dejacode icon indicating copy to clipboard operation
dejacode copied to clipboard
verified publisher icon aboutcode-org

Enhancement request: API access to ScanCode.io scan results for a package

Open rogu-beta opened this issue 9 months ago • 1 comments

Is your enhancement request related to a problem? Please describe. It is currently not possible to access the scan results through DejaCode's API both because there is no API endpoint and also not directly through ScanCode.io as the ID of the project in ScanCode.io is not known. Instead one has to scrape the webpage to get to the download link

What are the benefits of the requested enhancement? Direct access to download the scan results ZIP file, if it exists. This can be used for further processing outside of DejaCode in CI pipeline integrations. We would need access to the key files identified therein as well as additional context information like the VCS URL from the package metadata. The information would be used to extract the original license texts to prepare the release package of our own software, which will have to contain the license files. Furthermore, additional information would be included in the documentation, for instance if we can determine the location of the license file in the VCS repository, then it would be linked there.

Describe the solution you would like In order of preference:

  1. API endpoint for directly downloading the ScanCode.io scan results for a package (either as ZIP or directly the JSON response)
  2. Include UUID for ScanCode.io project in the response of /api/v2/packages/, so that access is possible by querying ScanCode.io on our own

It would also be great to have a way to check if there is a scan scheduled or running but has not completed yet. If an API for access scan data exists we want to make sure that we know whether we are not getting scan data because it has not be scanned at all or if the scan has just not finished yet.

Additional notes n.a.

rogu-beta avatar Mar 03 '25 08:03 rogu-beta

This makes sense.

pombredanne avatar Mar 03 '25 12:03 pombredanne

@ghsa-retrieval PR https://github.com/aboutcode-org/dejacode/pull/316 was just merged, it introduces 4 new API actions that should cover your needs.

  • /packages/{uuid}/scan_info/ Scan information including the current status.
  • /packages/{uuid}/scan_results/ Scan results.
  • /packages/{uuid}/scan_summary/ Scan summary.
  • /packages/{uuid}/scan_data_download_zip/ Download all scan data: results and summary, as a zip file.

tdruez avatar Jun 04 '25 13:06 tdruez

@tdruez Thank you very much that sounds great. I should be able to replace my approach that uses beautifulsoup4 to parse the website now and use the proper API.

rogu-beta avatar Jun 04 '25 14:06 rogu-beta

Closing. Feel free to re-open if any adjustements is needed.

tdruez avatar Jun 05 '25 13:06 tdruez