scancode.io
scancode.io copied to clipboard
aboutcode-org
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
This is related to #323 but could be extended to other resources It would be good to reuse scans of stuff that has been already scanned. This needs some discussion...
When I create a project I would like to add some descriptive notes stored with the project and I could not find a way to do that
To support handling of nested archives inside a scanned codebase we have possible ways: 1. extract everything upfront recursively at full depth 2. extract on demand when there is a...
A recent scan (using ScanCode.io) of vscode-1.33.1.tar.gz (from https://github.com/microsoft/vscode/archive/1.33.1.tar.gz ) resulted in the assignment of invalid Download URL's to detected packages. An example is the detected package `clojure-1.0.0.tgz` which was...
Alpine packages lack some important info like copyrights or where the source code is located. This info can't be gathered from the packages themselves as its just not there. To...
ScanCode Toolkit identifies dependencies from package manifest files, but in most cases what you really want is the provenance data that can be retrieved from a package repository. The enhancement...
I'm developing a Python based package of Google Licenseclassifier for this year's edition of GSoC. Right now, I'm able to give the output of the scan as a JSON file...
https://github.com/forensicanalysis/artifacts was spun from GRR and contains interesting Windows-related pointers that we could reuse https://github.com/log2timeline/dfwinreg/tree/main/dfwinreg is another take (from Google's sec team members) on a registry parser based on https://github.com/libyal/libreg...
To facilitate finding CodebaseResources that belong to an application package, whenever [`scan_for_application_packages()`] encounters a Package manifest file, it should call `.get_package_root()` on the created Package and set all `Resources` found...
Using a virtualenv ensures that we know the exact packages of python versions made available to us. This is helps avoid surprise-ful behaviors. This also needs to be done in...
Metadata
Owner
Metadata
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...