Enhancement request: API access to ScanCode.io scan results for a package

[ghsa-retrieval]

Is your enhancement request related to a problem? Please describe.
It is currently not possible to access the scan results through DejaCode's API both because there is no API endpoint and also not directly through ScanCode.io as the ID of the project in ScanCode.io is not known. Instead one has to scrape the webpage to get to the download link

What are the benefits of the requested enhancement?
Direct access to download the scan results ZIP file, if it exists. This can be used for further processing outside of DejaCode in CI pipeline integrations. We would need access to the key files identified therein as well as additional context information like the VCS URL from the package metadata. The information would be used to extract the original license texts to prepare the release package of our own software, which will have to contain the license files. Furthermore, additional information would be included in the documentation, for instance if we can determine the location of the license file in the VCS repository, then it would be linked there.

Describe the solution you would like
In order of preference:

1. API endpoint for directly downloading the ScanCode.io scan results for a package (either as ZIP or directly the JSON response)
2. Include UUID for ScanCode.io project in the response of /api/v2/packages/, so that access is possible by querying ScanCode.io on our own

It would also be great to have a way to check if there is a scan scheduled or running but has not completed yet. If an API for access scan data exists we want to make sure that we know whether we are not getting scan data because it has not be scanned at all or if the scan has just not finished yet.

Additional notes
n.a.

[pombredanne]

This makes sense.