scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard

Published 20 hours ago verified publisher icon aboutcode-org

RFC: Design improved integration between DejaCode and ScanCode.io

Open pombredanne opened this issue 1 year ago • 2 comments

There are a few things we need to improve in the integration between ScanCode.io and DejaCode:

  • [ ] ScanCode.io should be able to be pull curated package data from DejaCode, as a preference over the PurlDB package facts. Overall, the matching would be based on PurlDB fingerprints and the base facts would be sourced from the PurlDB and DejaCode curated data would be overlaid on top.

    • [ ] ScanCode.io pulling curated data could be through API lookup (or through ABOUT files TBD) for instance all the curated ABOUT files of a product.
    • [ ] ScanCode.io should be able to pull the product-specific package curations from DejaCode or the dataspace-wide curations.

  • [ ] DejaCode should be able to run specific pipelines in a backing ScanCode.io for a specific product (today the pipeline choice is fixed)

pombredanne avatar Jan 31 '24 18:01 pombredanne

@DennisClark ping ... there are likely other levels of integrations to consider.

pombredanne avatar Jan 31 '24 18:01 pombredanne

Additional ideas to improve the integration between ScanCode.io and DejaCode:

  • [ ] A ScanCode.io user should be able to annotate scan results and save them as ABOUT files. Cases include:

    • [ ] Conclusion (assertion) of a specific license choice at any level of the project
    • [ ] Assertion of the deployed/not-deployed state of a specific subset of the project

  • [ ] A DejaCode user should be able to import the ABOUT files created from a ScanCode.io project and respond appropriately to various conclusions/assertions.

DennisClark avatar Jan 31 '24 19:01 DennisClark