scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard

Published 20 hours ago verified publisher icon aboutcode-org

Diagnose issues with Resources not associated with a Package

Open mjherzog opened this issue 2 years ago • 3 comments

We have some major gaps in Package Detection where Resources are not associated with a Package or a Package is not detected. The task here is to run SCIO Scans on a selection of popular public Docker images to identity a representative sample of the Package detection gaps. A suggested list is:

  • grafana/grafana:7.2.0
  • influxdb:1.8.10
  • logstash:7.17.1
  • nginx:1.21.6-alpine
  • postgres:11.15-bullseye
  • python:3.7-slim-bullseye
  • rabbitmq:3.9.13-management

mjherzog avatar Jun 11 '22 18:06 mjherzog

The latest SCTK 31.xx is designed to solve these issues. These images will be an excellent test suite . We should just wait a couple days before starting this to ensure this is tested with a branch that has the latest SCTK with its advanced package files handling capabilities.

pombredanne avatar Jun 13 '22 14:06 pombredanne

Some of the missing resources are caused by this issue: https://github.com/nexB/extractcode/issues/41

A fix would be to have an option in the commoncode function where we do the portable filename conversion to allow colons in file names.

JonoYang avatar Jun 13 '22 20:06 JonoYang

@JonoYang Is this one ready to be closed since https://github.com/nexB/scancode.io/pull/485 is merged?

tdruez avatar Aug 25 '22 08:08 tdruez

@tdruez This looks to be fixed in the current version of scancode.io lists file with : in the filename as Package Resources: image

JonoYang avatar Jul 10 '23 21:07 JonoYang