heliocastro · heliocastro · Feb 20, 2026 · Feb 19, 2026 · Copilot · Feb 20, 2026
diff --git a/src/ort/__init__.py b/src/ort/__init__.py
@@ -2,9 +2,9 @@
 #
 # SPDX-License-Identifier: MIT
 
-from ort.models.analyzer_result import AnalyzerResult
-from ort.models.ort_result import OrtResult
-from ort.models.repository_configuration import RepositoryConfiguration
+from .models.analyzer_result import AnalyzerResult
+from .models.config.repository_configuration import RepositoryConfiguration
+from .models.ort_result import OrtResult
 
 __all__ = [
     "AnalyzerResult",

diff --git a/src/ort/models/__init__.py b/src/ort/models/__init__.py
@@ -6,6 +6,13 @@
 from .advisor_run import AdvisorRun
 from .analyzer_result import AnalyzerResult
 from .analyzer_run import AnalyzerRun
+from .config.excludes import Excludes
+from .config.includes import Includes
+from .config.path_exclude import PathExclude
+from .config.path_exclude_reason import PathExcludeReason
+from .config.path_include import PathInclude
+from .config.path_include_reason import PathIncludeReason
+from .config.repository_configuration import RepositoryConfiguration
 from .dependency_graph import DependencyGraph
 from .dependency_graph_edge import DependencyGraphEdge
 from .dependency_graph_node import DependencyGraphNode
@@ -23,7 +30,6 @@
 from .project import Project
 from .remote_artifact import RemoteArtifact
 from .repository import Repository
-from .repository_configuration import RepositoryConfiguration
 from .root_dependency_index import RootDependencyIndex
 from .scope import Scope
 from .source_code_origin import SourceCodeOrigin
@@ -44,13 +50,19 @@
     "Hash",
     "HashAlgorithm",
     "Identifier",
+    "Includes",
+    "Excludes",
     "Issue",
     "OrtResult",
     "Package",
     "PackageCuration",
     "PackageCurationData",
     "PackageLinkage",
     "PackageReference",
+    "PathExcludeReason",
+    "PathIncludeReason",
+    "PathExclude",
+    "PathInclude",
     "Project",
     "RemoteArtifact",
     "Repository",

diff --git a/src/ort/models/config/excludes.py b/src/ort/models/config/excludes.py
@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .path_exclude import PathExclude
+from .scope_exclude import ScopeExclude
+
+
+class Excludes(BaseModel):
+    """
+    Defines which parts of a repository should be excluded.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    paths: list[PathExclude] = Field(
+        default_factory=list,
+        description="Path excludes.",
+    )
+
+    scopes: list[ScopeExclude] = Field(
+        default_factory=list,
+        description="Scopes that will be excluded from all projects.",
+    )
diff --git a/src/ort/models/config/includes.py b/src/ort/models/config/includes.py
@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .path_include import PathInclude
+
+
+class Includes(BaseModel):
+    """
+    Defines which parts of a repository should be excluded.
-    Defines which parts of a repository should be excluded.
+    Defines which parts of a repository should be included.
-    Defines which parts of a repository should be excluded.
+    Defines which parts of a repository should be included.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    paths: list[PathInclude] = Field(
+        default_factory=list,
+        description="Path includes.",
+    )
diff --git a/src/ort/models/config/issue_resolution.py b/src/ort/models/config/issue_resolution.py
@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .issue_resolution_reason import IssueResolutionReason
+
+
+class IssueResolution(BaseModel):
+    """
+    Defines the resolution of an [Issue]. This can be used to silence false positives, or issues that have been
+    identified as not being relevant.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    message: str = Field(
+        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message"
-        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message"
+        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message "
-        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message"
+        description="A regular expression string to match the messages of issues to resolve. Whitespace in the message "
+        "will be [collapsed][collapseWhitespace] and it will be converted to a [Regex] using"
+        "[RegexOption.DOT_MATCHES_ALL].",
+    )
+
+    reason: IssueResolutionReason = Field(
+        description="The reason why the issue is resolved.",
+    )
+
+    comment: str = Field(
+        description="A comment to further explain why the [reason] is applicable here.",
+    )
diff --git a/src/ort/models/config/issue_resolution_reason.py b/src/ort/models/config/issue_resolution_reason.py
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import IntEnum
+
+
+class IssueResolutionReason(IntEnum):
+    """
+    Possible reasons for resolving an Issue using an IssueResolution.
+
+    properties:
+        BUILD_TOOL_ISSUE:
+            The issue originates from the build tool used by the project.
+        CANT_FIX_ISSUE:
+            The issue can not be fixed.
+            For example, it requires a change to be made by a third party that is not responsive.
+        SCANNER_ISSUE:
+            The issue is due to an irrelevant scanner issue.
+            For example, a time out on a large file that is not distributed.
+    """
+
+    BUILD_TOOL_ISSUE = 1
+    CANT_FIX_ISSUE = 2
+    SCANNER_ISSUE = 3
diff --git a/src/ort/models/config/license_choice.py b/src/ort/models/config/license_choice.py
@@ -0,0 +1,45 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de     Castro <heliocastro@gmail.com>
-# SPDX-FileCopyrightText: 2026 Helio Chissini de     Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
-# SPDX-FileCopyrightText: 2026 Helio Chissini de     Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+from pydantic import BaseModel, ConfigDict, Field
+
+from ...utils.spdx.spdx_license_choice import SpdxLicenseChoice
+from ..identifier import Identifier
+
+
+class PackageLicenseChoice(BaseModel):
+    """
+    SpdxLicenseChoice]s defined for an artifact.
-    SpdxLicenseChoice]s defined for an artifact.
+    [SpdxLicenseChoice]s defined for an artifact.
-    SpdxLicenseChoice]s defined for an artifact.
+    [SpdxLicenseChoice]s defined for an artifact.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    package_id: Identifier = Field(
+        ...,
+        description="Package ID",
+    )
+    license_choice: list[SpdxLicenseChoice] = Field(
+        default_factory=list,
+        description="List of spdx license",
+    )
+
+
+class LicenseChoice(BaseModel):
+    """
+    [SpdxLicenseChoice]s that are applied to all packages in the repository. As the [SpdxLicenseChoice] is applied to
+    each package that offers this license as a choice, [SpdxLicenseChoice.given] can not be null. This helps only
+    applying the choice to a wanted [SpdxLicenseChoice.given] as opposed to all licenses with that choice, which
+    could lead to unwanted applied choices.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    repository_license_choices: list[SpdxLicenseChoice] = Field(
+        default_factory=list,
+        description="SPDX",
+    )
+    package_license_choice: list[PackageLicenseChoice] = Field(
+        default_factory=list,
+        description="Package",
-        description="Package",
+        description="Package-specific SPDX license choices for individual packages.",
-        description="Package",
+        description="Package-specific SPDX license choices for individual packages.",
+    )
diff --git a/src/ort/models/config/path_exclude.py b/src/ort/models/config/path_exclude.py
@@ -1,10 +1,12 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
 # SPDX-License-Identifier: MIT
 
 
-from pydantic import BaseModel, ConfigDict, Field
+from pydantic import BaseModel, ConfigDict, Field, field_validator
 
-from ort.models.config.path_exclude_reason import PathExcludeReason
+from ort.utils import convert_enum
+
+from .path_exclude_reason import PathExcludeReason
 
 
 class PathExclude(BaseModel):
@@ -30,3 +32,8 @@ class PathExclude(BaseModel):
         default_factory=str,
         description="A comment to further explain why the [reason] is applicable here.",
     )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(PathExcludeReason, value)
diff --git a/src/ort/models/config/path_exclude_reason.py b/src/ort/models/config/path_exclude_reason.py
@@ -1,73 +1,47 @@
 # SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
 # SPDX-License-Identifier: MIT
 
-from enum import Enum, auto
+from enum import IntEnum
 
 
-class PathExcludeReason(Enum):
+class PathExcludeReason(IntEnum):
     """
     Possible reasons for excluding a path.
-    Attributes
+
+    Attributes:
         BUILD_TOOL_OF
             The path only contains tools used for building source code which are not included in
             distributed build artifacts.
-
         DATA_FILE_OF
             The path only contains data files such as fonts or images which are not included in
             distributed build artifacts.
-
         DOCUMENTATION_OF
             The path only contains documentation which is not included in distributed build artifacts.
-
         EXAMPLE_OF
             The path only contains source code examples which are not included in distributed build
             artifacts.
-
         OPTIONAL_COMPONENT_OF
             The path only contains optional components for the code that is built which are not included
             in distributed build artifacts.
-
         OTHER
             Any other reason which cannot be represented by any other element of PathExcludeReason.
-
         PROVIDED_BY
             The path only contains packages or sources for packages that have to be provided by the user
             of distributed build artifacts.
-
         TEST_OF
             The path only contains files used for testing source code which are not included in
             distributed build artifacts.
-
         TEST_TOOL_OF
             The path only contains tools used for testing source code which are not included in
             distributed build artifacts.
     """
 
-    # The path only contains tools used for building source code which are not included in distributed build artifacts.
-    BUILD_TOOL_OF = auto()
-
-    # The path only contains data files such as fonts or images which are not included in distributed build artifacts.
-    DATA_FILE_OF = auto()
-
-    # The path only contains documentation which is not included in distributed build artifacts.
-    DOCUMENTATION_OF = auto()
-
-    # The path only contains source code examples which are not included in distributed build artifacts.
-    EXAMPLE_OF = auto()
-
-    # The path only contains optional components for the code that is built which are not included
-    # in distributed build artifacts.
-    OPTIONAL_COMPONENT_OF = auto()
-
-    # Any other reason which cannot be represented by any other element of PathExcludeReason.
-    OTHER = auto()
-
-    # The path only contains packages or sources for packages that have to be provided by the user
-    # of distributed build artifacts.
-    PROVIDED_BY = auto()
-
-    # The path only contains files used for testing source code which are not included in distributed build artifacts.
-    TEST_OF = auto()
-
-    # The path only contains tools used for testing source code which are not included in distributed build artifacts.
-    TEST_TOOL_OF = auto()
+    BUILD_TOOL_OF = 1
+    DATA_FILE_OF = 2
+    DOCUMENTATION_OF = 3
+    EXAMPLE_OF = 4
+    OPTIONAL_COMPONENT_OF = 5
+    OTHER = 6
+    PROVIDED_BY = 7
+    TEST_OF = 8
+    TEST_TOOL_OF = 9
diff --git a/src/ort/models/config/path_include.py b/src/ort/models/config/path_include.py
@@ -0,0 +1,39 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
+
+from ort.utils import convert_enum
+
+from .path_include_reason import PathIncludeReason
+
+
+class PathInclude(BaseModel):
+    """
+    Defines paths which should be excluded. Each file or directory that is matched by the [glob][pattern] is marked as
+    excluded. If a project definition file is matched by the [pattern], the whole project is excluded. For details about
-    Defines paths which should be excluded. Each file or directory that is matched by the [glob][pattern] is marked as
-    excluded. If a project definition file is matched by the [pattern], the whole project is excluded. For details about
+    Defines paths which should be included. Each file or directory that is matched by the [glob][pattern] is marked as
+    included. If a project definition file is matched by the [pattern], the whole project is included. For details about
-    Defines paths which should be excluded. Each file or directory that is matched by the [glob][pattern] is marked as
-    excluded. If a project definition file is matched by the [pattern], the whole project is excluded. For details about
+    Defines paths which should be included. Each file or directory that is matched by the [glob][pattern] is marked as
+    included. If a project definition file is matched by the [pattern], the whole project is included. For details about
+    the glob syntax see the [FileMatcher] implementation.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    pattern: str = Field(
+        description="A glob to match the path of the project definition file, relative to the root of the repository."
+    )
+
+    reason: PathIncludeReason = Field(
+        description="The reason why the project is included, out of a predefined choice.",
+    )
+
+    comment: str = Field(
+        default_factory=str,
+        description="A comment to further explain why the [reason] is applicable here.",
+    )
+
+    @field_validator("reason", mode="before")
+    @classmethod
+    def validate_reason(cls, value):
+        return convert_enum(PathIncludeReason, value)
diff --git a/src/ort/models/config/path_include_reason.py b/src/ort/models/config/path_include_reason.py
@@ -1,2 +1,19 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
 # SPDX-License-Identifier: MIT
+
+from enum import IntEnum
+
+
+class PathIncludeReason(IntEnum):
+    """
+    Possible reasons for including a path.
+
+    Attributes:
+        SOURCE_OF
+            The path contains source code used to build distributed build artifacts.
+        OTHER
+            A fallback reason for the [PathIncludeReason] when none of the other reasons apply.
+    """
+
+    SOURCE_OF = 1
+    OTHER = 2