scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard
verified publisher icon aboutcode-org

Better handle VCS checkouts and clones in a Docker image

Open pombredanne opened this issue 4 years ago • 2 comments

Somehow we do not ignore .git directories in the docker pipeline That both good and bad:

  1. there is some (small) value to know we have a git checkout and that could be important origin clues
  2. these are generally ignored by scancode-toolkit with https://github.com/nexB/commoncode/blob/main/src/commoncode/ignore.py

In the current way, this ends up being noise.

pombredanne avatar Jul 16 '21 07:07 pombredanne

Eventually we should have a better way to deal in general with ignore and "uninteresting" or "junk" files

pombredanne avatar Jul 16 '21 08:07 pombredanne

This can be solved by having a .dockerignore file. I adopted this approach in vulnerablecode at https://github.com/nexB/vulnerablecode/pull/497/commits/743a6aa273553300d45c9ea8724aa12afa55d7f8

Hritik14 avatar Jul 19 '21 15:07 Hritik14