scancode.io
scancode.io copied to clipboard
aboutcode-org
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
Current workflow: 1. Specify project name to be a duplicate of another project 2. Select a large image 3. Select pipeline, etc. 4. Click create 5. Wait a long time...
The doc recommends using Docker for installation, but all the CLI examples assume that the runs are not done with a Docker installation. 1. we should separate non-Docker, debug and...
Current sizes: - Uncompressed: `scancodeio-images-v30.0.1.tar` - 5.15 GB - Compressed: `scancodeio-images-v30.0.1.tar.gz` - 1.76 GB Some ideas at https://testdriven.io/blog/docker-best-practices/ and https://testdriven.io/blog/dockerizing-django-with-postgres-gunicorn-and-nginx/
``` $ docker-compose build db uses an image, skipping redis uses an image, skipping nginx uses an image, skipping Building web Sending build context to Docker daemon 1.731GB Step 1/8...
See also #78 Given a lockfile as an input the goal is to have a pipeline that fetches and scans all the referenced packages
From https://github.com/nexB/scancode.io/issues/338#issuecomment-941006058 We could have a way to resolve errors with a new "resolution" field that would store a resolution note when the error is resolved. For instance this kind...
Those Project issues are not particularly useful and there's often too much of those. It has the bad effect of hiding more important errors that happened during pipeline runs. @pombredanne...
Some steps doing heavy lifting (such as file-level license or copyright detection) can take a good amount of time and it can be frustrating not to have much more feedback...
DiscoveredPackage already has a uuid field but it's not the pk CodebaseResource has only a id
Fixes: #191 Depends on: https://github.com/nexB/fetchcode/pull/54, https://github.com/nexB/fetchcode/pull/56, https://github.com/nexB/scancode-toolkit/pull/2598 When developing I ran into some issues that I couldn't fix on my own so I've decided to list them here and mark...
Metadata
Owner
Metadata
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...