scancode.io
scancode.io copied to clipboard
aboutcode-org
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
We need to decide on consistent labels to use in our Docker images across all the projects. Same issue exists in VulnerableCode: https://github.com/nexB/vulnerablecode/issues/513 ScancodeIO could serve as a light to...
There are a few ways we deal with archives both at the pipeline input level and inside pipelines and many style of archives. We should review and ensure we are...
Being able to scan efficiently a given package type such as a Maven or PyPI and handle the specifics: - scanning possibly both binaries and sources - aggregating results since...
A `VIRTUALENV_DIR` or a hard coded `venv` directly could be used to store virtualenv files rather than dumping them in the project directory. This would avoid lines like https://github.com/nexB/scancode.io/blob/1285a9a5cbc8b582bb94ae877241b011856789c2/Makefile#L84-L85 Also,...
Somehow we do not ignore .git directories in the docker pipeline That both good and bad: 1. there is some (small) value to know we have a git checkout and...
The [documentation](https://github.com/nexB/scancode.io/blob/main/docs/run-docker.rst#run-the-image) asks to populate `ALLOWED_HOSTS` in `.env` during the _Run_ phase. This will have no effect inside the docker container. `ALLOWED_HOSTS` should be either 1) Placed before building the...
When I browse resources the browser URL looks like http://localhost:8080/project/6befcc5c-7ee5-4812-ab6d-a6c8070c3207/resources/390058/ It would be nice and useful if I could see (and possibly use and change) the actual path of the...
Isn't it a standard linux convention to have local configs take precedence over ones in /etc ? https://github.com/nexB/scancode.io/blob/a249402fbbdebd84e0f298d15cb4c3702bf41e63/scancodeio/settings/base.py#L33-L35 appears to do it in reverse This could cause problems in multiple...
An image contains package-like data such as these, and we should create a Discovered Package record from these: ``` labels: org.label-schema.url: https://www.elastic.co/products/elasticsearch org.label-schema.name: Elasticsearch org.label-schema.usage: https://www.elastic.co/guide/en/elasticsearch/reference/index.html org.label-schema.vendor: Elastic org.label-schema.license: Apache-2.0...
When scanning with `docker` pipeline the `docker://centos:8` image, there are some files found not to be in a package which is a likely bug. Some should be ignored per #212...
Metadata
Owner
Metadata
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...