scancode.io
scancode.io copied to clipboard
aboutcode-org
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
On the project details page, I would like an improved presentation of the "Resources detected license expressions" section: - Rename this to something shorter like "Top Detected licenses in files"...
I think that a possible reason is that all project details and counts are recomputed ... Mya be some caching would help?
We need to be able to store TODO/review items (may be the same way we can store compliance alerts?) The toolkit side has this for a start https://github.com/nexB/scancode-toolkit/issues/3122 This is...
When a project message is related to a resource path or package, I want to link to these. - If there is a path, I would like to have a...
In the D2D pipeline, when we match a Resource or Directory against purldb, we return all packages that match to the Resource or Directory. This process should be improved upon,...
It would be nice to get the LAYERS sheet in the XLSX output for a Docker scan added to the SCIO database with a load_inventory pipeline.
When we have a single path mapped this is a weak mapping. We will need to further classify each To-From relationship quality. A relationship could be further analyzed based: -...
When working with a large number of Scan projects it is painful to navigate on the Projects screen because the only page navigation is at the bottom. It would be...
In all the following pipelines: * rootfs * docker * docker-windows * scan_codebase when we scan files for license, copyright and others, we are [skipping the scan](https://github.com/nexB/scancode.io/blob/main/scanpipe/pipes/scancode.py#L360) for codebase resources...
We should be able to: - [ ] Resolve locked npm dependencies from yarn and npm lockfiles - [ ] Generate lockfiles for npm and yarn if they are missing...
Metadata
Owner
Metadata
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...