Allow to skip excluded paths (and scopes) during analysis

[sschuberth]

In ORT's semantics "excluded" entities will still get analyzed / scanned by default, but the results from these show up marked as "excluded" in the reports.

This is a problem if you need to really skip e.g. a path from analysis, for example because that path contains an Android or NuGet project that cannot be properly analyzed.

The scanner (and also the advisor) already have a --skip-excluded CLI option. The proposal is to introduce --skip-excluded also to the analyzer, so that

1. excluded paths are not searched for definition files,
2. excluded scopes are either skipped during analysis or filtered out from the result afterwards.

That way, problematic / large projects that are also irrelevant compliance-wise in the specific project-context can be skipped and completely omitted from the results.

[sschuberth]

Fun fact, we had a --remove-excludes-from-results analyzer option once, but it was removed in favor of rendering excluded stuff differently in the reports.

[hanna-modica]

Hi @sschuberth, that is indeed interesting. And also the comment from @mnonnenmacher states, that it will be reimplemented later. So it was always planned to have this feature back, I guess? I would really appreciate it :)

[nnobelis]

Another use case that could motivate this issue:

We have a Conan project with the following issue:

Multiple  projects with the same id 'Conan:::' found. Not adding the project  defined in  'https://github.com/XXX.git/tests/conanfile.py'  to the analyzer results as it duplicates the project defined in  'https://github.com/XXX.git/conanfile.py'.

In our case, all the Conan files in /tests are excluded in .ort.yml. Therefore this issue is not really one because the Conan files in the /tests directory should not be analyzed at all !
By fixing current ORT issue, we would get rid of this issue.