.xlsx"))[0]
+        self.assertIn(f"Report generated at {output_file}", out.getvalue())
+
+        workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
+        self.assertEqual(["TODOS"], workbook.get_sheet_names())
+        todos_sheet = workbook.get_sheet_by_name("TODOS")
+        header = list(todos_sheet.values)[0]
+
+        self.assertNotIn("extra_data", header)
+        row1 = list(todos_sheet.values)[1]
+        expected = ("project1", "file.ext", "file", "file.ext", "requires-review")
+        self.assertEqual(expected, row1[0:5])
+
 
 class ScanPipeManagementCommandMixinTest(TestCase):
     class CreateProjectCommand(
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
index 79758f03e..a6f47a24b 100644
--- a/scanpipe/tests/test_views.py
+++ b/scanpipe/tests/test_views.py
@@ -197,7 +197,7 @@ def test_scanpipe_views_project_action_report_view(self):
         data = {
             "action": "report",
             "selected_ids": f"{self.project1.uuid}",
-            "model_name": "todos",
+            "model_name": "todo",
         }
         response = self.client.post(url, data=data, follow=True)
         self.assertEqual("report.xlsx", response.filename)
diff --git a/scanpipe/views.py b/scanpipe/views.py
index 9257daba5..9aafa2981 100644
--- a/scanpipe/views.py
+++ b/scanpipe/views.py
@@ -466,6 +466,7 @@ def export_xlsx_file_response(self):
             output.queryset_to_xlsx_worksheet(
                 queryset,
                 workbook,
+                exclude_fields=output.XLSX_EXCLUDE_FIELDS,
                 prepend_fields=prepend_fields,
                 worksheet_name=worksheet_name,
             )
@@ -1245,7 +1246,7 @@ def get_export_xlsx_prepend_fields(self):
         return ["project"]
 
     def get_export_xlsx_worksheet_name(self):
-        if self.report_form.cleaned_data.get("model_name") == "todos":
+        if self.report_form.cleaned_data.get("model_name") == "todo":
             return "TODOS"
 
     def get_export_xlsx_filename(self):

From 54e63b61101c2593f7771408cb631a48dafe475a Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Mon, 20 Jan 2025 15:54:59 +0400
Subject: [PATCH 03/18] Keep the InputSource objects when using reset on
 Projects #1536 (#1549)

* Keep the InputSource objects when using ``reset`` on Projects #1536

Signed-off-by: tdruez <tdruez@nexb.com>

* Remove connectivity requirement for a unit test

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                       |  3 ++
 scanpipe/models.py                  | 10 +++--
 scanpipe/tests/__init__.py          | 34 +++++++++++-----
 scanpipe/tests/pipes/test_output.py | 10 +----
 scanpipe/tests/test_api.py          | 10 +----
 scanpipe/tests/test_models.py       | 63 +++++++++++++++++------------
 scanpipe/tests/test_pipelines.py    | 10 +++--
 7 files changed, 81 insertions(+), 59 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 0e930bb49..7a0c2b5f1 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -47,6 +47,9 @@ v34.9.4 (unreleased)
   sheets with a dedicated VULNERABILITIES sheet.
   https://github.com/aboutcode-org/scancode.io/issues/1519
 
+- Keep the InputSource objects when using ``reset`` on Projects.
+  https://github.com/aboutcode-org/scancode.io/issues/1536
+
 - Add a ``report`` management command that allows to generate XLSX reports for
   multiple projects at once using labels and searching by project name.
   https://github.com/aboutcode-org/scancode.io/issues/1524
diff --git a/scanpipe/models.py b/scanpipe/models.py
index e419a79e2..02d8a8e6d 100644
--- a/scanpipe/models.py
+++ b/scanpipe/models.py
@@ -640,14 +640,14 @@ def archive(self, remove_input=False, remove_codebase=False, remove_output=False
         self.is_archived = True
         self.save(update_fields=["is_archived"])
 
-    def delete_related_objects(self):
+    def delete_related_objects(self, keep_input=False):
         """
         Delete all related object instances using the private `_raw_delete` model API.
         This bypass the objects collection, cascade deletions, and signals.
         It results in a much faster objects deletion, but it needs to be applied in the
         correct models order as the cascading event will not be triggered.
         Note that this approach is used in Django's `fast_deletes` but the scanpipe
-        models are cannot be fast-deleted as they have cascades and relations.
+        models cannot be fast-deleted as they have cascades and relations.
         """
         # Use default `delete()` on the DiscoveredPackage model, as the
         # `codebase_resources (ManyToManyField)` records need to collected and
@@ -667,9 +667,11 @@ def delete_related_objects(self):
             self.discovereddependencies,
             self.codebaseresources,
             self.runs,
-            self.inputsources,
         ]
 
+        if not keep_input:
+            relationships.append(self.inputsources)
+
         for qs in relationships:
             count = qs.all()._raw_delete(qs.db)
             deleted_counter[qs.model._meta.label] = count
@@ -695,7 +697,7 @@ def reset(self, keep_input=True):
         """
         self._raise_if_run_in_progress()
 
-        self.delete_related_objects()
+        self.delete_related_objects(keep_input=keep_input)
 
         work_directories = [
             self.codebase_path,
diff --git a/scanpipe/tests/__init__.py b/scanpipe/tests/__init__.py
index fe2451cee..502412750 100644
--- a/scanpipe/tests/__init__.py
+++ b/scanpipe/tests/__init__.py
@@ -31,6 +31,7 @@
 from scanpipe.models import DiscoveredDependency
 from scanpipe.models import DiscoveredPackage
 from scanpipe.models import Project
+from scanpipe.models import ProjectMessage
 from scanpipe.tests.pipelines.do_nothing import DoNothing
 from scanpipe.tests.pipelines.download_inputs import DownloadInput
 from scanpipe.tests.pipelines.profile_step import ProfileStep
@@ -47,12 +48,12 @@
 mocked_now = mock.Mock(now=lambda: datetime(2010, 10, 10, 10, 10, 10))
 
 
-def make_project(name=None, **extra):
+def make_project(name=None, **data):
     name = name or str(uuid.uuid4())[:8]
-    return Project.objects.create(name=name, **extra)
+    return Project.objects.create(name=name, **data)
 
 
-def make_resource_file(project, path, **extra):
+def make_resource_file(project, path, **data):
     return CodebaseResource.objects.create(
         project=project,
         path=path,
@@ -61,30 +62,43 @@ def make_resource_file(project, path, **extra):
         type=CodebaseResource.Type.FILE,
         is_text=True,
         tag=path.split("/")[0],
-        **extra,
+        **data,
     )
 
 
-def make_resource_directory(project, path, **extra):
+def make_resource_directory(project, path, **data):
     return CodebaseResource.objects.create(
         project=project,
         path=path,
         name=path.split("/")[-1],
         type=CodebaseResource.Type.DIRECTORY,
         tag=path.split("/")[0],
-        **extra,
+        **data,
     )
 
 
-def make_package(project, package_url, **extra):
-    package = DiscoveredPackage(project=project, **extra)
+def make_package(project, package_url, **data):
+    package = DiscoveredPackage(project=project, **data)
     package.set_package_url(package_url)
     package.save()
     return package
 
 
-def make_dependency(project, **extra):
-    return DiscoveredDependency.objects.create(project=project, **extra)
+def make_dependency(project, **data):
+    return DiscoveredDependency.objects.create(project=project, **data)
+
+
+def make_message(project, **data):
+    if "model" not in data:
+        data["model"] = str(uuid.uuid4())[:8]
+
+    if "severity" not in data:
+        data["severity"] = ProjectMessage.Severity.ERROR
+
+    return ProjectMessage.objects.create(
+        project=project,
+        **data,
+    )
 
 
 resource_data1 = {
diff --git a/scanpipe/tests/pipes/test_output.py b/scanpipe/tests/pipes/test_output.py
index 88d20982b..25104710f 100644
--- a/scanpipe/tests/pipes/test_output.py
+++ b/scanpipe/tests/pipes/test_output.py
@@ -42,11 +42,11 @@
 from scanpipe import pipes
 from scanpipe.models import CodebaseResource
 from scanpipe.models import Project
-from scanpipe.models import ProjectMessage
 from scanpipe.pipes import flag
 from scanpipe.pipes import output
 from scanpipe.tests import FIXTURES_REGEN
 from scanpipe.tests import make_dependency
+from scanpipe.tests import make_message
 from scanpipe.tests import make_package
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import mocked_now
@@ -206,13 +206,7 @@ def test_scanpipe_pipes_outputs_to_xlsx(self):
         call_command("loaddata", fixtures, **{"verbosity": 0})
 
         project = Project.objects.get(name="asgiref")
-        ProjectMessage.objects.create(
-            project=project,
-            severity=ProjectMessage.Severity.ERROR,
-            description="Error",
-            model="Model",
-            details={},
-        )
+        make_message(project, description="Error")
         make_resource_file(
             project=project, path="path/file1.ext", status=flag.REQUIRES_REVIEW
         )
diff --git a/scanpipe/tests/test_api.py b/scanpipe/tests/test_api.py
index d91087946..5969b09da 100644
--- a/scanpipe/tests/test_api.py
+++ b/scanpipe/tests/test_api.py
@@ -54,6 +54,7 @@
 from scanpipe.pipes.input import copy_input
 from scanpipe.pipes.output import JSONResultsGenerator
 from scanpipe.tests import dependency_data1
+from scanpipe.tests import make_message
 from scanpipe.tests import make_package
 from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
@@ -795,13 +796,7 @@ def test_scanpipe_api_project_action_relations_filterset(self):
 
     def test_scanpipe_api_project_action_messages(self):
         url = reverse("project-messages", args=[self.project1.uuid])
-        ProjectMessage.objects.create(
-            project=self.project1,
-            severity=ProjectMessage.Severity.ERROR,
-            description="Error",
-            model="ModelName",
-            details={},
-        )
+        make_message(self.project1, description="Error")
 
         response = self.csrf_client.get(url)
         self.assertEqual(1, response.data["count"])
@@ -812,7 +807,6 @@ def test_scanpipe_api_project_action_messages(self):
         message = response.data["results"][0]
         self.assertEqual("error", message["severity"])
         self.assertEqual("Error", message["description"])
-        self.assertEqual("ModelName", message["model"])
         self.assertEqual({}, message["details"])
 
     def test_scanpipe_api_project_action_file_content(self):
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
index 71064fcdf..267f8e98f 100644
--- a/scanpipe/tests/test_models.py
+++ b/scanpipe/tests/test_models.py
@@ -76,7 +76,9 @@
 from scanpipe.tests import dependency_data2
 from scanpipe.tests import license_policies_index
 from scanpipe.tests import make_dependency
+from scanpipe.tests import make_message
 from scanpipe.tests import make_package
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_directory
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import mocked_now
@@ -93,7 +95,7 @@ class ScanPipeModelsTest(TestCase):
     fixtures = [data / "asgiref" / "asgiref-3.3.0_fixtures.json"]
 
     def setUp(self):
-        self.project1 = Project.objects.create(name="Analysis")
+        self.project1 = make_project("Analysis")
         self.project_asgiref = Project.objects.get(name="asgiref")
 
     def create_run(self, pipeline="pipeline", **kwargs):
@@ -118,7 +120,7 @@ def test_scanpipe_project_model_work_directories(self):
         self.assertTrue(self.project1.tmp_path.exists())
 
     def test_scanpipe_get_project_work_directory(self):
-        project = Project.objects.create(name="Name with spaces and @£$éæ")
+        project = make_project("Name with spaces and @£$éæ")
         expected = f"/projects/name-with-spaces-and-e-{project.short_uuid}"
         self.assertTrue(get_project_work_directory(project).endswith(expected))
         self.assertTrue(project.work_directory.endswith(expected))
@@ -191,7 +193,7 @@ def test_scanpipe_project_model_delete(self):
         self.assertTrue(work_path.exists())
 
         uploaded_file = SimpleUploadedFile("file.ext", content=b"content")
-        self.project1.write_input_file(uploaded_file)
+        self.project1.add_upload(uploaded_file=uploaded_file, tag="tag1")
         self.project1.add_pipeline("analyze_docker_image")
         resource = CodebaseResource.objects.create(project=self.project1, path="path")
         package = DiscoveredPackage.objects.create(project=self.project1)
@@ -209,11 +211,18 @@ def test_scanpipe_project_model_reset(self):
         self.assertTrue(work_path.exists())
 
         uploaded_file = SimpleUploadedFile("file.ext", content=b"content")
-        self.project1.write_input_file(uploaded_file)
+        self.project1.add_upload(uploaded_file=uploaded_file, tag="tag1")
         self.project1.add_pipeline("analyze_docker_image")
         resource = CodebaseResource.objects.create(project=self.project1, path="path")
         package = DiscoveredPackage.objects.create(project=self.project1)
         resource.discovered_packages.add(package)
+        make_message(self.project1, description="Error")
+
+        self.assertEqual(1, self.project1.projectmessages.count())
+        self.assertEqual(1, self.project1.runs.count())
+        self.assertEqual(1, self.project1.discoveredpackages.count())
+        self.assertEqual(1, self.project1.codebaseresources.count())
+        self.assertEqual(1, self.project1.inputsources.count())
 
         self.project1.reset()
 
@@ -223,6 +232,8 @@ def test_scanpipe_project_model_reset(self):
         self.assertEqual(0, self.project1.discoveredpackages.count())
         self.assertEqual(0, self.project1.codebaseresources.count())
 
+        # The InputSource objects are kept
+        self.assertEqual(1, self.project1.inputsources.count())
         self.assertTrue(work_path.exists())
         self.assertTrue(self.project1.input_path.exists())
         self.assertEqual(["file.ext"], self.project1.input_root)
@@ -604,7 +615,7 @@ def test_scanpipe_project_related_model_clone(self):
             target_url="http://domain.url"
         )
 
-        new_project = Project.objects.create(name="New Project")
+        new_project = make_project("New Project")
         subscription1.clone(to_project=new_project)
 
         cloned_subscription = new_project.webhooksubscriptions.get()
@@ -1884,7 +1895,7 @@ def test_scanpipe_discovered_package_queryset_vulnerable(self):
         self.assertIn(p2, DiscoveredPackage.objects.vulnerable())
 
     def test_scanpipe_discovered_package_queryset_dependency_methods(self):
-        project = Project.objects.create(name="project")
+        project = make_project("project")
         a = make_package(project, "pkg:type/a")
         b = make_package(project, "pkg:type/b")
         c = make_package(project, "pkg:type/c")
@@ -1978,7 +1989,7 @@ def test_scanpipe_codebase_resource_model_walk_method(self):
         self.assertEqual(sorted(expected_siblings), sorted(asgiref_resource_siblings))
 
     def test_scanpipe_codebase_resource_model_walk_method_problematic_filenames(self):
-        project = Project.objects.create(name="walk_test_problematic_filenames")
+        project = make_project("walk_test_problematic_filenames")
         resource1 = CodebaseResource.objects.create(
             project=project, path="qt-everywhere-opensource-src-5.3.2/gnuwin32/bin"
         )
@@ -2331,7 +2342,7 @@ def test_scanpipe_discovered_dependency_model_update_from_data(self):
         self.assertEqual(new_data["scope"], dependency.scope)
 
     def test_scanpipe_discovered_dependency_model_many_to_many(self):
-        project = Project.objects.create(name="project")
+        project = make_project("project")
 
         a = make_package(project, "pkg:type/a")
         b = make_package(project, "pkg:type/b")
@@ -2432,7 +2443,7 @@ def test_scanpipe_codebase_resource_queryset_has_directory_content_fingerprint(
         self.assertQuerySetEqual(expected, results, ordered=False)
 
     def test_scanpipe_codebase_resource_queryset_elfs(self):
-        project = Project.objects.create(name="Test")
+        project = make_project("Test")
         resource_starting_with_elf_and_executable_in_file_type = CodebaseResource(
             file_type="""ELF 32-bit LSB executable, ARM, version 1 (ARM), statically
              linked, with debug_info, not stripped""",
@@ -2510,7 +2521,7 @@ class ScanPipeModelsTransactionTest(TransactionTestCase):
 
     @mock.patch("scanpipe.models.Run.execute_task_async")
     def test_scanpipe_project_model_add_pipeline(self, mock_execute_task):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
 
         self.assertEqual(0, project1.runs.count())
 
@@ -2529,13 +2540,13 @@ def test_scanpipe_project_model_add_pipeline(self, mock_execute_task):
         self.assertEqual(pipeline_class.get_summary(), run.description)
         mock_execute_task.assert_not_called()
 
-        project2 = Project.objects.create(name="Analysis 2")
+        project2 = make_project("Analysis 2")
         project2.add_pipeline(pipeline_name, execute_now=True)
         mock_execute_task.assert_called_once()
 
     @mock.patch("scanpipe.models.Run.execute_task_async")
     def test_scanpipe_project_model_add_pipeline_run_can_start(self, mock_execute_task):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         pipeline_name = "inspect_packages"
         run1 = project1.add_pipeline(pipeline_name, execute_now=False)
         run2 = project1.add_pipeline(pipeline_name, execute_now=True)
@@ -2547,7 +2558,7 @@ def test_scanpipe_project_model_add_pipeline_run_can_start(self, mock_execute_ta
 
     @mock.patch("scanpipe.models.Run.execute_task_async")
     def test_scanpipe_project_model_add_pipeline_start_method(self, mock_execute_task):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         pipeline_name = "inspect_packages"
         run1 = project1.add_pipeline(pipeline_name, execute_now=False)
         run2 = project1.add_pipeline(pipeline_name, execute_now=False)
@@ -2564,7 +2575,7 @@ def test_scanpipe_project_model_add_pipeline_start_method(self, mock_execute_tas
         mock_execute_task.assert_called_once()
 
     def test_scanpipe_project_model_add_pipeline_selected_groups(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         pipeline_name = "scan_codebase"
 
         run1 = project1.add_pipeline(pipeline_name, selected_groups=[])
@@ -2580,7 +2591,7 @@ def test_scanpipe_project_model_add_pipeline_selected_groups(self):
             project1.add_pipeline(pipeline_name, selected_groups={})
 
     def test_scanpipe_project_model_add_info(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         message = project1.add_info(description="This is an info")
         self.assertEqual(message, ProjectMessage.objects.get())
         self.assertEqual("", message.model)
@@ -2590,7 +2601,7 @@ def test_scanpipe_project_model_add_info(self):
         self.assertEqual("", message.traceback)
 
     def test_scanpipe_project_model_add_warning(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         message = project1.add_warning(description="This is a warning")
         self.assertEqual(message, ProjectMessage.objects.get())
         self.assertEqual("", message.model)
@@ -2600,7 +2611,7 @@ def test_scanpipe_project_model_add_warning(self):
         self.assertEqual("", message.traceback)
 
     def test_scanpipe_project_model_add_error(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         details = {
             "name": "value",
             "release_date": datetime.fromisoformat("2008-02-01"),
@@ -2618,7 +2629,7 @@ def test_scanpipe_project_model_add_error(self):
         self.assertEqual("", message.traceback)
 
     def test_scanpipe_project_model_update_extra_data(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         self.assertEqual({}, project1.extra_data)
 
         with self.assertRaises(ValueError):
@@ -2647,7 +2658,7 @@ def test_scanpipe_project_model_update_extra_data(self):
         self.assertEqual(expected, project1.extra_data)
 
     def test_scanpipe_codebase_resource_model_add_error(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         codebase_resource = CodebaseResource.objects.create(project=project1, path="a")
         error = codebase_resource.add_error(Exception("Error message"))
 
@@ -2659,7 +2670,7 @@ def test_scanpipe_codebase_resource_model_add_error(self):
         self.assertEqual(codebase_resource.path, error.details["resource_path"])
 
     def test_scanpipe_codebase_resource_model_add_errors(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         codebase_resource = CodebaseResource.objects.create(project=project1)
         codebase_resource.add_error(Exception("Error1"))
         codebase_resource.add_error(Exception("Error2"))
@@ -2667,7 +2678,7 @@ def test_scanpipe_codebase_resource_model_add_errors(self):
 
     @skipIf(connection.vendor == "sqlite", "No max_length constraints on SQLite.")
     def test_scanpipe_project_error_model_save_non_valid_related_object(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         long_value = "value" * 1000
 
         package = DiscoveredPackage.objects.create(
@@ -2695,7 +2706,7 @@ def test_scanpipe_project_error_model_save_non_valid_related_object(self):
 
     @skipIf(connection.vendor == "sqlite", "No max_length constraints on SQLite.")
     def test_scanpipe_discovered_package_model_create_from_data(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
 
         package = DiscoveredPackage.create_from_data(project1, package_data1)
         self.assertEqual(project1, package.project)
@@ -2737,7 +2748,7 @@ def test_scanpipe_discovered_package_model_create_from_data(self):
         self.assertEqual(project_message_count, ProjectMessage.objects.count())
 
     def test_scanpipe_discovered_package_model_create_from_data_missing_type(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
 
         incomplete_data = dict(package_data1)
         incomplete_data["type"] = ""
@@ -2749,7 +2760,7 @@ def test_scanpipe_discovered_package_model_create_from_data_missing_type(self):
 
     @skipIf(connection.vendor == "sqlite", "No max_length constraints on SQLite.")
     def test_scanpipe_discovered_dependency_model_create_from_data(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
 
         DiscoveredPackage.create_from_data(project1, package_data1)
         CodebaseResource.objects.create(
@@ -2797,7 +2808,7 @@ def test_scanpipe_discovered_dependency_model_create_from_data(self):
         self.assertEqual("", message.traceback)
 
     def test_scanpipe_discovered_package_model_unique_package_uid_in_project(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
 
         self.assertTrue(package_data1["package_uid"])
         package = DiscoveredPackage.create_from_data(project1, package_data1)
@@ -2817,7 +2828,7 @@ def test_scanpipe_discovered_package_model_unique_package_uid_in_project(self):
 
     @skipIf(connection.vendor == "sqlite", "No max_length constraints on SQLite.")
     def test_scanpipe_codebase_resource_create_and_add_package_warnings(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project("Analysis")
         resource = CodebaseResource.objects.create(project=project1, path="p")
 
         package_count = DiscoveredPackage.objects.count()
diff --git a/scanpipe/tests/test_pipelines.py b/scanpipe/tests/test_pipelines.py
index bca1ec48f..5c864a8f7 100644
--- a/scanpipe/tests/test_pipelines.py
+++ b/scanpipe/tests/test_pipelines.py
@@ -1271,7 +1271,10 @@ def test_scanpipe_resolve_dependencies_pipeline_integration_empty_manifest(self)
         expected = "No packages could be resolved"
         self.assertIn(expected, message.description)
 
-    def test_scanpipe_resolve_dependencies_pipeline_integration_misc(self):
+    @mock.patch("scanpipe.pipes.resolve.resolve_dependencies")
+    def test_scanpipe_resolve_dependencies_pipeline_integration_misc(
+        self, mock_resolve_dependencies
+    ):
         pipeline_name = "resolve_dependencies"
         project1 = Project.objects.create(name="Analysis")
         selected_groups = ["DynamicResolver"]
@@ -1284,13 +1287,14 @@ def test_scanpipe_resolve_dependencies_pipeline_integration_misc(self):
         )
         pipeline = run.make_pipeline_instance()
 
+        mock_resolve_dependencies.return_value = mock.Mock(packages=[package_data1])
         exitcode, out = pipeline.execute()
         self.assertEqual(0, exitcode, msg=out)
         self.assertEqual(1, project1.discoveredpackages.count())
 
     @mock.patch("scanpipe.pipes.resolve.resolve_dependencies")
     def test_scanpipe_resolve_dependencies_pipeline_pypi_integration(
-        self, resolve_dependencies
+        self, mock_resolve_dependencies
     ):
         pipeline_name = "resolve_dependencies"
         project1 = Project.objects.create(name="Analysis")
@@ -1302,7 +1306,7 @@ def test_scanpipe_resolve_dependencies_pipeline_pypi_integration(
         pipeline = run.make_pipeline_instance()
 
         project1.move_input_from(tempfile.mkstemp(suffix="requirements.txt")[1])
-        resolve_dependencies.return_value = mock.Mock(packages=[package_data1])
+        mock_resolve_dependencies.return_value = mock.Mock(packages=[package_data1])
         exitcode, out = pipeline.execute()
         self.assertEqual(0, exitcode, msg=out)
 

From a6f7c860d4fbd07457dd7b37ea998fd0e54d31f6 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Tue, 21 Jan 2025 17:18:33 +0900
Subject: [PATCH 04/18] Add a select_across checkbox on the ProjectReportForm
 #1524 (#1534)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                                 |   4 +
 scancodeio/static/main.js                     |   3 +-
 scanpipe/forms.py                             |  27 +++-
 scanpipe/pipes/__init__.py                    |   2 +-
 scanpipe/templates/registration/login.html    |   2 -
 .../modals/project_archive_modal.html         |  21 ++-
 .../modals/projects_archive_modal.html        |  40 ++++-
 .../modals/projects_delete_modal.html         |   2 +
 .../modals/projects_download_modal.html       |  23 ++-
 .../modals/projects_report_modal.html         |  23 ++-
 .../scanpipe/modals/projects_reset_modal.html |  14 ++
 .../scanpipe/panels/project_inputs.html       |   8 +-
 scanpipe/templates/scanpipe/project_list.html |  18 +++
 scanpipe/tests/test_views.py                  |  69 ++++++++-
 scanpipe/views.py                             | 139 +++++++++++-------
 15 files changed, 309 insertions(+), 86 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 7a0c2b5f1..d813ead9a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -54,6 +54,10 @@ v34.9.4 (unreleased)
   multiple projects at once using labels and searching by project name.
   https://github.com/aboutcode-org/scancode.io/issues/1524
 
+- Add the ability to "select across" in Projects list when using the "select all"
+  checkbox on paginated list.
+  https://github.com/aboutcode-org/scancode.io/issues/1524
+
 v34.9.3 (2024-12-31)
 --------------------
 
diff --git a/scancodeio/static/main.js b/scancodeio/static/main.js
index 04b74db51..0be80c02d 100644
--- a/scancodeio/static/main.js
+++ b/scancodeio/static/main.js
@@ -232,7 +232,8 @@ function setupSelectCheckbox() {
       updateButtonAndDropdownState();
 
       // Check if all row checkboxes are checked and update the "Select All" checkbox accordingly
-      selectAllCheckbox.checked = Array.from(rowCheckboxes).every((cb) => cb.checked);
+      const allRowCheckboxesChecked = Array.from(rowCheckboxes).every((cb) => cb.checked);
+      selectAllCheckbox.checked = allRowCheckboxesChecked;
     });
   });
 
diff --git a/scanpipe/forms.py b/scanpipe/forms.py
index 0d7c543ba..94ce46428 100644
--- a/scanpipe/forms.py
+++ b/scanpipe/forms.py
@@ -238,7 +238,21 @@ def save(self, project):
         return input_source
 
 
-class ArchiveProjectForm(forms.Form):
+class BaseProjectActionForm(forms.Form):
+    select_across = forms.BooleanField(
+        label="",
+        required=False,
+        initial=0,
+        help_text="All project matching current search and filters will be included.",
+    )
+    url_query = forms.CharField(
+        widget=forms.HiddenInput,
+        required=False,
+        help_text="Stores the current URL filters.",
+    )
+
+
+class ArchiveProjectForm(BaseProjectActionForm):
     remove_input = forms.BooleanField(
         label="Remove inputs",
         initial=True,
@@ -255,8 +269,15 @@ class ArchiveProjectForm(forms.Form):
         required=False,
     )
 
+    def get_action_kwargs(self):
+        return {
+            "remove_input": self.cleaned_data["remove_input"],
+            "remove_codebase": self.cleaned_data["remove_codebase"],
+            "remove_output": self.cleaned_data["remove_output"],
+        }
+
 
-class ProjectOutputDownloadForm(forms.Form):
+class ProjectOutputDownloadForm(BaseProjectActionForm):
     output_format = forms.ChoiceField(
         label="Choose the output format to include in the ZIP file",
         choices=[
@@ -272,7 +293,7 @@ class ProjectOutputDownloadForm(forms.Form):
     )
 
 
-class ProjectReportForm(forms.Form):
+class ProjectReportForm(BaseProjectActionForm):
     model_name = forms.ChoiceField(
         label="Choose the object type to include in the XLSX file",
         choices=[
diff --git a/scanpipe/pipes/__init__.py b/scanpipe/pipes/__init__.py
index df1b5ecc3..610b703a7 100644
--- a/scanpipe/pipes/__init__.py
+++ b/scanpipe/pipes/__init__.py
@@ -113,7 +113,7 @@ def collect_and_create_codebase_resources(project, batch_size=5000):
     Collect and create codebase resources including the "to/" and "from/" context using
     the resource tag field.
 
-    The default ``batch_size`` can be overriden, although the benefits of a value
+    The default ``batch_size`` can be overridden, although the benefits of a value
     greater than 5000 objects are usually not significant.
     """
     model_class = CodebaseResource
diff --git a/scanpipe/templates/registration/login.html b/scanpipe/templates/registration/login.html
index ab91dd273..232b02479 100644
--- a/scanpipe/templates/registration/login.html
+++ b/scanpipe/templates/registration/login.html
@@ -21,7 +21,6 @@
           <div class="field">
             <label class="label">Username</label>
             <div class="control has-icons-left">
-              <!-- {{ form.username }}-->
               <input class="input" type="text" name="username" autofocus autocomplete="username" maxlength="150" required id="id_username">
               <span class="icon is-small is-left">
                 <i class="fa-solid fa-user"></i>
@@ -32,7 +31,6 @@
           <div class="field mb-5">
             <label class="label">Password</label>
             <div class="control has-icons-left">
-              <!-- {{ form.password }}-->
               <input class="input" type="password" name="password" autocomplete="current-password" required id="id_password">
               <span class="icon is-small is-left">
               <i class="fa-solid fa-lock"></i>
diff --git a/scanpipe/templates/scanpipe/modals/project_archive_modal.html b/scanpipe/templates/scanpipe/modals/project_archive_modal.html
index 09bb2f706..5fe738843 100644
--- a/scanpipe/templates/scanpipe/modals/project_archive_modal.html
+++ b/scanpipe/templates/scanpipe/modals/project_archive_modal.html
@@ -14,9 +14,24 @@
         <p class="mb-2">
           The selected directories will be removed:
         </p>
-        <ul class="mb-5">
-          {{ archive_form.as_ul }}
-        </ul>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_input }}
+            {{ archive_form.remove_input.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_codebase }}
+            {{ archive_form.remove_codebase.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_output }}
+            {{ archive_form.remove_output.label }}
+          </label>
+        </div>
         <p>
           Are you sure you want to do this?
         </p>
diff --git a/scanpipe/templates/scanpipe/modals/projects_archive_modal.html b/scanpipe/templates/scanpipe/modals/projects_archive_modal.html
index 8a90d1a6e..1fee867cc 100644
--- a/scanpipe/templates/scanpipe/modals/projects_archive_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_archive_modal.html
@@ -1,3 +1,4 @@
+{% load humanize %}
 <div class="modal" id="modal-projects-archive">
   <div class="modal-background"></div>
   <div class="modal-card">
@@ -9,18 +10,43 @@
       <section class="modal-card-body">
         <div class="notification is-warning has-text-weight-semibold">
           The selected projects will be marked as archived and will become read-only.
-          Those will not appear in the project list by default anymore.
+          Those will not appear in the project list by default anymore.<br>
         </div>
         <p class="mb-2">
           The selected directories will be removed:
         </p>
-        <ul class="mb-5">
-          {{ archive_form.as_ul }}
-        </ul>
-        <p>
-          Are you sure you want to do this?
-        </p>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_input }}
+            {{ archive_form.remove_input.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_codebase }}
+            {{ archive_form.remove_codebase.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ archive_form.remove_output }}
+            {{ archive_form.remove_output.label }}
+          </label>
+        </div>
+        {% if page_obj.paginator.num_pages > 1 %}
+          <div class="show-on-all-checked">
+            <hr>
+            <div class="field include-all-field">
+              <label class="checkbox" for="{{ archive_form.select_across.id_for_label }}">
+                <input type="checkbox" name="{{ archive_form.select_across.name }}" id="{{ archive_form.select_across.id_for_label }}">
+                Include all {{ paginator.count|intcomma }} projects
+              </label>
+              <p class="help">{{ outputs_download_form.select_across.help_text }}</p>
+            </div>
+          </div>
+        {% endif %}
       </section>
+      <input type="hidden" name="{{ archive_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="archive">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">No, Cancel</button>
diff --git a/scanpipe/templates/scanpipe/modals/projects_delete_modal.html b/scanpipe/templates/scanpipe/modals/projects_delete_modal.html
index d9108c4a7..9678e8a17 100644
--- a/scanpipe/templates/scanpipe/modals/projects_delete_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_delete_modal.html
@@ -1,3 +1,4 @@
+{% load humanize %}
 <div class="modal" id="modal-projects-delete">
   <div class="modal-background"></div>
   <div class="modal-card">
@@ -21,6 +22,7 @@
       </p>
     </section>
     <form action="{% url 'project_action' %}" method="post" id="delete-projects-form">{% csrf_token %}
+      <input type="hidden" name="{{ action_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="delete">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">No, Cancel</button>
diff --git a/scanpipe/templates/scanpipe/modals/projects_download_modal.html b/scanpipe/templates/scanpipe/modals/projects_download_modal.html
index 2bab0c761..d2d6b4e9a 100644
--- a/scanpipe/templates/scanpipe/modals/projects_download_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_download_modal.html
@@ -1,3 +1,4 @@
+{% load humanize %}
 <div class="modal" id="modal-projects-download">
   <div class="modal-background"></div>
   <div class="modal-card">
@@ -7,10 +8,26 @@
     </header>
     <form action="{% url 'project_action' %}" method="post" id="download-projects-form">{% csrf_token %}
       <section class="modal-card-body">
-        <ul class="mb-3">
-          {{ outputs_download_form.as_ul }}
-        </ul>
+        <div class="field">
+          <label class="label">{{ outputs_download_form.output_format.label }}</label>
+          <div class="control">
+            {{ outputs_download_form.output_format }}
+          </div>
+        </div>
+        {% if page_obj.paginator.num_pages > 1 %}
+          <div class="show-on-all-checked">
+            <hr>
+            <div class="field">
+              <label class="checkbox" for="{{ outputs_download_form.select_across.id_for_label }}">
+                <input type="checkbox" name="{{ outputs_download_form.select_across.name }}" id="{{ outputs_download_form.select_across.id_for_label }}">
+                Include all {{ paginator.count|intcomma }} projects
+              </label>
+              <p class="help">{{ outputs_download_form.select_across.help_text }}</p>
+            </div>
+          </div>
+        {% endif %}
       </section>
+      <input type="hidden" name="{{ outputs_download_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="download">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">Cancel</button>
diff --git a/scanpipe/templates/scanpipe/modals/projects_report_modal.html b/scanpipe/templates/scanpipe/modals/projects_report_modal.html
index c2f27bd0d..19fc2153a 100644
--- a/scanpipe/templates/scanpipe/modals/projects_report_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_report_modal.html
@@ -1,3 +1,4 @@
+{% load humanize %}
 <div class="modal" id="modal-projects-report">
   <div class="modal-background"></div>
   <div class="modal-card">
@@ -7,10 +8,26 @@
     </header>
     <form action="{% url 'project_action' %}" method="post" id="report-projects-form">{% csrf_token %}
       <section class="modal-card-body">
-        <ul class="mb-3">
-          {{ report_form.as_ul }}
-        </ul>
+        <div class="field">
+          <label class="label">{{ report_form.model_name.label }}</label>
+          <div class="control">
+            {{ report_form.model_name }}
+          </div>
+        </div>
+        {% if page_obj.paginator.num_pages > 1 %}
+          <div class="show-on-all-checked">
+            <hr>
+            <div class="field include-all-field">
+              <label class="checkbox" for="{{ report_form.select_across.id_for_label }}">
+                <input type="checkbox" name="{{ report_form.select_across.name }}" id="{{ report_form.select_across.id_for_label }}">
+                Include all {{ paginator.count|intcomma }} projects
+              </label>
+              <p class="help">{{ report_form.select_across.help_text }}</p>
+            </div>
+          </div>
+        {% endif %}
       </section>
+      <input type="hidden" name="{{ report_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="report">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">Cancel</button>
diff --git a/scanpipe/templates/scanpipe/modals/projects_reset_modal.html b/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
index 7df12429c..c74067972 100644
--- a/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
@@ -1,3 +1,4 @@
+{% load humanize %}
 <div class="modal" id="modal-projects-reset">
   <div class="modal-background"></div>
   <div class="modal-card">
@@ -15,8 +16,21 @@
       <p class="mb-5">
         Are you sure you want to do this?
       </p>
+      {% if page_obj.paginator.num_pages > 1 %}
+        <div class="show-on-all-checked">
+          <hr>
+          <div class="field include-all-field">
+            <label class="checkbox" for="{{ archive_form.select_across.id_for_label }}">
+              <input type="checkbox" name="{{ archive_form.select_across.name }}" id="{{ archive_form.select_across.id_for_label }}">
+              Include all {{ paginator.count|intcomma }} projects
+            </label>
+            <p class="help">{{ outputs_download_form.select_across.help_text }}</p>
+          </div>
+        </div>
+      {% endif %}
     </section>
     <form action="{% url 'project_action' %}" method="post" id="reset-projects-form">{% csrf_token %}
+      <input type="hidden" name="{{ action_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="reset">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">No, Cancel</button>
diff --git a/scanpipe/templates/scanpipe/panels/project_inputs.html b/scanpipe/templates/scanpipe/panels/project_inputs.html
index 1a120688a..3e2b3d6d5 100644
--- a/scanpipe/templates/scanpipe/panels/project_inputs.html
+++ b/scanpipe/templates/scanpipe/panels/project_inputs.html
@@ -42,9 +42,11 @@
         {% if project.can_change_inputs and input_source.uuid %}
           <a class="modal-button is-grey-link is-clickable ml-1" data-target="modal-inputs-delete" aria-haspopup="true" data-url="{% url 'project_delete_input' project.slug input_source.uuid %}" data-filename="{{ input_source.filename }}" href="#"><i class="fa-regular fa-trash-can"></i></a>
         {% endif %}
-        <a class="modal-button is-grey-link is-clickable ml-1" data-input-source-uuid="{{ input_source.uuid }}" data-tag-value="{{ input_source.tag }}" data-target="edit-input-tag-modal" aria-haspopup="true">
-          <span class="icon width-1 height-1"><i class="fa-solid fa-tag"></i></span>
-        </a>
+        {% if input_source.uuid %}{# File added in directory manually, no InputSource object available #}
+          <a class="modal-button is-grey-link is-clickable ml-1" data-input-source-uuid="{{ input_source.uuid }}" data-tag-value="{{ input_source.tag }}" data-target="edit-input-tag-modal" aria-haspopup="true">
+            <span class="icon width-1 height-1"><i class="fa-solid fa-tag"></i></span>
+          </a>
+        {% endif %}
       </div>
     </div>
   {% endfor %}
diff --git a/scanpipe/templates/scanpipe/project_list.html b/scanpipe/templates/scanpipe/project_list.html
index bf592827d..ae46b8c5c 100644
--- a/scanpipe/templates/scanpipe/project_list.html
+++ b/scanpipe/templates/scanpipe/project_list.html
@@ -98,6 +98,24 @@
           }
         });
       });
+
+      document.addEventListener("openModal", function(event) {
+        // Get all elements that should be shown or hidden based on the state of the checkboxes
+        const elementsForAllRowsChecked = getAll(".show-on-all-checked");
+        const selectAllCheckbox = document.getElementById("select-all");
+        const displayValue = selectAllCheckbox.checked ? "block" : "none";
+
+        // Iterate through all elements that need to be shown or hidden and apply the display style
+        elementsForAllRowsChecked.forEach((field) => {
+          field.style.display = displayValue;
+        });
+      });
+
     });
   </script>
+
+
+<script>
+
+</script>
 {% endblock %}
\ No newline at end of file
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
index a6f47a24b..4af988fe3 100644
--- a/scanpipe/tests/test_views.py
+++ b/scanpipe/tests/test_views.py
@@ -28,6 +28,7 @@
 
 from django.apps import apps
 from django.core.exceptions import SuspiciousFileOperation
+from django.http.response import Http404
 from django.test import TestCase
 from django.test import override_settings
 from django.urls import reverse
@@ -35,6 +36,7 @@
 
 import requests
 
+from scanpipe.forms import BaseProjectActionForm
 from scanpipe.models import CodebaseRelation
 from scanpipe.models import CodebaseResource
 from scanpipe.models import DiscoveredDependency
@@ -48,9 +50,11 @@
 from scanpipe.tests import dependency_data2
 from scanpipe.tests import make_dependency
 from scanpipe.tests import make_package
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import package_data1
 from scanpipe.tests import package_data2
+from scanpipe.views import ProjectActionView
 from scanpipe.views import ProjectCodebaseView
 from scanpipe.views import ProjectDetailView
 
@@ -147,7 +151,7 @@ def test_scanpipe_views_project_list_state_of_filters_in_search_form(self):
     def test_scanpipe_views_project_list_filters_exclude_page(self, mock_paginate_by):
         url = reverse("project_list")
         # Create another project to enable pagination
-        Project.objects.create(name="project2")
+        make_project()
         mock_paginate_by.return_value = 1
 
         data = {"page": "2"}
@@ -162,6 +166,34 @@ def test_scanpipe_views_project_list_filters_exclude_page(self, mock_paginate_by
         expected = '<a href="?sort=" class="dropdown-item is-active">Newest</a>'
         self.assertContains(response, expected)
 
+    def test_scanpipe_views_project_list_modal_forms_include_url_query(self):
+        url = reverse("project_list")
+        response = self.client.get(url)
+
+        expected = '<input type="hidden" name="url_query" value="">'
+        self.assertContains(response, expected, html=True)
+
+        url_query = "name=search_value"
+        response = self.client.get(url + "?" + url_query)
+        expected = f'<input type="hidden" name="url_query" value="{url_query}">'
+        self.assertContains(response, expected, html=True)
+
+    @mock.patch("scanpipe.views.ProjectListView.get_paginate_by")
+    def test_scanpipe_views_project_list_modal_forms_include_show_on_all_checked(
+        self, mock_paginate_by
+    ):
+        url = reverse("project_list")
+        # Create another project to enable pagination
+        make_project()
+        mock_paginate_by.return_value = 1
+        response = self.client.get(url)
+        expected = '<div class="show-on-all-checked">'
+        self.assertContains(response, expected)
+
+        mock_paginate_by.return_value = 2
+        response = self.client.get(url)
+        self.assertNotContains(response, expected)
+
     def test_scanpipe_views_project_actions_view(self):
         url = reverse("project_action")
         response = self.client.get(url)
@@ -187,10 +219,6 @@ def test_scanpipe_views_project_actions_view(self):
         self.assertRedirects(response, reverse("project_list"))
         expected = '<div class="message-body">1 projects have been delete.</div>'
         self.assertContains(response, expected, html=True)
-        expected = (
-            f'<div class="message-body">Project {random_uuid} does not exist.</div>'
-        )
-        self.assertContains(response, expected, html=True)
 
     def test_scanpipe_views_project_action_report_view(self):
         url = reverse("project_action")
@@ -202,6 +230,37 @@ def test_scanpipe_views_project_action_report_view(self):
         response = self.client.post(url, data=data, follow=True)
         self.assertEqual("report.xlsx", response.filename)
 
+    def test_scanpipe_views_project_action_view_get_project_queryset(self):
+        queryset = ProjectActionView.get_project_queryset(
+            selected_project_ids=[self.project1.uuid],
+            action_form=None,
+        )
+        self.assertQuerySetEqual(queryset, [self.project1])
+
+        # No project selection, no select_across
+        form_data = {"select_across": 0}
+        action_form = BaseProjectActionForm(data=form_data)
+        action_form.full_clean()
+        with self.assertRaises(Http404):
+            ProjectActionView.get_project_queryset(
+                selected_project_ids=None,
+                action_form=action_form,
+            )
+
+        # select_across, no active filters
+        form_data = {"select_across": 1}
+        action_form = BaseProjectActionForm(data=form_data)
+        action_form.full_clean()
+        self.assertQuerySetEqual(queryset, [self.project1])
+
+        # select_across, active filters
+        make_project()
+        self.assertEqual(2, Project.objects.count())
+        form_data = {"select_across": 1, "url_query": f"name={self.project1.name}"}
+        action_form = BaseProjectActionForm(data=form_data)
+        action_form.full_clean()
+        self.assertQuerySetEqual(queryset, [self.project1])
+
     def test_scanpipe_views_project_details_is_archived(self):
         url = self.project1.get_absolute_url()
         expected1 = "WARNING: This project is archived and read-only."
diff --git a/scanpipe/views.py b/scanpipe/views.py
index 9aafa2981..43e3c1afa 100644
--- a/scanpipe/views.py
+++ b/scanpipe/views.py
@@ -43,6 +43,7 @@
 from django.http import HttpResponse
 from django.http import HttpResponseRedirect
 from django.http import JsonResponse
+from django.http import QueryDict
 from django.shortcuts import get_object_or_404
 from django.shortcuts import redirect
 from django.shortcuts import render
@@ -76,6 +77,7 @@
 from scanpipe.forms import AddLabelsForm
 from scanpipe.forms import AddPipelineForm
 from scanpipe.forms import ArchiveProjectForm
+from scanpipe.forms import BaseProjectActionForm
 from scanpipe.forms import EditInputSourceTagForm
 from scanpipe.forms import PipelineRunStepSelectionForm
 from scanpipe.forms import ProjectCloneForm
@@ -554,6 +556,7 @@ class ProjectListView(
 ):
     model = Project
     filterset_class = ProjectFilterSet
+    paginate_by = settings.SCANCODEIO_PAGINATE_BY.get("project", 20)
     template_name = "scanpipe/project_list.html"
     prefetch_related = [
         "labels",
@@ -570,7 +573,6 @@ class ProjectListView(
             ),
         ),
     ]
-    paginate_by = settings.SCANCODEIO_PAGINATE_BY.get("project", 20)
     table_columns = [
         "name",
         {
@@ -605,6 +607,7 @@ class ProjectListView(
 
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
+        context["action_form"] = BaseProjectActionForm()
         context["archive_form"] = ArchiveProjectForm()
         context["outputs_download_form"] = ProjectOutputDownloadForm()
         context["report_form"] = ProjectReportForm()
@@ -1144,7 +1147,7 @@ def form_valid(self, form):
 
         project = self.get_object()
         try:
-            project.archive(**form.cleaned_data)
+            project.archive(**form.get_action_kwargs())
         except RunInProgressError as error:
             messages.error(self.request, error)
             return redirect(project)
@@ -1153,6 +1156,23 @@ def form_valid(self, form):
         return response
 
 
+class ProjectResetView(ConditionalLoginRequired, generic.DeleteView):
+    model = Project
+    success_message = 'All data, except inputs, for the "{}" project have been removed.'
+
+    def form_valid(self, form):
+        """Call the reset() method on the project."""
+        project = self.get_object()
+        try:
+            project.reset(keep_input=True)
+        except RunInProgressError as error:
+            messages.error(self.request, error)
+        else:
+            messages.success(self.request, self.success_message.format(project.name))
+
+        return redirect(project)
+
+
 class ProjectDeleteView(ConditionalLoginRequired, generic.DeleteView):
     model = Project
     success_url = reverse_lazy("project_list")
@@ -1176,31 +1196,42 @@ class ProjectActionView(ConditionalLoginRequired, ExportXLSXMixin, generic.ListV
 
     model = Project
     allowed_actions = ["archive", "delete", "reset", "report", "download"]
+    action_to_form_class = {
+        "archive": ArchiveProjectForm,
+        "report": ProjectReportForm,
+        "download": ProjectOutputDownloadForm,
+    }
     success_url = reverse_lazy("project_list")
 
     def post(self, request, *args, **kwargs):
+        action_kwargs = {}
+
         action = request.POST.get("action")
         if action not in self.allowed_actions:
             raise Http404
 
-        self.selected_project_ids = request.POST.get("selected_ids", "").split(",")
-        count = 0
+        action_form = self.get_action_form(action)
+        selected_project_ids = [
+            project_uuid
+            for project_uuid in request.POST.get("selected_ids", "").split(",")
+            if project_uuid
+        ]
+        project_qs = self.get_project_queryset(selected_project_ids, action_form)
+
+        if action == "download":
+            return self.download_outputs_zip_response(project_qs, action_form)
 
-        action_kwargs = {}
         if action == "report":
+            self.action_form = action_form
+            self.project_qs = project_qs
             return self.export_xlsx_file_response()
 
-        if action == "download":
-            return self.download_outputs_zip_response()
-
         if action == "archive":
-            archive_form = ArchiveProjectForm(request.POST)
-            if not archive_form.is_valid():
-                raise Http404
-            action_kwargs = archive_form.cleaned_data
+            action_kwargs = action_form.get_action_kwargs()
 
-        for project_uuid in self.selected_project_ids:
-            if self.perform_action(action, project_uuid, action_kwargs):
+        count = 0
+        for project in project_qs:
+            if self.perform_action(project, action, action_kwargs):
                 count += 1
 
         if count:
@@ -1208,63 +1239,78 @@ def post(self, request, *args, **kwargs):
 
         return HttpResponseRedirect(self.success_url)
 
-    def perform_action(self, action, project_uuid, action_kwargs=None):
+    def get_action_form(self, action):
+        """Return the validated ``action_form`` instance."""
+        action_form_class = self.action_to_form_class.get(action, BaseProjectActionForm)
+        action_form = action_form_class(self.request.POST)
+
+        if not action_form.is_valid():
+            raise Http404
+
+        return action_form
+
+    def perform_action(self, project, action, action_kwargs=None):
         if not action_kwargs:
             action_kwargs = {}
 
         try:
-            project = Project.objects.get(pk=project_uuid)
             getattr(project, action)(**action_kwargs)
-            return True
-        except Project.DoesNotExist:
-            messages.error(self.request, f"Project {project_uuid} does not exist.")
         except RunInProgressError as error:
             messages.error(self.request, str(error))
         except (AttributeError, ValidationError):
             raise Http404
 
+        return True
+
     def get_success_message(self, action, count):
         return f"{count} projects have been {action}."
 
-    def export_xlsx_file_response(self):
-        self.report_form = ProjectReportForm(self.request.POST)
-        if not self.report_form.is_valid():
-            return HttpResponseRedirect(self.success_url)
+    @staticmethod
+    def get_project_queryset(selected_project_ids=None, action_form=None):
+        """
+        Return the Project QuerySet from the user selection.
 
-        return super().export_xlsx_file_response()
+        An instance of BaseProjectActionForm can be provided as the ``action_form``
+        argument for the support of ``select_across``.
+        """
+        if action_form:
+            select_across = action_form.cleaned_data.get("select_across")
+            # url_query may be empty for a "select everything"
+            url_query = action_form.cleaned_data.get("url_query", "")
+            if select_across:
+                project_filterset = ProjectFilterSet(data=QueryDict(url_query))
+                if project_filterset.is_valid():
+                    return project_filterset.qs
+
+        if selected_project_ids:
+            return Project.objects.filter(uuid__in=selected_project_ids)
 
-    def get_projects_queryset(self):
-        return Project.objects.filter(pk__in=self.selected_project_ids)
+        raise Http404
 
     def get_export_xlsx_queryset(self):
-        model_name = self.report_form.cleaned_data["model_name"]
+        model_name = self.action_form.cleaned_data["model_name"]
         queryset = output.get_queryset(project=None, model_name=model_name)
-        projects = self.get_projects_queryset()
-        return queryset.filter(project__in=projects)
+        return queryset.filter(project__in=self.project_qs)
 
     def get_export_xlsx_prepend_fields(self):
         return ["project"]
 
     def get_export_xlsx_worksheet_name(self):
-        if self.report_form.cleaned_data.get("model_name") == "todo":
+        if self.action_form.cleaned_data.get("model_name") == "todo":
             return "TODOS"
 
     def get_export_xlsx_filename(self):
         return "report.xlsx"
 
-    def download_outputs_zip_response(self):
-        outputs_download_form = ProjectOutputDownloadForm(self.request.POST)
-        if not outputs_download_form.is_valid():
-            return HttpResponseRedirect(self.success_url)
-
-        output_format = outputs_download_form.cleaned_data["output_format"]
+    @staticmethod
+    def download_outputs_zip_response(project_qs, action_form):
+        output_format = action_form.cleaned_data["output_format"]
         output_function = output.FORMAT_TO_FUNCTION_MAPPING.get(output_format)
-        projects = self.get_projects_queryset()
 
         # In-memory file storage for the zip archive
         zip_buffer = io.BytesIO()
         with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zip_file:
-            for project in projects:
+            for project in project_qs:
                 output_file = output_function(project)
                 filename = output.safe_filename(f"{project.name}_{output_file.name}")
                 with open(output_file, "rb") as f:
@@ -1278,23 +1324,6 @@ def download_outputs_zip_response(self):
         )
 
 
-class ProjectResetView(ConditionalLoginRequired, generic.DeleteView):
-    model = Project
-    success_message = 'All data, except inputs, for the "{}" project have been removed.'
-
-    def form_valid(self, form):
-        """Call the reset() method on the project."""
-        project = self.get_object()
-        try:
-            project.reset(keep_input=True)
-        except RunInProgressError as error:
-            messages.error(self.request, error)
-        else:
-            messages.success(self.request, self.success_message.format(project.name))
-
-        return redirect(project)
-
-
 class HTTPResponseHXRedirect(HttpResponseRedirect):
     status_code = 200
 

From 70deb200d7cdcb20b3a2b2e7cef4faebe68980b5 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Tue, 21 Jan 2025 20:44:26 +0900
Subject: [PATCH 05/18] Refine the map_java_to_class implementation #1552
 (#1554)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/pipes/d2d.py            | 27 +++++++++++++++++----------
 scanpipe/tests/pipes/test_d2d.py |  4 ++--
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/scanpipe/pipes/d2d.py b/scanpipe/pipes/d2d.py
index fb44d447a..a7e46fad5 100644
--- a/scanpipe/pipes/d2d.py
+++ b/scanpipe/pipes/d2d.py
@@ -192,15 +192,25 @@ def map_java_to_class(project, logger=None):
     to_resources = project_files.to_codebase().has_no_relation()
 
     to_resources_dot_class = to_resources.filter(extension=".class")
-    resource_count = to_resources_dot_class.count()
-    if logger:
-        logger(f"Mapping {resource_count:,d} .class resources to .java")
+    from_resources_dot_java = (
+        from_resources.filter(extension=".java")
+        # The "java_package" extra_data value is set during the `find_java_packages`,
+        # it is required to build the index.
+        .filter(extra_data__java_package__isnull=False)
+    )
+    to_resource_count = to_resources_dot_class.count()
+    from_resource_count = from_resources_dot_java.count()
 
-    from_resources_dot_java = from_resources.filter(extension=".java")
-    if not from_resources_dot_java.exists():
+    if not from_resource_count:
         logger("No .java resources to map.")
         return
 
+    if logger:
+        logger(
+            f"Mapping {to_resource_count:,d} .class resources to "
+            f"{from_resource_count:,d} .java"
+        )
+
     # build an index using from-side Java fully qualified class file names
     # built from the "java_package" and file name
     indexables = get_indexable_qualified_java_paths(from_resources_dot_java)
@@ -209,7 +219,7 @@ def map_java_to_class(project, logger=None):
     from_classes_index = pathmap.build_index(indexables, with_subpaths=False)
 
     resource_iterator = to_resources_dot_class.iterator(chunk_size=2000)
-    progress = LoopProgress(resource_count, logger)
+    progress = LoopProgress(to_resource_count, logger)
 
     for to_resource in progress.iter(resource_iterator):
         _map_java_to_class_resource(to_resource, from_resources, from_classes_index)
@@ -228,11 +238,8 @@ def get_indexable_qualified_java_paths_from_values(resource_values):
         (123, "org/apache/commons/LoggerImpl.java")
     """
     for resource_id, resource_name, resource_extra_data in resource_values:
-        java_package = resource_extra_data and resource_extra_data.get("java_package")
-        if not java_package:
-            continue
         fully_qualified = jvm.get_fully_qualified_java_path(
-            java_package,
+            java_package=resource_extra_data.get("java_package"),
             filename=resource_name,
         )
         yield resource_id, fully_qualified
diff --git a/scanpipe/tests/pipes/test_d2d.py b/scanpipe/tests/pipes/test_d2d.py
index eb2a93956..02be2160e 100644
--- a/scanpipe/tests/pipes/test_d2d.py
+++ b/scanpipe/tests/pipes/test_d2d.py
@@ -365,7 +365,7 @@ def test_scanpipe_pipes_d2d_map_java_to_class(self):
         buffer = io.StringIO()
         d2d.map_java_to_class(self.project1, logger=buffer.write)
 
-        expected = "Mapping 3 .class resources to .java"
+        expected = "Mapping 3 .class resources to 2 .java"
         self.assertIn(expected, buffer.getvalue())
 
         self.assertEqual(2, self.project1.codebaserelations.count())
@@ -390,7 +390,7 @@ def test_scanpipe_pipes_d2d_map_java_to_class_no_java(self):
         make_resource_file(self.project1, path="to/Abstract.class")
         buffer = io.StringIO()
         d2d.map_java_to_class(self.project1, logger=buffer.write)
-        expected = "Mapping 1 .class resources to .java" "No .java resources to map."
+        expected = "No .java resources to map."
         self.assertIn(expected, buffer.getvalue())
 
     def test_scanpipe_pipes_d2d_map_jar_to_source(self):

From 1275d0795b0a092d89b6425530c6506465626082 Mon Sep 17 00:00:00 2001
From: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
Date: Tue, 21 Jan 2025 13:04:32 +0100
Subject: [PATCH 06/18] Ignore large data files and bump scancode-toolkit
 (#1508)

* Ignore scanning large data files

Ignore scanning large data files which are larger than 1 MB
to avoid crashing scans on memory spikes.
Also rollback https://github.com/aboutcode-org/scancode.io/pull/1504

Reference: https://github.com/aboutcode-org/scancode-toolkit/issues/3711
Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Bump scancode-toolkit to version v32.3.1

Also remove platform constraints from rust-inspector and
go-inspector.

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Increase size limit to skip scanning data file

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add a scancodeio setting SCANCODEIO_SCAN_MAX_FILE_SIZE

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Use scancode with conda bugfix

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Address feedback

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Bump scancode-toolkit to v32.3.2

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add scan_max_file_size to project settings

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Update CHANGELOG and docs on project settings

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

* Add scan_max_file_size to project settings UI

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>

---------

Signed-off-by: Ayan Sinha Mahapatra <ayansmahapatra@gmail.com>
Co-authored-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                                 | 10 ++++++
 docs/application-settings.rst                 | 12 +++++++
 docs/project-configuration.rst                | 19 ++++++++++
 scancodeio/settings.py                        |  3 ++
 scanpipe/forms.py                             | 10 ++++++
 scanpipe/models.py                            | 10 ++++++
 scanpipe/pipes/flag.py                        | 15 ++++++++
 scanpipe/pipes/scancode.py                    | 35 +++++++++++++------
 .../templates/scanpipe/project_settings.html  | 12 +++++++
 .../openpdf-parent-1.3.11_scan_package.json   |  2 +-
 .../scancode/is-npm-1.0.0_scan_package.json   |  2 +-
 .../multiple-is-npm-1.0.0_scan_package.json   |  2 +-
 scanpipe/tests/pipes/test_scancode.py         | 17 +++++++++
 scanpipe/tests/test_forms.py                  |  2 ++
 setup.cfg                                     |  6 ++--
 15 files changed, 141 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index d813ead9a..d69112bf4 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -58,6 +58,16 @@ v34.9.4 (unreleased)
   checkbox on paginated list.
   https://github.com/aboutcode-org/scancode.io/issues/1524
 
+- Update scancode-toolkit to v32.3.2. See CHANGELOG for updates:
+  https://github.com/aboutcode-org/scancode-toolkit/releases/tag/v32.3.2
+  https://github.com/aboutcode-org/scancode-toolkit/releases/tag/v32.3.1
+
+- Adds  a project settings ``scan_max_file_size`` and a scancode.io settings field
+  ``SCANCODEIO_SCAN_MAX_FILE_SIZE`` to skip scanning files above a certain
+  file size (in bytes) as a temporary fix for large memory spikes while
+  scanning for licenses in certain large files.
+  https://github.com/aboutcode-org/scancode-toolkit/issues/3711
+
 v34.9.3 (2024-12-31)
 --------------------
 
diff --git a/docs/application-settings.rst b/docs/application-settings.rst
index 56d939bec..17528a736 100644
--- a/docs/application-settings.rst
+++ b/docs/application-settings.rst
@@ -165,6 +165,18 @@ The value unit is second and is defined as an integer::
 
 Default: ``120`` (2 minutes)
 
+SCANCODEIO_SCAN_MAX_FILE_SIZE
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Maximum file size allowed for a file to be scanned when scanning a codebase.
+
+The value unit is bytes and is defined as an integer, see the following
+example of setting this at 5 MB::
+
+    SCANCODEIO_SCAN_MAX_FILE_SIZE=5242880
+
+Default: ``None`` (all files will be scanned)
+
 .. _scancodeio_settings_pipelines_dirs:
 
 SCANCODEIO_PIPELINES_DIRS
diff --git a/docs/project-configuration.rst b/docs/project-configuration.rst
index b41a55644..e7031d4f7 100644
--- a/docs/project-configuration.rst
+++ b/docs/project-configuration.rst
@@ -54,6 +54,7 @@ Content of a ``scancode-config.yml`` file:
     ignored_patterns:
      - '*.tmp'
      - 'tests/*'
+    scan_max_file_size: 5242880
     ignored_dependency_scopes:
      - package_type: npm
        scope: devDependencies
@@ -86,6 +87,24 @@ product_version
 
 The product version of this project, as specified within the DejaCode application.
 
+scan_max_file_size
+^^^^^^^^^^^^^^^^^^
+
+Maximum file size allowed for a file to be scanned when scanning a codebase.
+
+The value unit is bytes and is defined as an integer, see the following
+example of setting this at 5 MB::
+
+    scan_max_file_size=5242880
+
+Default is ``None``, in which case all files will be scanned.
+
+.. note::
+    This is the same as the scancodeio setting ``SCANCODEIO_SCAN_MAX_FILE_SIZE``
+    set using the .env file, and the project setting ``scan_max_file_size`` takes
+    precedence over the scancodeio setting ``SCANCODEIO_SCAN_MAX_FILE_SIZE``.
+
+
 ignored_patterns
 ^^^^^^^^^^^^^^^^
 
diff --git a/scancodeio/settings.py b/scancodeio/settings.py
index 517e8e613..7d09c9fa2 100644
--- a/scancodeio/settings.py
+++ b/scancodeio/settings.py
@@ -100,6 +100,9 @@
 # Default to 2 minutes.
 SCANCODEIO_SCAN_FILE_TIMEOUT = env.int("SCANCODEIO_SCAN_FILE_TIMEOUT", default=120)
 
+# Default to None which scans all files
+SCANCODEIO_SCAN_MAX_FILE_SIZE = env.int("SCANCODEIO_SCAN_MAX_FILE_SIZE", default=None)
+
 # List views pagination, controls the number of items displayed per page.
 # Syntax in .env: SCANCODEIO_PAGINATE_BY=project=10,project_error=10
 SCANCODEIO_PAGINATE_BY = env.dict(
diff --git a/scanpipe/forms.py b/scanpipe/forms.py
index 94ce46428..c10350590 100644
--- a/scanpipe/forms.py
+++ b/scanpipe/forms.py
@@ -437,6 +437,7 @@ class ProjectSettingsForm(forms.ModelForm):
         "ignored_vulnerabilities",
         "policies",
         "attribution_template",
+        "scan_max_file_size",
         "product_name",
         "product_version",
     ]
@@ -511,6 +512,15 @@ class ProjectSettingsForm(forms.ModelForm):
         ),
         widget=forms.Textarea(attrs={"class": "textarea is-dynamic", "rows": 3}),
     )
+    scan_max_file_size = forms.IntegerField(
+        label="Max file size to scan",
+        required=False,
+        help_text=(
+            "Maximum file size in bytes which should be skipped from scanning."
+            "File size is in bytes. Example: 5 MB is 5242880 bytes."
+        ),
+        widget=forms.NumberInput(attrs={"class": "input"}),
+    )
     product_name = forms.CharField(
         label="Product name",
         required=False,
diff --git a/scanpipe/models.py b/scanpipe/models.py
index 02d8a8e6d..d5d43ed4b 100644
--- a/scanpipe/models.py
+++ b/scanpipe/models.py
@@ -920,6 +920,16 @@ def get_ignored_dependency_scopes_index(self):
 
         return dict(ignored_scope_index)
 
+    @cached_property
+    def get_scan_max_file_size(self):
+        """
+        Return a the ``scan_max_file_size`` settings value defined in this
+        Project env.
+        """
+        scan_max_file_size = self.get_env(field_name="scan_max_file_size")
+        if scan_max_file_size:
+            return scan_max_file_size
+
     @cached_property
     def ignored_dependency_scopes_index(self):
         """
diff --git a/scanpipe/pipes/flag.py b/scanpipe/pipes/flag.py
index 89a99ef85..814ba8d7a 100644
--- a/scanpipe/pipes/flag.py
+++ b/scanpipe/pipes/flag.py
@@ -20,6 +20,7 @@
 # ScanCode.io is a free software code scanning tool from nexB Inc. and others.
 # Visit https://github.com/aboutcode-org/scancode.io for support and download.
 
+
 NO_STATUS = ""
 
 SCANNED = "scanned"
@@ -43,6 +44,7 @@
 IGNORED_DEFAULT_IGNORES = "ignored-default-ignores"
 IGNORED_DATA_FILE_NO_CLUES = "ignored-data-file-no-clues"
 IGNORED_DOC_FILE = "ignored-doc-file"
+IGNORED_BY_MAX_FILE_SIZE = "ignored-by-max-file-size"
 
 COMPLIANCE_LICENSES = "compliance-licenses"
 COMPLIANCE_SOURCEMIRROR = "compliance-sourcemirror"
@@ -102,6 +104,19 @@ def flag_ignored_patterns(project, patterns):
     return update_count
 
 
+def flag_and_ignore_files_over_max_size(resource_qs, file_size_limit):
+    """
+    Flag codebase resources which are over the max file size for scanning
+    and return all other files within the file size limit.
+    """
+    if not file_size_limit:
+        return resource_qs
+
+    return resource_qs.filter(size__gte=file_size_limit).update(
+        status=IGNORED_BY_MAX_FILE_SIZE
+    )
+
+
 def analyze_scanned_files(project):
     """Set the status for CodebaseResource to unknown or no license."""
     scanned_files = project.codebaseresources.files().status(SCANNED)
diff --git a/scanpipe/pipes/scancode.py b/scanpipe/pipes/scancode.py
index 611f2d3b4..13468fd50 100644
--- a/scanpipe/pipes/scancode.py
+++ b/scanpipe/pipes/scancode.py
@@ -34,6 +34,7 @@
 from django.apps import apps
 from django.conf import settings
 from django.db.models import ObjectDoesNotExist
+from django.db.models import Q
 
 from commoncode import fileutils
 from commoncode.resource import VirtualCodebase
@@ -58,6 +59,7 @@
 Utilities to deal with ScanCode toolkit features and objects.
 """
 
+
 scanpipe_app = apps.get_app_config("scanpipe")
 
 
@@ -291,6 +293,7 @@ def scan_resources(
     save_func,
     scan_func_kwargs=None,
     progress_logger=None,
+    file_size_limit=None,
 ):
     """
     Run the `scan_func` on the codebase resources of the provided `resource_qs`.
@@ -310,9 +313,21 @@ def scan_resources(
     if not scan_func_kwargs:
         scan_func_kwargs = {}
 
-    resource_count = resource_qs.count()
+    # Skip scannning files larger than the specified max size
+    skipped_files_max_size = flag.flag_and_ignore_files_over_max_size(
+        resource_qs=resource_qs,
+        file_size_limit=file_size_limit,
+    )
+    if file_size_limit and skipped_files_max_size:
+        logger.info(
+            f"Skipped {skipped_files_max_size} files over the size of {file_size_limit}"
+        )
+
+    scan_resource_qs = resource_qs.filter(~Q(status=flag.IGNORED_BY_MAX_FILE_SIZE))
+
+    resource_count = scan_resource_qs.count()
     logger.info(f"Scan {resource_count} codebase resources with {scan_func.__name__}")
-    resource_iterator = resource_qs.iterator(chunk_size=2000)
+    resource_iterator = scan_resource_qs.iterator(chunk_size=2000)
     progress = LoopProgress(resource_count, logger=progress_logger)
     max_workers = get_max_workers(keep_available=1)
 
@@ -350,14 +365,7 @@ def scan_resources(
                     "Please ensure that there is at least 2 GB of available memory per "
                     "CPU core for successful execution."
                 )
-
-                resource.project.add_error(
-                    exception=broken_pool_error,
-                    model="scan_resources",
-                    description=message,
-                    object_instance=resource,
-                )
-                continue
+                raise broken_pool_error from InsufficientResourcesError(message)
 
             save_func(resource, scan_results, scan_errors)
 
@@ -374,11 +382,18 @@ def scan_for_files(project, resource_qs=None, progress_logger=None):
     if resource_qs is None:
         resource_qs = project.codebaseresources.no_status()
 
+    # Get max file size limit set in project settings, or alternatively
+    # get it from scancodeio settings
+    file_size_limit = project.get_scan_max_file_size
+    if not file_size_limit:
+        file_size_limit = settings.SCANCODEIO_SCAN_MAX_FILE_SIZE
+
     scan_resources(
         resource_qs=resource_qs,
         scan_func=scan_file,
         save_func=save_scan_file_results,
         progress_logger=progress_logger,
+        file_size_limit=file_size_limit,
     )
 
 
diff --git a/scanpipe/templates/scanpipe/project_settings.html b/scanpipe/templates/scanpipe/project_settings.html
index 9bc32b230..562eeeaf3 100644
--- a/scanpipe/templates/scanpipe/project_settings.html
+++ b/scanpipe/templates/scanpipe/project_settings.html
@@ -114,6 +114,18 @@
                   </div>
                 </div>
 
+                <div class="field">
+                  <label class="label" for="{{ form.scan_max_file_size.id_for_label }}">
+                    {{ form.scan_max_file_size.label }}
+                  </label>
+                  <div class="control">
+                    {{ form.scan_max_file_size }}
+                  </div>
+                  <div class="help">
+                    {{ form.scan_max_file_size.help_text|safe|linebreaksbr }}
+                  </div>
+                </div>
+
                 <div class="field">
                   <label class="label" for="{{ form.ignored_dependency_scopes.id_for_label }}">
                     {{ form.ignored_dependency_scopes.label }}
diff --git a/scanpipe/tests/data/manifests/openpdf-parent-1.3.11_scan_package.json b/scanpipe/tests/data/manifests/openpdf-parent-1.3.11_scan_package.json
index 5db7295b7..b8ff95d88 100644
--- a/scanpipe/tests/data/manifests/openpdf-parent-1.3.11_scan_package.json
+++ b/scanpipe/tests/data/manifests/openpdf-parent-1.3.11_scan_package.json
@@ -19,7 +19,7 @@
       "errors": [],
       "warnings": [],
       "extra_data": {
-        "spdx_license_list_version": "3.25",
+        "spdx_license_list_version": "3.26",
         "files_count": 1
       }
     }
diff --git a/scanpipe/tests/data/scancode/is-npm-1.0.0_scan_package.json b/scanpipe/tests/data/scancode/is-npm-1.0.0_scan_package.json
index 3081eadbd..24c18299c 100644
--- a/scanpipe/tests/data/scancode/is-npm-1.0.0_scan_package.json
+++ b/scanpipe/tests/data/scancode/is-npm-1.0.0_scan_package.json
@@ -19,7 +19,7 @@
       "errors": [],
       "warnings": [],
       "extra_data": {
-        "spdx_license_list_version": "3.25",
+        "spdx_license_list_version": "3.26",
         "files_count": 3
       }
     }
diff --git a/scanpipe/tests/data/scancode/multiple-is-npm-1.0.0_scan_package.json b/scanpipe/tests/data/scancode/multiple-is-npm-1.0.0_scan_package.json
index c560a27e6..6ed69bf23 100644
--- a/scanpipe/tests/data/scancode/multiple-is-npm-1.0.0_scan_package.json
+++ b/scanpipe/tests/data/scancode/multiple-is-npm-1.0.0_scan_package.json
@@ -19,7 +19,7 @@
       "errors": [],
       "warnings": [],
       "extra_data": {
-        "spdx_license_list_version": "3.25",
+        "spdx_license_list_version": "3.26",
         "files_count": 6
       }
     }
diff --git a/scanpipe/tests/pipes/test_scancode.py b/scanpipe/tests/pipes/test_scancode.py
index 775e80bac..e15667443 100644
--- a/scanpipe/tests/pipes/test_scancode.py
+++ b/scanpipe/tests/pipes/test_scancode.py
@@ -42,6 +42,7 @@
 from scanpipe.models import DiscoveredPackage
 from scanpipe.models import Project
 from scanpipe.pipes import collect_and_create_codebase_resources
+from scanpipe.pipes import flag
 from scanpipe.pipes import input
 from scanpipe.pipes import scancode
 from scanpipe.pipes.input import copy_input
@@ -445,6 +446,22 @@ def test_scanpipe_pipes_scancode_run_scan_args(self, mock_run_scan):
             run_scan_kwargs = mock_run_scan.call_args.kwargs
             self.assertEqual(expected_processes, run_scan_kwargs.get("processes"))
 
+    def test_scanpipe_max_file_size_works(self):
+        with override_settings(SCANCODEIO_SCAN_MAX_FILE_SIZE=10000):
+            project1 = Project.objects.create(name="Analysis")
+            input_location = self.data / "d2d-rust" / "to-trustier-binary-linux.tar.gz"
+            project1.copy_input_from(input_location)
+
+            run = project1.add_pipeline("scan_codebase")
+            pipeline = run.make_pipeline_instance()
+
+            exitcode, out = pipeline.execute()
+            self.assertEqual(0, exitcode, msg=out)
+            resource1 = project1.codebaseresources.get(
+                path="to-trustier-binary-linux.tar.gz-extract/trustier"
+            )
+            self.assertEqual(resource1.status, flag.IGNORED_BY_MAX_FILE_SIZE)
+
     def test_scanpipe_pipes_scancode_make_results_summary(self, regen=FIXTURES_REGEN):
         # Ensure the policies index is empty to avoid any side effect on results
         scanpipe_app.license_policies_index = None
diff --git a/scanpipe/tests/test_forms.py b/scanpipe/tests/test_forms.py
index b46e312b8..5d352ef0b 100644
--- a/scanpipe/tests/test_forms.py
+++ b/scanpipe/tests/test_forms.py
@@ -142,6 +142,7 @@ def test_scanpipe_forms_project_settings_form_update_project_settings(self):
             "ignored_vulnerabilities": None,
             "policies": "",
             "ignored_dependency_scopes": None,
+            "scan_max_file_size": None,
             "product_name": "",
             "product_version": "",
             "attribution_template": "",
@@ -194,6 +195,7 @@ def test_scanpipe_forms_project_settings_form_ignored_dependency_scopes(self):
                 {"package_type": "npm", "scope": "devDependencies"},
                 {"package_type": "pypi", "scope": "tests"},
             ],
+            "scan_max_file_size": None,
             "attribution_template": "",
             "policies": "",
             "product_name": "",
diff --git a/setup.cfg b/setup.cfg
index 751a619b2..e762a17b3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -72,7 +72,7 @@ install_requires =
     # Docker
     container-inspector==33.0.0
     # ScanCode-toolkit
-    scancode-toolkit[packages]==32.3.0
+    scancode-toolkit[packages]==32.3.2
     extractcode[full]==31.0.0
     commoncode==32.1.0
     packageurl-python==0.16.0
@@ -80,8 +80,8 @@ install_requires =
     fetchcode-container==1.2.3.210512; sys_platform == "linux"
     # Inspectors
     elf-inspector==0.0.1
-    go-inspector==0.5.0; sys_platform == "linux"
-    rust-inspector==0.1.0; sys_platform == "linux"
+    go-inspector==0.5.0
+    rust-inspector==0.1.0
     python-inspector==0.12.1
     source-inspector==0.5.1; sys_platform != "darwin" and platform_machine != "arm64"
     aboutcode-toolkit==11.0.0

From 8c5669fbc0854f51a2673cb0f60fe7bfcb3e432d Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Tue, 21 Jan 2025 21:06:39 +0900
Subject: [PATCH 07/18] Bump version for v34.9.4 release

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scancodeio/__init__.py | 2 +-
 setup.cfg              | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scancodeio/__init__.py b/scancodeio/__init__.py
index cbca3862f..1d211f7a3 100644
--- a/scancodeio/__init__.py
+++ b/scancodeio/__init__.py
@@ -28,7 +28,7 @@
 
 import git
 
-VERSION = "34.9.3"
+VERSION = "34.9.4"
 
 PROJECT_DIR = Path(__file__).resolve().parent
 ROOT_DIR = PROJECT_DIR.parent
diff --git a/setup.cfg b/setup.cfg
index e762a17b3..c4f3d29cb 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = scancodeio
-version = 34.9.3
+version = 34.9.4
 license = Apache-2.0
 description = Automate software composition analysis pipelines
 long_description = file:README.rst
@@ -157,7 +157,7 @@ scancodeio_pipelines =
 
 [bumpver]
 version_pattern = "MAJOR.MINOR.PATCH"
-current_version = "34.9.3"
+current_version = "34.9.4"
 
 [bumpver:file_patterns]
 setup.cfg =

From ecdb701ff0c1a29a05f36dcd1d24620eadd41bf8 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Tue, 21 Jan 2025 21:07:32 +0900
Subject: [PATCH 08/18] Update CHANGELOG.rst for v34.9.4 release

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index d69112bf4..370c2cd98 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,7 +1,10 @@
 Changelog
 =========
 
-v34.9.4 (unreleased)
+v34.9.5 (unreleased)
+--------------------
+
+v34.9.4 (2025-01-21)
 --------------------
 
 - Improve Project list page navigation.

From ec2ca285ef09d60e0eae81509a97ff40cb93bf90 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:04:31 +0900
Subject: [PATCH 09/18] Upgrade dependencies to latest versions (#1557)

* Upgrade dependencies to latest versions

Signed-off-by: tdruez <tdruez@nexb.com>

* Run Ruff linter validation

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/management/commands/__init__.py         |  2 +-
 scanpipe/management/commands/check-compliance.py |  3 +--
 scanpipe/management/commands/output.py           |  3 +--
 scanpipe/pipelines/publish_to_federatedcode.py   |  3 +--
 scanpipe/pipes/d2d.py                            |  4 +---
 scanpipe/pipes/federatedcode.py                  |  2 +-
 scanpipe/pipes/matchcode.py                      |  2 +-
 scanpipe/pipes/purldb.py                         |  6 ++----
 scanpipe/pipes/symbolmap.py                      |  2 +-
 scanpipe/pipes/vulnerablecode.py                 |  2 +-
 scanpipe/tests/pipes/test_codebase.py            |  3 +--
 scanpipe/tests/pipes/test_d2d.py                 |  4 ++--
 scanpipe/tests/test_models.py                    |  3 +--
 setup.cfg                                        | 16 ++++++++--------
 14 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/scanpipe/management/commands/__init__.py b/scanpipe/management/commands/__init__.py
index 3bfb0aab5..805e6dcf1 100644
--- a/scanpipe/management/commands/__init__.py
+++ b/scanpipe/management/commands/__init__.py
@@ -427,7 +427,7 @@ def execute_project(project, run_async=False, command=None):  # noqa: C901
         msg = f"Error during {run.pipeline_name} execution:\n{run.task_output}"
         raise CommandError(msg)
     elif verbosity > 0:
-        msg = f"{run.pipeline_name} successfully executed on " f"project {project}"
+        msg = f"{run.pipeline_name} successfully executed on project {project}"
         command.stdout.write(msg, command.style.SUCCESS)
 
 
diff --git a/scanpipe/management/commands/check-compliance.py b/scanpipe/management/commands/check-compliance.py
index 199af6402..7af6bf6f8 100644
--- a/scanpipe/management/commands/check-compliance.py
+++ b/scanpipe/management/commands/check-compliance.py
@@ -61,8 +61,7 @@ def handle(self, *args, **options):
 
         if self.verbosity > 0:
             msg = [
-                f"{compliance_alerts_count} compliance issues detected on "
-                f"this project."
+                f"{compliance_alerts_count} compliance issues detected on this project."
             ]
             for label, issues in compliance_alerts.items():
                 msg.append(f"[{label}]")
diff --git a/scanpipe/management/commands/output.py b/scanpipe/management/commands/output.py
index beb475006..5e6f3e74c 100644
--- a/scanpipe/management/commands/output.py
+++ b/scanpipe/management/commands/output.py
@@ -73,8 +73,7 @@ def handle_output(self, output_format):
             output_format, version = output_format.split(":", maxsplit=1)
             if output_format != "cyclonedx":
                 raise CommandError(
-                    'The ":" version syntax is only supported for the cyclonedx '
-                    "format."
+                    'The ":" version syntax is only supported for the cyclonedx format.'
                 )
             output_kwargs["version"] = version
 
diff --git a/scanpipe/pipelines/publish_to_federatedcode.py b/scanpipe/pipelines/publish_to_federatedcode.py
index b3dc6cf7b..648193d9e 100644
--- a/scanpipe/pipelines/publish_to_federatedcode.py
+++ b/scanpipe/pipelines/publish_to_federatedcode.py
@@ -88,8 +88,7 @@ def commit_and_push_changes(self):
             logger=self.log,
         )
         self.log(
-            f"Scan result for '{self.project.purl}' "
-            f"pushed to '{self.package_git_repo}'"
+            f"Scan result for '{self.project.purl}' pushed to '{self.package_git_repo}'"
         )
 
     def delete_local_clone(self):
diff --git a/scanpipe/pipes/d2d.py b/scanpipe/pipes/d2d.py
index a7e46fad5..441f32ff7 100644
--- a/scanpipe/pipes/d2d.py
+++ b/scanpipe/pipes/d2d.py
@@ -1721,9 +1721,7 @@ def map_paths_resource(
             f"{', '.join(map_types)} for: {to_resource.path!r}"
         )
     else:
-        logger(
-            f"No mappings using {', '.join(map_types)} for: " f"{to_resource.path!r}"
-        )
+        logger(f"No mappings using {', '.join(map_types)} for: {to_resource.path!r}")
 
 
 def process_paths_in_binary(
diff --git a/scanpipe/pipes/federatedcode.py b/scanpipe/pipes/federatedcode.py
index 485a4091a..3221acf9b 100644
--- a/scanpipe/pipes/federatedcode.py
+++ b/scanpipe/pipes/federatedcode.py
@@ -73,7 +73,7 @@ def get_package_repository(project_purl, logger=None):
     """Return the Git repository URL and scan path for a given package."""
     project_package_url = PackageURL.from_string(project_purl)
 
-    git_account_url = f'{settings.FEDERATEDCODE_GIT_ACCOUNT_URL.rstrip("/")}/'
+    git_account_url = f"{settings.FEDERATEDCODE_GIT_ACCOUNT_URL.rstrip('/')}/"
     package_base_dir = hashid.get_package_base_dir(purl=project_purl)
     package_repo_name = package_base_dir.parts[0]
 
diff --git a/scanpipe/pipes/matchcode.py b/scanpipe/pipes/matchcode.py
index 61b724a02..1ad02899d 100644
--- a/scanpipe/pipes/matchcode.py
+++ b/scanpipe/pipes/matchcode.py
@@ -50,7 +50,7 @@ class MatchCodeIOException(Exception):
 MATCHCODEIO_API_URL = None
 MATCHCODEIO_URL = settings.MATCHCODEIO_URL
 if MATCHCODEIO_URL:
-    MATCHCODEIO_API_URL = f'{MATCHCODEIO_URL.rstrip("/")}/api/'
+    MATCHCODEIO_API_URL = f"{MATCHCODEIO_URL.rstrip('/')}/api/"
 
 # Basic Authentication
 MATCHCODEIO_USER = settings.MATCHCODEIO_USER
diff --git a/scanpipe/pipes/purldb.py b/scanpipe/pipes/purldb.py
index 8434e3536..81aac11c3 100644
--- a/scanpipe/pipes/purldb.py
+++ b/scanpipe/pipes/purldb.py
@@ -50,7 +50,7 @@ class PurlDBException(Exception):
 PURLDB_API_URL = None
 PURLDB_URL = settings.PURLDB_URL
 if PURLDB_URL:
-    PURLDB_API_URL = f'{PURLDB_URL.rstrip("/")}/api/'
+    PURLDB_API_URL = f"{PURLDB_URL.rstrip('/')}/api/"
 
 # Basic Authentication
 PURLDB_USER = settings.PURLDB_USER
@@ -368,9 +368,7 @@ def populate_purldb_with_discovered_dependencies(project, logger=logger.info):
     """Add DiscoveredDependency to PurlDB."""
     packages = [{"purl": purl} for purl in get_unique_resolved_purls(project)]
 
-    logger(
-        f"Populating PurlDB with {len(packages):,d} " "PURLs from DiscoveredDependency"
-    )
+    logger(f"Populating PurlDB with {len(packages):,d} PURLs from DiscoveredDependency")
     feed_purldb(
         packages=packages,
         chunk_size=100,
diff --git a/scanpipe/pipes/symbolmap.py b/scanpipe/pipes/symbolmap.py
index 346a698f1..42d50dadd 100644
--- a/scanpipe/pipes/symbolmap.py
+++ b/scanpipe/pipes/symbolmap.py
@@ -90,7 +90,7 @@ def map_resources_with_symbols(
             )
 
     elif logger:
-        logger(f"No mappings using {map_type} for: " f"{to_resource.path!r}")
+        logger(f"No mappings using {map_type} for: {to_resource.path!r}")
 
 
 def match_source_symbols_to_binary(source_symbols, binary_symbols):
diff --git a/scanpipe/pipes/vulnerablecode.py b/scanpipe/pipes/vulnerablecode.py
index 385309766..c7b9cb882 100644
--- a/scanpipe/pipes/vulnerablecode.py
+++ b/scanpipe/pipes/vulnerablecode.py
@@ -35,7 +35,7 @@
 VULNERABLECODE_API_URL = None
 VULNERABLECODE_URL = settings.VULNERABLECODE_URL
 if VULNERABLECODE_URL:
-    VULNERABLECODE_API_URL = f'{VULNERABLECODE_URL.rstrip("/")}/api/'
+    VULNERABLECODE_API_URL = f"{VULNERABLECODE_URL.rstrip('/')}/api/"
 
 # Basic Authentication
 VULNERABLECODE_USER = settings.VULNERABLECODE_USER
diff --git a/scanpipe/tests/pipes/test_codebase.py b/scanpipe/tests/pipes/test_codebase.py
index adfa096d1..9dea648a9 100644
--- a/scanpipe/tests/pipes/test_codebase.py
+++ b/scanpipe/tests/pipes/test_codebase.py
@@ -173,8 +173,7 @@ def test_scanpipe_pipes_codebase_get_basic_virtual_codebase(self):
             "virtual_root/asgiref-3.3.0-py3-none-any.whl",
             "virtual_root/asgiref-3.3.0-py3-none-any.whl-extract",
             "virtual_root/asgiref-3.3.0-py3-none-any.whl-extract/asgiref",
-            "virtual_root/"
-            "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/__init__.py",
+            "virtual_root/asgiref-3.3.0-py3-none-any.whl-extract/asgiref/__init__.py",
             "virtual_root/"
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/compatibility.py",
             "virtual_root/"
diff --git a/scanpipe/tests/pipes/test_d2d.py b/scanpipe/tests/pipes/test_d2d.py
index 02be2160e..f2d99ad8a 100644
--- a/scanpipe/tests/pipes/test_d2d.py
+++ b/scanpipe/tests/pipes/test_d2d.py
@@ -222,7 +222,7 @@ def test_scanpipe_pipes_d2d_match_purldb_directories(self, mock_request_get):
         )
 
         expected = (
-            "Matching 1 directory from to/ in PurlDB" "1 directory matched in PurlDB"
+            "Matching 1 directory from to/ in PurlDB1 directory matched in PurlDB"
         )
         self.assertEqual(expected, buffer.getvalue())
 
@@ -1454,7 +1454,7 @@ def test_scanpipe_pipes_d2d_match_purldb_resources_post_process(self):
             logger=buffer.write,
         )
         expected = (
-            "Refining matching for 1 " f"{flag.MATCHED_TO_PURLDB_RESOURCE} archives."
+            f"Refining matching for 1 {flag.MATCHED_TO_PURLDB_RESOURCE} archives."
         )
         self.assertIn(expected, buffer.getvalue())
 
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
index 267f8e98f..9d73d64bc 100644
--- a/scanpipe/tests/test_models.py
+++ b/scanpipe/tests/test_models.py
@@ -1817,8 +1817,7 @@ def test_scanpipe_codebase_resource_descendants(self):
         expected = [
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/__init__.py",
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/compatibility.py",
-            "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/"
-            "current_thread_executor.py",
+            "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/current_thread_executor.py",
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/local.py",
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/server.py",
             "asgiref-3.3.0-py3-none-any.whl-extract/asgiref/sync.py",
diff --git a/setup.cfg b/setup.cfg
index c4f3d29cb..622f7839f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -49,22 +49,22 @@ packages=find:
 include_package_data = true
 zip_safe = false
 install_requires =
-    importlib-metadata==8.5.0
+    importlib-metadata==8.6.1
     setuptools==75.6.0
     # Django related
-    Django==5.1.4
-    django-environ==0.11.2
+    Django==5.1.5
+    django-environ==0.12.0
     django-crispy-forms==2.3
     crispy-bootstrap3==2024.1
     django-filter==24.3
     djangorestframework==3.15.2
     django-taggit==6.1.0
     # Database
-    psycopg[binary]==3.2.3
+    psycopg[binary]==3.2.4
     # wait_for_database Django management command
     django-probes==1.7.0
     # Task queue
-    rq==2.0.0
+    rq==2.1.0
     django-rq==3.0.0
     redis==5.2.1
     # WSGI server
@@ -89,7 +89,7 @@ install_requires =
     XlsxWriter==3.2.0
     openpyxl==3.1.5
     requests==2.32.3
-    gitpython==3.1.43
+    GitPython==3.1.44
     # Profiling
     pyinstrument==5.0.0
     # CycloneDX
@@ -112,10 +112,10 @@ install_requires =
 [options.extras_require]
 dev =
     # Validation
-    ruff==0.8.2
+    ruff==0.9.2
     doc8==1.1.2
     # Debug
-    django-debug-toolbar==4.4.6
+    django-debug-toolbar==5.0.1
     # Documentation
     Sphinx==8.1.3
     sphinx-rtd-theme==3.0.2

From 0297b40eedf883f880df9995147ad6c5fbd38af2 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Wed, 22 Jan 2025 17:31:51 +0900
Subject: [PATCH 10/18] Ignore the "__MACOSX" macOS metadata folder
 dejacode#229 (#1558)

https://github.com/aboutcode-org/dejacode/issues/229

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/pipes/flag.py            |  1 +
 scanpipe/tests/pipes/test_flag.py | 15 +++++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/scanpipe/pipes/flag.py b/scanpipe/pipes/flag.py
index 814ba8d7a..4487d3cfb 100644
--- a/scanpipe/pipes/flag.py
+++ b/scanpipe/pipes/flag.py
@@ -72,6 +72,7 @@
     "*/scancode-config.yml",
     "policies.yml",  # when located in the root dir
     "*/policies.yml",
+    "*/__MACOSX*",  # macOS metadata folder
 ]
 
 
diff --git a/scanpipe/tests/pipes/test_flag.py b/scanpipe/tests/pipes/test_flag.py
index 8bc318c8e..211f7c57a 100644
--- a/scanpipe/tests/pipes/test_flag.py
+++ b/scanpipe/tests/pipes/test_flag.py
@@ -26,6 +26,7 @@
 from scanpipe.models import CodebaseResource
 from scanpipe.models import Project
 from scanpipe.pipes import flag
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
 
 
@@ -89,6 +90,20 @@ def test_scanpipe_pipes_flag_flag_ignored_patterns(self):
         )
         self.assertEqual(3, updated)
 
+        project2 = make_project()
+        make_resource_file(project2, "a.cdx.json.zip-extract")
+        r1 = make_resource_file(project2, "a.cdx.json.zip-extract/__MACOSX")
+        r2 = make_resource_file(
+            project2, "a.cdx.json.zip-extract/__MACOSX/._a.cdx.json"
+        )
+        make_resource_file(project2, "a.cdx.json.zip-extract/a.cdx.json")
+        updated = flag.flag_ignored_patterns(project2, flag.DEFAULT_IGNORED_PATTERNS)
+        self.assertEqual(2, updated)
+        ignored_qs = project2.codebaseresources.status(flag.IGNORED_PATTERN)
+        self.assertEqual(2, ignored_qs.count())
+        self.assertIn(r1, ignored_qs)
+        self.assertIn(r2, ignored_qs)
+
     def test_scanpipe_pipes_flag_flag_not_analyzed_codebase_resources(self):
         resource1 = CodebaseResource.objects.create(
             project=self.project1, path="filename.ext"

From 84f4f99c49000d854d1e153cda2f9485c967f3ac Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Wed, 22 Jan 2025 22:49:32 +0900
Subject: [PATCH 11/18] 1524 report api (#1559)

* Use new tab for download and report action #1524

Signed-off-by: tdruez <tdruez@nexb.com>

* Refactor the XLSX report logic into a single function #1524

For re-usability: `get_xlsx_report`

Signed-off-by: tdruez <tdruez@nexb.com>

* Add unit test for get_xlsx_report #1524

Signed-off-by: tdruez <tdruez@nexb.com>

* Rename the --sheet option to --model #1524

Signed-off-by: tdruez <tdruez@nexb.com>

* Add support for the XLSX report in REST API #1524

Signed-off-by: tdruez <tdruez@nexb.com>

---------

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst                                 |  3 +
 docs/command-line-interface.rst               | 10 +--
 docs/rest-api.rst                             | 66 +++++++++++++++++++
 scanpipe/api/views.py                         | 41 ++++++++++++
 scanpipe/forms.py                             | 12 ++--
 scanpipe/management/commands/report.py        | 21 ++----
 scanpipe/pipes/output.py                      | 27 ++++++++
 .../modals/projects_download_modal.html       |  2 +-
 .../modals/projects_report_modal.html         |  2 +-
 scanpipe/tests/pipes/test_output.py           | 51 +++++++++++---
 scanpipe/tests/test_api.py                    | 63 ++++++++++++++++--
 scanpipe/tests/test_commands.py               |  8 +--
 scanpipe/tests/test_views.py                  |  9 ++-
 scanpipe/views.py                             | 44 +++++--------
 14 files changed, 281 insertions(+), 78 deletions(-)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 370c2cd98..c339ee8eb 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,6 +4,9 @@ Changelog
 v34.9.5 (unreleased)
 --------------------
 
+- Add support for the XLSX report in REST API.
+  https://github.com/aboutcode-org/scancode.io/issues/1524
+
 v34.9.4 (2025-01-21)
 --------------------
 
diff --git a/docs/command-line-interface.rst b/docs/command-line-interface.rst
index 28875183b..46701fe7a 100644
--- a/docs/command-line-interface.rst
+++ b/docs/command-line-interface.rst
@@ -396,15 +396,15 @@ your outputs on the host machine when running with Docker.
 
 .. _cli_report:
 
-`$ scanpipe report --sheet SHEET`
+`$ scanpipe report --model MODEL`
 ---------------------------------
 
 Generates an XLSX report of selected projects based on the provided criteria.
 
 Required arguments:
 
-- ``--sheet {package,dependency,resource,relation,message,todo}``
-  Specifies the sheet to include in the XLSX report. Available choices are based on
+- ``--model {package,dependency,resource,relation,message,todo}``
+  Specifies the model to include in the XLSX report. Available choices are based on
   predefined object types.
 
 Optional arguments:
@@ -428,12 +428,12 @@ Example usage:
 1. Generate a report for all projects tagged with "d2d" and include the **TODOS**
 worksheet::
 
-   $ scanpipe report --sheet todo --label d2d
+   $ scanpipe report --model todo --label d2d
 
 2. Generate a report for projects whose names contain the word "audit" and include the
 **PACKAGES** worksheet::
 
-   $ scanpipe report --sheet package --search audit
+   $ scanpipe report --model package --search audit
 
 .. _cli_check_compliance:
 
diff --git a/docs/rest-api.rst b/docs/rest-api.rst
index 75ec8cc1f..52b48b959 100644
--- a/docs/rest-api.rst
+++ b/docs/rest-api.rst
@@ -587,3 +587,69 @@ This action deletes a "not started" or "queued" pipeline run.
     {
         "status": "Pipeline pipeline_name deleted."
     }
+
+XLSX Report
+-----------
+
+Generates an XLSX report of selected projects based on the provided criteria.
+The model needs to be provided using the ``model`` query parameter.
+
+``GET /api/projects/?model=MODEL``
+
+Data:
+  - ``model``: ``package``, ``dependency``, ``resource``, ``relation``, ``message``,
+    ``todo``.
+
+**Any available filters can be applied** to **select the set of projects** you want to
+include in the report, such as a string contained in the name, or filter by labels:
+
+Example usage:
+
+1. Generate a report for all projects tagged with "d2d" and include the **TODOS**
+worksheet::
+
+    GET /api/projects/?model=todo&label=d2d
+
+
+2. Generate a report for projects whose names contain the word "audit" and include the
+**PACKAGES** worksheet::
+
+   GET /api/projects/?model=package&name__contains=audit
+
+
+XLSX Report
+-----------
+
+Generates an XLSX report for selected projects based on specified criteria. The
+``model`` query parameter is required to determine the type of data to include in the
+report.
+
+Endpoint:
+``GET /api/projects/report/?model=MODEL``
+
+Parameters:
+
+- ``model``: Defines the type of data to include in the report.
+  Accepted values: ``package``, ``dependency``, ``resource``, ``relation``, ``message``,
+  ``todo``.
+
+.. note::
+
+   You can apply any available filters to select the projects to include in the
+   report. Filters can be based on project attributes, such as a substring in the
+   name or specific labels.
+
+Example Usage:
+
+1. Generate a report for projects tagged with "d2d" and include the ``TODOS`` worksheet:
+
+   .. code-block::
+
+      GET /api/projects/report/?model=todo&label=d2d
+
+2. Generate a report for projects whose names contain "audit" and include the
+   ``PACKAGES`` worksheet:
+
+   .. code-block::
+
+      GET /api/projects/report/?model=package&name__contains=audit
diff --git a/scanpipe/api/views.py b/scanpipe/api/views.py
index 77803eb28..dbf150a86 100644
--- a/scanpipe/api/views.py
+++ b/scanpipe/api/views.py
@@ -52,6 +52,7 @@
 from scanpipe.models import Project
 from scanpipe.models import Run
 from scanpipe.models import RunInProgressError
+from scanpipe.pipes import filename_now
 from scanpipe.pipes import output
 from scanpipe.pipes.compliance import get_project_compliance_alerts
 from scanpipe.views import project_results_json_response
@@ -79,6 +80,11 @@ class ProjectFilterSet(django_filters.rest_framework.FilterSet):
         method="filter_names",
     )
     uuid = django_filters.CharFilter()
+    label = django_filters.CharFilter(
+        label="Label",
+        field_name="labels__slug",
+        distinct=True,
+    )
 
     class Meta:
         model = Project
@@ -90,6 +96,7 @@ class Meta:
             "names",
             "uuid",
             "is_archived",
+            "label",
         ]
 
     def filter_names(self, qs, name, value):
@@ -195,6 +202,40 @@ def pipelines(self, request, *args, **kwargs):
         ]
         return Response(pipeline_data)
 
+    @action(detail=False)
+    def report(self, request, *args, **kwargs):
+        project_qs = self.filter_queryset(self.get_queryset())
+
+        model_choices = list(output.object_type_to_model_name.keys())
+        model = request.GET.get("model")
+        if not model:
+            message = {
+                "error": (
+                    "Specifies the model to include in the XLSX report. "
+                    "Using: ?model=MODEL"
+                ),
+                "choices": ", ".join(model_choices),
+            }
+            return Response(message, status=status.HTTP_400_BAD_REQUEST)
+
+        if model not in model_choices:
+            message = {
+                "error": f"{model} is not on of the valid choices",
+                "choices": ", ".join(model_choices),
+            }
+            return Response(message, status=status.HTTP_400_BAD_REQUEST)
+
+        output_file = output.get_xlsx_report(
+            project_qs=project_qs,
+            model_short_name=model,
+        )
+        output_file.seek(0)
+        return FileResponse(
+            output_file,
+            filename=f"scancodeio-report-{filename_now()}.xlsx",
+            as_attachment=True,
+        )
+
     def get_filtered_response(
         self, request, queryset, filterset_class, serializer_class
     ):
diff --git a/scanpipe/forms.py b/scanpipe/forms.py
index c10350590..e7f317b10 100644
--- a/scanpipe/forms.py
+++ b/scanpipe/forms.py
@@ -297,15 +297,15 @@ class ProjectReportForm(BaseProjectActionForm):
     model_name = forms.ChoiceField(
         label="Choose the object type to include in the XLSX file",
         choices=[
-            ("discoveredpackage", "Packages"),
-            ("discovereddependency", "Dependencies"),
-            ("codebaseresource", "Resources"),
-            ("codebaserelation", "Relations"),
-            ("projectmessage", "Messages"),
+            ("package", "Packages"),
+            ("dependency", "Dependencies"),
+            ("resource", "Resources"),
+            ("relation", "Relations"),
+            ("message", "Messages"),
             ("todo", "TODOs"),
         ],
         required=True,
-        initial="discoveredpackage",
+        initial="package",
         widget=forms.RadioSelect,
     )
 
diff --git a/scanpipe/management/commands/report.py b/scanpipe/management/commands/report.py
index f2912ae71..ad502b14e 100644
--- a/scanpipe/management/commands/report.py
+++ b/scanpipe/management/commands/report.py
@@ -26,8 +26,6 @@
 from django.core.management import CommandError
 from django.core.management.base import BaseCommand
 
-import xlsxwriter
-
 from aboutcode.pipeline import humanize_time
 from scanpipe.models import Project
 from scanpipe.pipes import filename_now
@@ -48,10 +46,10 @@ def add_arguments(self, parser):
             ),
         )
         parser.add_argument(
-            "--sheet",
+            "--model",
             required=True,
             choices=list(output.object_type_to_model_name.keys()),
-            help="Specifies the sheet to include in the XLSX report.",
+            help="Specifies the model to include in the XLSX report.",
         )
         parser.add_argument(
             "--search",
@@ -75,8 +73,7 @@ def handle(self, *args, **options):
         output_directory = options["output_directory"]
         labels = options["labels"]
         search = options["search"]
-        sheet = options["sheet"]
-        model_name = output.object_type_to_model_name.get(sheet)
+        model = options["model"]
 
         if not (labels or search):
             raise CommandError(
@@ -97,23 +94,13 @@ def handle(self, *args, **options):
             msg = f"{project_count} project(s) will be included in the report."
             self.stdout.write(msg, self.style.SUCCESS)
 
-        worksheet_queryset = output.get_queryset(project=None, model_name=model_name)
-        worksheet_queryset = worksheet_queryset.filter(project__in=project_qs)
-
         filename = f"scancodeio-report-{filename_now()}.xlsx"
         if output_directory:
             output_file = Path(f"{output_directory}/{filename}")
         else:
             output_file = Path(filename)
 
-        with xlsxwriter.Workbook(output_file) as workbook:
-            output.queryset_to_xlsx_worksheet(
-                worksheet_queryset,
-                workbook,
-                exclude_fields=output.XLSX_EXCLUDE_FIELDS,
-                prepend_fields=["project"],
-                worksheet_name="TODOS",
-            )
+        output_file = output.get_xlsx_report(project_qs, model, output_file)
 
         run_time = timer() - start_time
         if self.verbosity > 0:
diff --git a/scanpipe/pipes/output.py b/scanpipe/pipes/output.py
index 84a795b09..f73ebf4c9 100644
--- a/scanpipe/pipes/output.py
+++ b/scanpipe/pipes/output.py
@@ -22,6 +22,7 @@
 
 import csv
 import decimal
+import io
 import json
 import re
 from operator import attrgetter
@@ -301,6 +302,7 @@ def to_json(project):
     "codebaseresource": "RESOURCES",
     "codebaserelation": "RELATIONS",
     "projectmessage": "MESSAGES",
+    "todo": "TODOS",
 }
 
 model_name_to_object_type = {
@@ -399,6 +401,31 @@ def add_xlsx_worksheet(workbook, worksheet_name, rows, fields):
     return errors_count
 
 
+def get_xlsx_report(project_qs, model_short_name, output_file=None):
+    model_name = object_type_to_model_name.get(model_short_name)
+    if not model_name:
+        raise ValueError(f"{model_short_name} is not valid.")
+
+    worksheet_name = model_name_to_worksheet_name.get(model_short_name)
+
+    worksheet_queryset = get_queryset(project=None, model_name=model_name)
+    worksheet_queryset = worksheet_queryset.filter(project__in=project_qs)
+
+    if not output_file:
+        output_file = io.BytesIO()
+
+    with xlsxwriter.Workbook(output_file) as workbook:
+        queryset_to_xlsx_worksheet(
+            worksheet_queryset,
+            workbook,
+            exclude_fields=XLSX_EXCLUDE_FIELDS,
+            prepend_fields=["project"],
+            worksheet_name=worksheet_name,
+        )
+
+    return output_file
+
+
 # Some scan attributes such as "copyrights" are list of dicts.
 #
 #  'authors': [{'end_line': 7, 'start_line': 7, 'author': 'John Doe'}],
diff --git a/scanpipe/templates/scanpipe/modals/projects_download_modal.html b/scanpipe/templates/scanpipe/modals/projects_download_modal.html
index d2d6b4e9a..17d0272a1 100644
--- a/scanpipe/templates/scanpipe/modals/projects_download_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_download_modal.html
@@ -6,7 +6,7 @@
       <p class="modal-card-title">Download outputs for selected projects as ZIP file</p>
       <button class="delete" aria-label="close"></button>
     </header>
-    <form action="{% url 'project_action' %}" method="post" id="download-projects-form">{% csrf_token %}
+    <form action="{% url 'project_action' %}" method="post" id="download-projects-form" target="_blank">{% csrf_token %}
       <section class="modal-card-body">
         <div class="field">
           <label class="label">{{ outputs_download_form.output_format.label }}</label>
diff --git a/scanpipe/templates/scanpipe/modals/projects_report_modal.html b/scanpipe/templates/scanpipe/modals/projects_report_modal.html
index 19fc2153a..3ad3c00a1 100644
--- a/scanpipe/templates/scanpipe/modals/projects_report_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_report_modal.html
@@ -6,7 +6,7 @@
       <p class="modal-card-title">Report of selected projects</p>
       <button class="delete" aria-label="close"></button>
     </header>
-    <form action="{% url 'project_action' %}" method="post" id="report-projects-form">{% csrf_token %}
+    <form action="{% url 'project_action' %}" method="post" id="report-projects-form" target="_blank">{% csrf_token %}
       <section class="modal-card-body">
         <div class="field">
           <label class="label">{{ report_form.model_name.label }}</label>
diff --git a/scanpipe/tests/pipes/test_output.py b/scanpipe/tests/pipes/test_output.py
index 25104710f..9c7773d1b 100644
--- a/scanpipe/tests/pipes/test_output.py
+++ b/scanpipe/tests/pipes/test_output.py
@@ -21,6 +21,7 @@
 # Visit https://github.com/nexB/scancode.io for support and download.
 
 import collections
+import io
 import json
 import shutil
 import tempfile
@@ -48,6 +49,7 @@
 from scanpipe.tests import make_dependency
 from scanpipe.tests import make_message
 from scanpipe.tests import make_package
+from scanpipe.tests import make_project
 from scanpipe.tests import make_resource_file
 from scanpipe.tests import mocked_now
 from scanpipe.tests import package_data1
@@ -72,7 +74,7 @@ def assertResultsEqual(self, expected_file, results, regen=FIXTURES_REGEN):
         self.assertEqual(expected_data, results)
 
     def test_scanpipe_pipes_outputs_queryset_to_csv_file(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project(name="Analysis")
         codebase_resource = CodebaseResource.objects.create(
             project=project1,
             path="filename.ext",
@@ -108,7 +110,7 @@ def test_scanpipe_pipes_outputs_queryset_to_csv_file(self):
             self.assertEqual(expected, f.readlines())
 
     def test_scanpipe_pipes_outputs_queryset_to_csv_stream(self):
-        project1 = Project.objects.create(name="Analysis")
+        project1 = make_project(name="Analysis")
         codebase_resource = CodebaseResource.objects.create(
             project=project1,
             path="filename.ext",
@@ -231,6 +233,39 @@ def test_scanpipe_pipes_outputs_to_xlsx(self):
         ]
         self.assertEqual(expected_sheet_names, workbook.get_sheet_names())
 
+    def test_scanpipe_pipes_outputs_get_xlsx_report(self):
+        project_qs = None
+        model_short_name = None
+
+        expected_message = "None is not valid."
+        with self.assertRaisesMessage(ValueError, expected_message):
+            output.get_xlsx_report(project_qs, model_short_name)
+
+        model_short_name = "package"
+        expected_message = "'NoneType' object is not iterable"
+        with self.assertRaisesMessage(TypeError, expected_message):
+            output.get_xlsx_report(project_qs, model_short_name)
+
+        make_project()
+        make_project()
+        project_qs = Project.objects.all()
+        output_file = output.get_xlsx_report(project_qs, model_short_name)
+
+        self.assertIsInstance(output_file, io.BytesIO)
+        workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
+        expected_sheet_names = [
+            "PACKAGES",
+        ]
+        self.assertEqual(expected_sheet_names, workbook.get_sheet_names())
+
+        model_short_name = "todo"
+        output_file = output.get_xlsx_report(project_qs, model_short_name)
+        workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
+        expected_sheet_names = [
+            "TODOS",
+        ]
+        self.assertEqual(expected_sheet_names, workbook.get_sheet_names())
+
     def test_scanpipe_pipes_outputs_vulnerability_as_cyclonedx(self):
         component_bom_ref = "pkg:pypi/django@4.0.10"
         data = self.data / "cyclonedx/django-4.0.10-vulnerability.json"
@@ -291,7 +326,7 @@ def test_scanpipe_pipes_outputs_to_cyclonedx(self, regen=FIXTURES_REGEN):
         self.assertEqual("1.5", results_json["specVersion"])
 
     def test_scanpipe_pipes_outputs_get_cyclonedx_bom_dependency_tree(self):
-        project = Project.objects.create(name="project")
+        project = make_project(name="project")
 
         a = make_package(project, "pkg:type/a")
         b = make_package(project, "pkg:type/b")
@@ -320,7 +355,7 @@ def test_scanpipe_pipes_outputs_get_cyclonedx_bom_dependency_tree(self):
         self.assertEqual(expected, results_json["dependencies"])
 
     def test_scanpipe_pipes_outputs_get_cyclonedx_bom_package_uid_instances(self):
-        project = Project.objects.create(name="project")
+        project = make_project(name="project")
         make_package(project, "pkg:type/a", package_uid="pkg:type/a?uuid=1")
         make_package(project, "pkg:type/a", package_uid="pkg:type/a?uuid=2")
 
@@ -354,7 +389,7 @@ def test_scanpipe_pipes_outputs_to_spdx(self):
         self.assertIn(output_file.name, project.output_root)
 
     def test_scanpipe_pipes_outputs_to_spdx_extracted_licenses(self):
-        project = Project.objects.create(name="Analysis")
+        project = make_project(name="Analysis")
         package_data = dict(package_data1)
         # ac3filter resolves as LicenseRef-scancode-ac3filter
         expression = "mit AND ac3filter"
@@ -434,7 +469,7 @@ def test_scanpipe_pipes_outputs_render_template_file(self):
         self.assertEqual("value", rendered)
 
     def test_scanpipe_pipes_outputs_get_attribution_template(self):
-        project = Project.objects.create(name="Analysis")
+        project = make_project(name="Analysis")
         template_location = str(output.get_attribution_template(project))
         expected_location = "templates/scanpipe/attribution.html"
         self.assertTrue(template_location.endswith(expected_location))
@@ -450,7 +485,7 @@ def test_scanpipe_pipes_outputs_get_attribution_template(self):
         self.assertTrue(template_location.endswith(expected_location))
 
     def test_scanpipe_pipes_outputs_get_package_data_for_attribution(self):
-        project = Project.objects.create(name="Analysis")
+        project = make_project(name="Analysis")
         package_data = dict(package_data1)
         expression = "mit AND gpl-2.0 AND mit"
         package_data["declared_license_expression"] = expression
@@ -468,7 +503,7 @@ def test_scanpipe_pipes_outputs_get_package_data_for_attribution(self):
         self.assertEqual(sorted(expected), sorted(licenses))
 
     def test_scanpipe_pipes_outputs_to_attribution(self):
-        project = Project.objects.create(name="Analysis")
+        project = make_project(name="Analysis")
         package_data = dict(package_data1)
         expression = "mit AND gpl-2.0 with classpath-exception-2.0 AND missing-unknown"
         package_data["declared_license_expression"] = expression
diff --git a/scanpipe/tests/test_api.py b/scanpipe/tests/test_api.py
index 5969b09da..87ac85e10 100644
--- a/scanpipe/tests/test_api.py
+++ b/scanpipe/tests/test_api.py
@@ -32,6 +32,7 @@
 from django.urls import reverse
 from django.utils import timezone
 
+import openpyxl
 from rest_framework import status
 from rest_framework.exceptions import ErrorDetail
 from rest_framework.test import APIClient
@@ -68,7 +69,7 @@ class ScanPipeAPITest(TransactionTestCase):
     data = Path(__file__).parent / "data"
 
     def setUp(self):
-        self.project1 = Project.objects.create(name="Analysis")
+        self.project1 = make_project(name="Analysis")
         self.resource1 = CodebaseResource.objects.create(
             project=self.project1,
             path="daglib-0.3.2.tar.gz-extract/daglib-0.3.2/PKG-INFO",
@@ -102,8 +103,8 @@ def test_scanpipe_api_browsable_formats_available(self):
         self.assertContains(response, self.project1_detail_url)
 
     def test_scanpipe_api_project_list(self):
-        Project.objects.create(name="2")
-        Project.objects.create(name="3")
+        make_project(name="2")
+        make_project(name="3")
 
         with self.assertNumQueries(8):
             response = self.csrf_client.get(self.project_list_url)
@@ -120,8 +121,8 @@ def test_scanpipe_api_project_list(self):
         self.assertNotContains(response, "dependency_count")
 
     def test_scanpipe_api_project_list_filters(self):
-        project2 = Project.objects.create(name="pro2ject", is_archived=True)
-        project3 = Project.objects.create(name="3project", is_archived=True)
+        project2 = make_project(name="pro2ject", is_archived=True)
+        project3 = make_project(name="3project", is_archived=True)
 
         response = self.csrf_client.get(self.project_list_url)
         self.assertEqual(3, response.data["count"])
@@ -178,6 +179,15 @@ def test_scanpipe_api_project_list_filters(self):
         self.assertContains(response, project2.uuid)
         self.assertContains(response, project3.uuid)
 
+        project2.labels.add("label1")
+        project3.labels.add("label1")
+        data = {"label": "label1"}
+        response = self.csrf_client.get(self.project_list_url, data=data)
+        self.assertEqual(2, response.data["count"])
+        self.assertNotContains(response, self.project1.uuid)
+        self.assertContains(response, project2.uuid)
+        self.assertContains(response, project3.uuid)
+
     def test_scanpipe_api_project_detail(self):
         response = self.csrf_client.get(self.project1_detail_url)
         self.assertIn(self.project1_detail_url, response.data["url"])
@@ -659,6 +669,47 @@ def test_scanpipe_api_project_action_pipelines(self):
         expected = ["name", "summary", "description", "steps", "available_groups"]
         self.assertEqual(expected, list(response.data[0].keys()))
 
+    def test_scanpipe_api_project_action_report(self):
+        url = reverse("project-report")
+
+        response = self.csrf_client.get(url)
+        self.assertEqual(400, response.status_code)
+        expected = (
+            "Specifies the model to include in the XLSX report. Using: ?model=MODEL"
+        )
+        self.assertEqual(expected, response.data["error"])
+
+        data = {"model": "bad value"}
+        response = self.csrf_client.get(url, data=data)
+        self.assertEqual(400, response.status_code)
+        expected = "bad value is not on of the valid choices"
+        self.assertEqual(expected, response.data["error"])
+
+        make_package(self.project1, package_url="pkg:generic/p1")
+        project2 = make_project()
+        project2.labels.add("label1")
+        package2 = make_package(project2, package_url="pkg:generic/p2")
+
+        data = {
+            "model": "package",
+            "label": "label1",
+        }
+        response = self.csrf_client.get(url, data=data)
+        self.assertEqual(200, response.status_code)
+        self.assertTrue(response.filename.startswith("scancodeio-report-"))
+        self.assertTrue(response.filename.endswith(".xlsx"))
+
+        output_file = io.BytesIO(b"".join(response.streaming_content))
+        workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
+        self.assertEqual(["PACKAGES"], workbook.get_sheet_names())
+
+        todos_sheet = workbook.get_sheet_by_name("PACKAGES")
+        rows = list(todos_sheet.values)
+        self.assertEqual(2, len(rows))
+        self.assertEqual("project", rows[0][0])  # header row
+        self.assertEqual(project2.name, rows[1][0])
+        self.assertEqual(package2.package_url, rows[1][1])
+
     def test_scanpipe_api_project_action_resources(self):
         url = reverse("project-resources", args=[self.project1.uuid])
         response = self.csrf_client.get(url)
@@ -927,7 +978,7 @@ def test_scanpipe_api_project_action_add_pipeline(self, mock_execute_pipeline_ta
         run = self.project1.runs.get()
         self.assertEqual(data["pipeline"], run.pipeline_name)
 
-        project2 = Project.objects.create(name="Analysis 2")
+        project2 = make_project(name="Analysis 2")
         url = reverse("project-add-pipeline", args=[project2.uuid])
         data["execute_now"] = True
         response = self.csrf_client.post(url, data=data)
diff --git a/scanpipe/tests/test_commands.py b/scanpipe/tests/test_commands.py
index 3f3156dcd..367d72320 100644
--- a/scanpipe/tests/test_commands.py
+++ b/scanpipe/tests/test_commands.py
@@ -1104,16 +1104,16 @@ def test_scanpipe_management_command_report(self):
         make_resource_file(project1, path="file.ext", status=flag.REQUIRES_REVIEW)
         make_project("project2")
 
-        expected = "Error: the following arguments are required: --sheet"
+        expected = "Error: the following arguments are required: --model"
         with self.assertRaisesMessage(CommandError, expected):
             call_command("report")
 
-        options = ["--sheet", "UNKNOWN"]
-        expected = "Error: argument --sheet: invalid choice: 'UNKNOWN'"
+        options = ["--model", "UNKNOWN"]
+        expected = "Error: argument --model: invalid choice: 'UNKNOWN'"
         with self.assertRaisesMessage(CommandError, expected):
             call_command("report", *options)
 
-        options = ["--sheet", "todo"]
+        options = ["--model", "todo"]
         expected = "You must provide either --label or --search to select projects."
         with self.assertRaisesMessage(CommandError, expected):
             call_command("report", *options)
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
index 4af988fe3..0f27599da 100644
--- a/scanpipe/tests/test_views.py
+++ b/scanpipe/tests/test_views.py
@@ -20,6 +20,7 @@
 # ScanCode.io is a free software code scanning tool from nexB Inc. and others.
 # Visit https://github.com/nexB/scancode.io for support and download.
 
+import io
 import json
 import shutil
 import uuid
@@ -34,6 +35,7 @@
 from django.urls import reverse
 from django.urls.exceptions import NoReverseMatch
 
+import openpyxl
 import requests
 
 from scanpipe.forms import BaseProjectActionForm
@@ -228,7 +230,12 @@ def test_scanpipe_views_project_action_report_view(self):
             "model_name": "todo",
         }
         response = self.client.post(url, data=data, follow=True)
-        self.assertEqual("report.xlsx", response.filename)
+        self.assertTrue(response.filename.startswith("scancodeio-report-"))
+        self.assertTrue(response.filename.endswith(".xlsx"))
+
+        output_file = io.BytesIO(b"".join(response.streaming_content))
+        workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
+        self.assertEqual(["TODOS"], workbook.get_sheet_names())
 
     def test_scanpipe_views_project_action_view_get_project_queryset(self):
         queryset = ProjectActionView.get_project_queryset(
diff --git a/scanpipe/views.py b/scanpipe/views.py
index 43e3c1afa..5cd240866 100644
--- a/scanpipe/views.py
+++ b/scanpipe/views.py
@@ -96,6 +96,7 @@
 from scanpipe.models import RunInProgressError
 from scanpipe.pipes import compliance
 from scanpipe.pipes import count_group_by
+from scanpipe.pipes import filename_now
 from scanpipe.pipes import output
 from scanpipe.pipes import purldb
 
@@ -453,24 +454,14 @@ def get_export_xlsx_queryset(self):
     def get_export_xlsx_filename(self):
         return f"{self.project.name}_{self.model._meta.model_name}.xlsx"
 
-    def get_export_xlsx_prepend_fields(self):
-        return []
-
-    def get_export_xlsx_worksheet_name(self):
-        return
-
     def export_xlsx_file_response(self):
         output_file = io.BytesIO()
         queryset = self.get_export_xlsx_queryset()
-        prepend_fields = self.get_export_xlsx_prepend_fields()
-        worksheet_name = self.get_export_xlsx_worksheet_name()
         with xlsxwriter.Workbook(output_file) as workbook:
             output.queryset_to_xlsx_worksheet(
                 queryset,
                 workbook,
                 exclude_fields=output.XLSX_EXCLUDE_FIELDS,
-                prepend_fields=prepend_fields,
-                worksheet_name=worksheet_name,
             )
 
         output_file.seek(0)
@@ -1191,7 +1182,7 @@ def form_valid(self, form):
 
 
 @method_decorator(require_POST, name="dispatch")
-class ProjectActionView(ConditionalLoginRequired, ExportXLSXMixin, generic.ListView):
+class ProjectActionView(ConditionalLoginRequired, generic.ListView):
     """Call a method for each instance of the selection."""
 
     model = Project
@@ -1222,9 +1213,7 @@ def post(self, request, *args, **kwargs):
             return self.download_outputs_zip_response(project_qs, action_form)
 
         if action == "report":
-            self.action_form = action_form
-            self.project_qs = project_qs
-            return self.export_xlsx_file_response()
+            return self.xlsx_report_response(project_qs, action_form)
 
         if action == "archive":
             action_kwargs = action_form.get_action_kwargs()
@@ -1287,21 +1276,6 @@ def get_project_queryset(selected_project_ids=None, action_form=None):
 
         raise Http404
 
-    def get_export_xlsx_queryset(self):
-        model_name = self.action_form.cleaned_data["model_name"]
-        queryset = output.get_queryset(project=None, model_name=model_name)
-        return queryset.filter(project__in=self.project_qs)
-
-    def get_export_xlsx_prepend_fields(self):
-        return ["project"]
-
-    def get_export_xlsx_worksheet_name(self):
-        if self.action_form.cleaned_data.get("model_name") == "todo":
-            return "TODOS"
-
-    def get_export_xlsx_filename(self):
-        return "report.xlsx"
-
     @staticmethod
     def download_outputs_zip_response(project_qs, action_form):
         output_format = action_form.cleaned_data["output_format"]
@@ -1323,6 +1297,18 @@ def download_outputs_zip_response(project_qs, action_form):
             filename="scancodeio_output_files.zip",
         )
 
+    @staticmethod
+    def xlsx_report_response(project_qs, action_form):
+        model_short_name = action_form.cleaned_data["model_name"]
+        filename = f"scancodeio-report-{filename_now()}.xlsx"
+        output_file = output.get_xlsx_report(project_qs, model_short_name)
+        output_file.seek(0)
+        return FileResponse(
+            output_file,
+            as_attachment=True,
+            filename=filename,
+        )
+
 
 class HTTPResponseHXRedirect(HttpResponseRedirect):
     status_code = 200

From 05a0e7210fc2afbf11d1ec51bd23cbd3f26d0f56 Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Wed, 22 Jan 2025 23:14:06 +0900
Subject: [PATCH 12/18] Remove the duplicated section in the docs #1524

Signed-off-by: tdruez <tdruez@nexb.com>
---
 docs/rest-api.rst | 29 -----------------------------
 1 file changed, 29 deletions(-)

diff --git a/docs/rest-api.rst b/docs/rest-api.rst
index 52b48b959..9d555bb23 100644
--- a/docs/rest-api.rst
+++ b/docs/rest-api.rst
@@ -591,35 +591,6 @@ This action deletes a "not started" or "queued" pipeline run.
 XLSX Report
 -----------
 
-Generates an XLSX report of selected projects based on the provided criteria.
-The model needs to be provided using the ``model`` query parameter.
-
-``GET /api/projects/?model=MODEL``
-
-Data:
-  - ``model``: ``package``, ``dependency``, ``resource``, ``relation``, ``message``,
-    ``todo``.
-
-**Any available filters can be applied** to **select the set of projects** you want to
-include in the report, such as a string contained in the name, or filter by labels:
-
-Example usage:
-
-1. Generate a report for all projects tagged with "d2d" and include the **TODOS**
-worksheet::
-
-    GET /api/projects/?model=todo&label=d2d
-
-
-2. Generate a report for projects whose names contain the word "audit" and include the
-**PACKAGES** worksheet::
-
-   GET /api/projects/?model=package&name__contains=audit
-
-
-XLSX Report
------------
-
 Generates an XLSX report for selected projects based on specified criteria. The
 ``model`` query parameter is required to determine the type of data to include in the
 report.

From a7f1de95c278576db1835158b4d4d10f22e99fa9 Mon Sep 17 00:00:00 2001
From: Philippe Ombredanne <pombredanne@nexb.com>
Date: Thu, 23 Jan 2025 01:22:07 +0100
Subject: [PATCH 13/18] Do not check docker image checksums (#1540)

It can be useful to skip checking docker image checksums.
It may need to to be made a project setting.
For now, this is only removing the verification step

Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
---
 scanpipe/pipes/docker.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanpipe/pipes/docker.py b/scanpipe/pipes/docker.py
index 4a9fb4d32..075500d46 100644
--- a/scanpipe/pipes/docker.py
+++ b/scanpipe/pipes/docker.py
@@ -69,7 +69,7 @@ def extract_images_from_inputs(project):
     return images, errors
 
 
-def extract_image_from_tarball(input_tarball, extract_target, verify=True):
+def extract_image_from_tarball(input_tarball, extract_target, verify=False):
     """
     Extract images from an ``input_tarball`` to an ``extract_target`` directory
     Path object and collects the extracted images.

From ad6f2efb5de355f580222433cdd9cccdf51e7804 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Thu, 23 Jan 2025 17:51:34 +0900
Subject: [PATCH 14/18] Handle the exception when the policies.yml is not valid
 #1560 (#1561)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/policies.py                             |  2 +-
 scanpipe/templates/scanpipe/project_detail.html  |  2 +-
 scanpipe/tests/data/policies/broken_policies.yml |  1 +
 scanpipe/tests/test_views.py                     | 10 ++++++++++
 scanpipe/views.py                                |  7 +++++++
 5 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 scanpipe/tests/data/policies/broken_policies.yml

diff --git a/scanpipe/policies.py b/scanpipe/policies.py
index beebf9bd8..d0ea94e5c 100644
--- a/scanpipe/policies.py
+++ b/scanpipe/policies.py
@@ -30,7 +30,7 @@ def load_policies_yaml(policies_yaml):
     try:
         return saneyaml.load(policies_yaml)
     except saneyaml.YAMLError as e:
-        raise ValidationError(f"Policies format error: {e}")
+        raise ValidationError(f"Policies file format error: {e}")
 
 
 def load_policies_file(policies_file, validate=True):
diff --git a/scanpipe/templates/scanpipe/project_detail.html b/scanpipe/templates/scanpipe/project_detail.html
index 63a3ff54c..89cad4436 100644
--- a/scanpipe/templates/scanpipe/project_detail.html
+++ b/scanpipe/templates/scanpipe/project_detail.html
@@ -107,7 +107,7 @@
         <div hx-get="{% url 'project_resource_license_summary' project.slug %}" hx-trigger="load" hx-swap="outerHTML"></div>
       </div>
 
-      {% if project.policies_enabled %}
+      {% if policies_enabled %}
         <div class="columns">
           <div hx-get="{% url 'project_compliance_panel' project.slug %}" hx-trigger="load" hx-swap="outerHTML"></div>
         </div>
diff --git a/scanpipe/tests/data/policies/broken_policies.yml b/scanpipe/tests/data/policies/broken_policies.yml
new file mode 100644
index 000000000..7eb4fb2d1
--- /dev/null
+++ b/scanpipe/tests/data/policies/broken_policies.yml
@@ -0,0 +1 @@
+[broken
\ No newline at end of file
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
index 0f27599da..76081ad5e 100644
--- a/scanpipe/tests/test_views.py
+++ b/scanpipe/tests/test_views.py
@@ -1286,3 +1286,13 @@ def test_scanpipe_views_project_dependency_tree(self):
         response = self.client.get(url)
         self.assertTrue(response.context["recursion_error"])
         self.assertContains(response, "The dependency tree cannot be rendered")
+
+    def test_scanpipe_policies_broken_policies_project_details(self):
+        broken_policies = self.data / "policies" / "broken_policies.yml"
+        project1 = make_project()
+        shutil.copyfile(broken_policies, project1.input_path / "policies.yml")
+
+        url = project1.get_absolute_url()
+        response = self.client.get(url)
+        self.assertEqual(200, response.status_code)
+        self.assertContains(response, "Policies file format error")
diff --git a/scanpipe/views.py b/scanpipe/views.py
index 5cd240866..a2362484e 100644
--- a/scanpipe/views.py
+++ b/scanpipe/views.py
@@ -747,6 +747,12 @@ def get_context_data(self, **kwargs):
         pipeline_runs = project.runs.all()
         self.check_run_scancode_version(pipeline_runs)
 
+        policies_enabled = False
+        try:
+            policies_enabled = project.policies_enabled
+        except ValidationError as e:
+            messages.error(self.request, str(e))
+
         context.update(
             {
                 "input_sources": project.get_inputs_with_source(),
@@ -763,6 +769,7 @@ def get_context_data(self, **kwargs):
                 "pipeline_runs": pipeline_runs,
                 "codebase_root": codebase_root,
                 "file_filter": self.request.GET.get("file-filter", "all"),
+                "policies_enabled": policies_enabled,
             }
         )
 

From e4cc635ee7d795c0998fbb975202c1f9d1830ac8 Mon Sep 17 00:00:00 2001
From: Chin Yeung <tli@nexb.com>
Date: Fri, 24 Jan 2025 09:49:06 +0800
Subject: [PATCH 15/18] Add note to clarify users to use WSL when installing on
 windows (#1478)

Signed-off-by: Chin Yeung Li <tli@nexb.com>
---
 docs/installation.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/docs/installation.rst b/docs/installation.rst
index 6fa58f517..03d2bd402 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -35,6 +35,10 @@ Build the Image
 ScanCode.io is distributed with ``Dockerfile`` and ``docker-compose.yml`` files
 required for the creation of the Docker image.
 
+.. note::
+    On **Windows**, ensure to use the **wsl** (Windows Subsystem for Linux) for
+    the installation process.
+
 .. warning:: On **Windows**, ensure that git ``autocrlf`` configuration is set to
    ``false`` before cloning the repository::
 

From 790e1ef7796fcc3d4fe283c12a83c99170cd2115 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Mon, 27 Jan 2025 10:40:31 +0900
Subject: [PATCH 16/18] Increase the HTTP requests timeout to 30 in fetch pipes
 #1144 (#1567)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/pipes/fetch.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/scanpipe/pipes/fetch.py b/scanpipe/pipes/fetch.py
index 06b4aca28..127f120da 100644
--- a/scanpipe/pipes/fetch.py
+++ b/scanpipe/pipes/fetch.py
@@ -46,6 +46,17 @@
 
 Download = namedtuple("Download", "uri directory filename path size sha1 md5")
 
+# Time (in seconds) to wait for the server to send data before giving up.
+# The ``REQUEST_CONNECTION_TIMEOUT`` defines:
+# - Connect timeout: The maximum time to wait for the client to establish a connection
+#   to the server.
+# - Read timeout: The maximum time to wait for a server response once the connection
+#   is established.
+# Notes: Use caution when lowering this value, as some servers
+# (e.g., https://cdn.kernel.org/) may take longer to respond to HTTP requests under
+# certain conditions.
+HTTP_REQUEST_TIMEOUT = 30
+
 
 def run_command_safely(command_args):
     """
@@ -107,7 +118,7 @@ def fetch_http(uri, to=None):
     path.
     """
     request_session = get_request_session(uri)
-    response = request_session.get(uri, timeout=5)
+    response = request_session.get(uri, timeout=HTTP_REQUEST_TIMEOUT)
 
     if response.status_code != 200:
         raise requests.RequestException
@@ -416,7 +427,7 @@ def check_urls_availability(urls):
 
         request_session = get_request_session(url)
         try:
-            response = request_session.head(url, timeout=5)
+            response = request_session.head(url, timeout=HTTP_REQUEST_TIMEOUT)
             response.raise_for_status()
         except requests.exceptions.RequestException:
             errors.append(url)

From 747b9cc8a832436330ddc66b844e8db17e0b3f13 Mon Sep 17 00:00:00 2001
From: tdruez <489057+tdruez@users.noreply.github.com>
Date: Mon, 27 Jan 2025 14:23:22 +0900
Subject: [PATCH 17/18] Add options to the Project reset action (#1568)

Signed-off-by: tdruez <tdruez@nexb.com>
---
 scanpipe/forms.py                             | 31 ++++++++-
 scanpipe/models.py                            | 26 ++++++--
 .../scanpipe/modals/project_reset_modal.html  | 40 ++++++++----
 .../scanpipe/modals/projects_reset_modal.html | 64 ++++++++++++-------
 scanpipe/tests/test_models.py                 | 12 +++-
 scanpipe/tests/test_views.py                  | 23 ++++++-
 scanpipe/views.py                             | 28 ++++----
 7 files changed, 167 insertions(+), 57 deletions(-)

diff --git a/scanpipe/forms.py b/scanpipe/forms.py
index e7f317b10..7e2486b85 100644
--- a/scanpipe/forms.py
+++ b/scanpipe/forms.py
@@ -252,7 +252,8 @@ class BaseProjectActionForm(forms.Form):
     )
 
 
-class ArchiveProjectForm(BaseProjectActionForm):
+class ProjectArchiveForm(BaseProjectActionForm):
+    prefix = "archive"
     remove_input = forms.BooleanField(
         label="Remove inputs",
         initial=True,
@@ -277,7 +278,34 @@ def get_action_kwargs(self):
         }
 
 
+class ProjectResetForm(BaseProjectActionForm):
+    prefix = "reset"
+    keep_input = forms.BooleanField(
+        label="Keep inputs",
+        initial=True,
+        required=False,
+    )
+    restore_pipelines = forms.BooleanField(
+        label="Restore existing pipelines",
+        initial=False,
+        required=False,
+    )
+    execute_now = forms.BooleanField(
+        label="Execute restored pipeline(s) now",
+        initial=False,
+        required=False,
+    )
+
+    def get_action_kwargs(self):
+        return {
+            "keep_input": self.cleaned_data["keep_input"],
+            "restore_pipelines": self.cleaned_data["restore_pipelines"],
+            "execute_now": self.cleaned_data["execute_now"],
+        }
+
+
 class ProjectOutputDownloadForm(BaseProjectActionForm):
+    prefix = "download"
     output_format = forms.ChoiceField(
         label="Choose the output format to include in the ZIP file",
         choices=[
@@ -294,6 +322,7 @@ class ProjectOutputDownloadForm(BaseProjectActionForm):
 
 
 class ProjectReportForm(BaseProjectActionForm):
+    prefix = "report"
     model_name = forms.ChoiceField(
         label="Choose the object type to include in the XLSX file",
         choices=[
diff --git a/scanpipe/models.py b/scanpipe/models.py
index d5d43ed4b..0b0cbd837 100644
--- a/scanpipe/models.py
+++ b/scanpipe/models.py
@@ -637,10 +637,9 @@ def archive(self, remove_input=False, remove_codebase=False, remove_output=False
         shutil.rmtree(self.tmp_path, ignore_errors=True)
         self.setup_work_directory()
 
-        self.is_archived = True
-        self.save(update_fields=["is_archived"])
+        self.update(is_archived=True)
 
-    def delete_related_objects(self, keep_input=False):
+    def delete_related_objects(self, keep_input=False, keep_labels=False):
         """
         Delete all related object instances using the private `_raw_delete` model API.
         This bypass the objects collection, cascade deletions, and signals.
@@ -657,7 +656,8 @@ def delete_related_objects(self, keep_input=False):
         _, deleted_counter = self.discoveredpackages.all().delete()
 
         # Removes all tags from this project by deleting the UUIDTaggedItem instances.
-        self.labels.clear()
+        if not keep_labels:
+            self.labels.clear()
 
         relationships = [
             self.webhookdeliveries,
@@ -690,14 +690,25 @@ def delete(self, *args, **kwargs):
 
         return super().delete(*args, **kwargs)
 
-    def reset(self, keep_input=True):
+    def reset(self, keep_input=True, restore_pipelines=False, execute_now=False):
         """
         Reset the project by deleting all related database objects and all work
         directories except the input directory—when the `keep_input` option is True.
         """
         self._raise_if_run_in_progress()
 
-        self.delete_related_objects(keep_input=keep_input)
+        restore_pipeline_kwargs = []
+        if restore_pipelines:
+            restore_pipeline_kwargs = [
+                {
+                    "pipeline_name": run.pipeline_name,
+                    "execute_now": execute_now,
+                    "selected_groups": run.selected_groups,
+                }
+                for run in self.runs.all()
+            ]
+
+        self.delete_related_objects(keep_input=keep_input, keep_labels=True)
 
         work_directories = [
             self.codebase_path,
@@ -717,6 +728,9 @@ def reset(self, keep_input=True):
 
         self.setup_work_directory()
 
+        for pipeline_kwargs in restore_pipeline_kwargs:
+            self.add_pipeline(**pipeline_kwargs)
+
     def clone(
         self,
         clone_name,
diff --git a/scanpipe/templates/scanpipe/modals/project_reset_modal.html b/scanpipe/templates/scanpipe/modals/project_reset_modal.html
index 3cb976c32..8c8657d02 100644
--- a/scanpipe/templates/scanpipe/modals/project_reset_modal.html
+++ b/scanpipe/templates/scanpipe/modals/project_reset_modal.html
@@ -5,18 +5,36 @@
       <p class="modal-card-title">Reset this project, are you sure?</p>
       <button class="delete" aria-label="close"></button>
     </header>
-    <section class="modal-card-body">
-      <div class="notification is-danger has-text-weight-semibold">
-        This action cannot be undone.
-      </div>
-      <p class="mb-2">
-        This action will <strong>delete all related database entries and all data on disks</strong> except for the input/ directory.
-      </p>
-      <p class="mb-5">
-        Are you sure you want to do this?
-      </p>
-    </section>
     <form action="{% url 'project_reset' project.slug %}" method="post">{% csrf_token %}
+      <section class="modal-card-body">
+        <div class="notification is-danger has-text-weight-semibold">
+          This action cannot be undone.
+        </div>
+        <p class="mb-2">
+          This action will <strong>delete all related database entries and all data on disks</strong> except for the input/ directory.
+        </p>
+        <p class="mb-5">
+          Are you sure you want to do this?
+        </p>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.keep_input }}
+            {{ reset_form.keep_input.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.restore_pipelines }}
+            {{ reset_form.restore_pipelines.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.execute_now }}
+            {{ reset_form.execute_now.label }}
+          </label>
+        </div>
+      </section>
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
         <button class="button has-text-weight-semibold" type="reset">No, Cancel</button>
         <button class="button is-danger is-no-close" type="submit">Yes, Reset Project</button>
diff --git a/scanpipe/templates/scanpipe/modals/projects_reset_modal.html b/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
index c74067972..c867c321f 100644
--- a/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
+++ b/scanpipe/templates/scanpipe/modals/projects_reset_modal.html
@@ -6,30 +6,48 @@
       <p class="modal-card-title">Reset selected projects, are you sure?</p>
       <button class="delete" aria-label="close"></button>
     </header>
-    <section class="modal-card-body">
-      <div class="notification is-danger has-text-weight-semibold">
-        This action cannot be undone.
-      </div>
-      <p class="mb-2">
-        This action will <strong>delete all related database entries and all data on disks</strong> except for the input/ directory.
-      </p>
-      <p class="mb-5">
-        Are you sure you want to do this?
-      </p>
-      {% if page_obj.paginator.num_pages > 1 %}
-        <div class="show-on-all-checked">
-          <hr>
-          <div class="field include-all-field">
-            <label class="checkbox" for="{{ archive_form.select_across.id_for_label }}">
-              <input type="checkbox" name="{{ archive_form.select_across.name }}" id="{{ archive_form.select_across.id_for_label }}">
-              Include all {{ paginator.count|intcomma }} projects
-            </label>
-            <p class="help">{{ outputs_download_form.select_across.help_text }}</p>
-          </div>
-        </div>
-      {% endif %}
-    </section>
     <form action="{% url 'project_action' %}" method="post" id="reset-projects-form">{% csrf_token %}
+      <section class="modal-card-body">
+        <div class="notification is-danger has-text-weight-semibold">
+          This action cannot be undone.
+        </div>
+        <p class="mb-2">
+          This action will <strong>delete all related database entries and all data on disks</strong> except for the input/ directory.
+        </p>
+        <p class="mb-5">
+          Are you sure you want to do this?
+        </p>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.keep_input }}
+            {{ reset_form.keep_input.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.restore_pipelines }}
+            {{ reset_form.restore_pipelines.label }}
+          </label>
+        </div>
+        <div class="field">
+          <label class="label">
+            {{ reset_form.execute_now }}
+            {{ reset_form.execute_now.label }}
+          </label>
+        </div>
+        {% if page_obj.paginator.num_pages > 1 %}
+          <div class="show-on-all-checked">
+            <hr>
+            <div class="field include-all-field">
+              <label class="checkbox" for="{{ reset_form.select_across.id_for_label }}">
+                <input type="checkbox" name="{{ reset_form.select_across.name }}" id="{{ reset_form.select_across.id_for_label }}">
+                Include all {{ paginator.count|intcomma }} projects
+              </label>
+              <p class="help">{{ outputs_download_form.select_across.help_text }}</p>
+            </div>
+          </div>
+        {% endif %}
+      </section>
       <input type="hidden" name="{{ action_form.url_query.name }}" value="{{ request.GET.urlencode }}">
       <input type="hidden" name="action" value="reset">
       <footer class="modal-card-foot is-flex is-justify-content-space-between">
diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
index 9d73d64bc..befe3b652 100644
--- a/scanpipe/tests/test_models.py
+++ b/scanpipe/tests/test_models.py
@@ -171,7 +171,7 @@ def test_scanpipe_project_model_delete_related_objects(self):
         package = DiscoveredPackage.objects.create(project=self.project1)
         resource.discovered_packages.add(package)
 
-        delete_log = self.project1.delete_related_objects()
+        delete_log = self.project1.delete_related_objects(keep_labels=True)
         expected = {
             "scanpipe.CodebaseRelation": 0,
             "scanpipe.CodebaseResource": 1,
@@ -185,7 +185,10 @@ def test_scanpipe_project_model_delete_related_objects(self):
             "scanpipe.WebhookSubscription": 0,
         }
         self.assertEqual(expected, delete_log)
+
         # Make sure the labels were deleted too.
+        self.assertEqual(2, UUIDTaggedItem.objects.count())
+        self.project1.delete_related_objects()
         self.assertEqual(0, UUIDTaggedItem.objects.count())
 
     def test_scanpipe_project_model_delete(self):
@@ -224,8 +227,13 @@ def test_scanpipe_project_model_reset(self):
         self.assertEqual(1, self.project1.codebaseresources.count())
         self.assertEqual(1, self.project1.inputsources.count())
 
-        self.project1.reset()
+        self.project1.reset(restore_pipelines=True, execute_now=False)
+        self.assertEqual(0, self.project1.projectmessages.count())
+        self.assertEqual(1, self.project1.runs.count())
+        self.assertEqual(0, self.project1.discoveredpackages.count())
+        self.assertEqual(0, self.project1.codebaseresources.count())
 
+        self.project1.reset()
         self.assertTrue(Project.objects.filter(name=self.project1.name).exists())
         self.assertEqual(0, self.project1.projectmessages.count())
         self.assertEqual(0, self.project1.runs.count())
diff --git a/scanpipe/tests/test_views.py b/scanpipe/tests/test_views.py
index 76081ad5e..a0eb4699c 100644
--- a/scanpipe/tests/test_views.py
+++ b/scanpipe/tests/test_views.py
@@ -227,7 +227,7 @@ def test_scanpipe_views_project_action_report_view(self):
         data = {
             "action": "report",
             "selected_ids": f"{self.project1.uuid}",
-            "model_name": "todo",
+            "report-model_name": "todo",
         }
         response = self.client.post(url, data=data, follow=True)
         self.assertTrue(response.filename.startswith("scancodeio-report-"))
@@ -237,6 +237,21 @@ def test_scanpipe_views_project_action_report_view(self):
         workbook = openpyxl.load_workbook(output_file, read_only=True, data_only=True)
         self.assertEqual(["TODOS"], workbook.get_sheet_names())
 
+    def test_scanpipe_views_project_action_reset_view(self):
+        url = reverse("project_action")
+        data = {
+            "action": "reset",
+            "selected_ids": f"{self.project1.uuid}",
+            "reset-restore_pipelines": "on",
+        }
+        self.project1.add_pipeline(pipeline_name="scan_codebase")
+        response = self.client.post(url, data=data, follow=True)
+        expected = "1 projects have been reset."
+        self.assertContains(response, expected)
+
+        self.assertTrue(Project.objects.filter(name=self.project1.name).exists())
+        self.assertEqual(1, self.project1.runs.count())
+
     def test_scanpipe_views_project_action_view_get_project_queryset(self):
         queryset = ProjectActionView.get_project_queryset(
             selected_project_ids=[self.project1.uuid],
@@ -733,10 +748,12 @@ def test_scanpipe_views_project_reset_view(self):
         self.assertContains(response, expected)
 
         run.set_task_ended(exitcode=0)
-        response = self.client.post(url, follow=True)
-        expected = "have been removed."
+        data = {"reset-restore_pipelines": "on"}
+        response = self.client.post(url, data=data, follow=True)
+        expected = "has been reset."
         self.assertContains(response, expected)
         self.assertTrue(Project.objects.filter(name=self.project1.name).exists())
+        self.assertEqual(1, self.project1.runs.count())
 
     def test_scanpipe_views_project_settings_view(self):
         url = reverse("project_settings", args=[self.project1.slug])
diff --git a/scanpipe/views.py b/scanpipe/views.py
index a2362484e..2bf7e128d 100644
--- a/scanpipe/views.py
+++ b/scanpipe/views.py
@@ -76,14 +76,15 @@
 from scanpipe.forms import AddInputsForm
 from scanpipe.forms import AddLabelsForm
 from scanpipe.forms import AddPipelineForm
-from scanpipe.forms import ArchiveProjectForm
 from scanpipe.forms import BaseProjectActionForm
 from scanpipe.forms import EditInputSourceTagForm
 from scanpipe.forms import PipelineRunStepSelectionForm
+from scanpipe.forms import ProjectArchiveForm
 from scanpipe.forms import ProjectCloneForm
 from scanpipe.forms import ProjectForm
 from scanpipe.forms import ProjectOutputDownloadForm
 from scanpipe.forms import ProjectReportForm
+from scanpipe.forms import ProjectResetForm
 from scanpipe.forms import ProjectSettingsForm
 from scanpipe.models import CodebaseRelation
 from scanpipe.models import CodebaseResource
@@ -599,7 +600,8 @@ class ProjectListView(
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context["action_form"] = BaseProjectActionForm()
-        context["archive_form"] = ArchiveProjectForm()
+        context["archive_form"] = ProjectArchiveForm()
+        context["reset_form"] = ProjectResetForm()
         context["outputs_download_form"] = ProjectOutputDownloadForm()
         context["report_form"] = ProjectReportForm()
         return context
@@ -856,7 +858,8 @@ def get(self, request, *args, **kwargs):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         project = self.get_object()
-        context["archive_form"] = ArchiveProjectForm()
+        context["archive_form"] = ProjectArchiveForm()
+        context["reset_form"] = ProjectResetForm()
         context["webhook_subscriptions"] = project.webhooksubscriptions.all()
         return context
 
@@ -1136,7 +1139,7 @@ def get_context_data(self, **kwargs):
 class ProjectArchiveView(ConditionalLoginRequired, SingleObjectMixin, FormView):
     model = Project
     http_method_names = ["post"]
-    form_class = ArchiveProjectForm
+    form_class = ProjectArchiveForm
     success_url = reverse_lazy("project_list")
     success_message = 'The project "{}" has been archived.'
 
@@ -1154,20 +1157,22 @@ def form_valid(self, form):
         return response
 
 
-class ProjectResetView(ConditionalLoginRequired, generic.DeleteView):
+class ProjectResetView(ConditionalLoginRequired, SingleObjectMixin, FormView):
     model = Project
-    success_message = 'All data, except inputs, for the "{}" project have been removed.'
+    http_method_names = ["post"]
+    form_class = ProjectResetForm
+    success_url = reverse_lazy("project_list")
+    success_message = 'The project "{}" has been reset.'
 
     def form_valid(self, form):
         """Call the reset() method on the project."""
         project = self.get_object()
         try:
-            project.reset(keep_input=True)
+            project.reset(**form.get_action_kwargs())
         except RunInProgressError as error:
             messages.error(self.request, error)
-        else:
-            messages.success(self.request, self.success_message.format(project.name))
 
+        messages.success(self.request, self.success_message.format(project.name))
         return redirect(project)
 
 
@@ -1195,7 +1200,8 @@ class ProjectActionView(ConditionalLoginRequired, generic.ListView):
     model = Project
     allowed_actions = ["archive", "delete", "reset", "report", "download"]
     action_to_form_class = {
-        "archive": ArchiveProjectForm,
+        "archive": ProjectArchiveForm,
+        "reset": ProjectResetForm,
         "report": ProjectReportForm,
         "download": ProjectOutputDownloadForm,
     }
@@ -1222,7 +1228,7 @@ def post(self, request, *args, **kwargs):
         if action == "report":
             return self.xlsx_report_response(project_qs, action_form)
 
-        if action == "archive":
+        if action in ["archive", "reset"]:
             action_kwargs = action_form.get_action_kwargs()
 
         count = 0

From d9f50b1b30b59916ed484460d9f60feebd14750b Mon Sep 17 00:00:00 2001
From: tdruez <tdruez@nexb.com>
Date: Mon, 27 Jan 2025 14:23:48 +0900
Subject: [PATCH 18/18] Add CHANGELOG entry #1568

Signed-off-by: tdruez <tdruez@nexb.com>
---
 CHANGELOG.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index c339ee8eb..1df280d1e 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -7,6 +7,10 @@ v34.9.5 (unreleased)
 - Add support for the XLSX report in REST API.
   https://github.com/aboutcode-org/scancode.io/issues/1524
 
+- Add options to the Project reset action.
+  Also, the Project labels are kept during reset.
+  https://github.com/aboutcode-org/scancode.io/issues/1568
+
 v34.9.4 (2025-01-21)
 --------------------