scancode.io
scancode.io copied to clipboard
aboutcode-org
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
I would like to analyze roughly 1000 source and binary packages with d2d pipeline to evaluate how it performs. Some packages to consider could include xz-utils/liblzma, Apache httrace, and a...
This feature includes creating a Python library to effectively find the binary’s corresponding source code Git repositories and commits for a package version, and integrating this in the PurlDB. This...
We need to define the scoring elements (criteria), and their weighting factors, to evaluate the quality of scan results, working name "SCA Clarity", roughly equivalent to our scoring elements for...
I used SCIO to load 3 CDX 1.4 XML SBOMs and the loads did not include any dependency. There was no related processing error from the pipeline. I have not...
This includes updating the scanning architecture of PurlDB to accommodate multiple ScanCode.io worker systems (whole machines) and expose a queue API where ScanCode.io instances can pick a scanning job to...
`send_scan_project_results` in `purldb-scan-queue-worker` isn't able to properly send the large scan results. This issue fixed the critical problems: - https://github.com/nexB/purldb/issues/362 And we can still improve this, using some of these...
It would be useful to treat each layer in a docker images as a package of its own. Why? They are a thing that can be fetched individually and even...
The current timeout of 5 seconds is insufficient for fetching archives like https://www.busybox.net/downloads/busybox-1.01.tar.bz2, https://www.uclibc.org/downloads/uClibc-0.9.30.tar.gz since these websites are bit slow in their response.
Following https://github.com/nexB/scancode.io/pull/1078, the following log output is now printed to the console. ``` test_scanpipe_management_command_mixin_create_project_pipelines (scanpipe.tests.test_commands.ScanPipeManagementCommandMixinTest) ... ok Project my_project created with work directory /tmp/tmp4piju9ta/projects/my_project-65651b5e Project my_project created with work directory...
This PR add a new service in the `docker-compose.yml` files to run the `purldb-scan-queue-worker` command.
Metadata
Owner
Metadata
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...