scancode.io
scancode.io copied to clipboard
nexB
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabas...
The aim of this PR is to create a working app inside this Django project to detect licenses from the provided input text and summarize the results for the end...
Using https://files.pythonhosted.org/packages/ce/21/41a0028f6d610987c0839250357c1a00f351790b8a448c2eb323caa719ac/celery-5.2.7.tar.gz as input. With the `scan_codebase` and `root_filesystems` pipelines, 88 dependencies are created. When using the `scan_package` pipelines, no dependencies are created. Note that the "Datafile resource" `requires.txt` and...
While the "License clarity" and "Scan summary" data looks great when using source distributions, the quality of the results when using wheel as inputs could be improved. For example with...
Can `scancode.io's` font awesome icons version be upgraded to `v6`? #### Reason * A lot of icons are supported and can be used to replace `tags` in the project.
- [x] Add ability to sort columns - [x] Add missing page title - [ ] Display available filter in list views
When we display a package manifest or lockfile in the resource details, we should have a way to add a hyperlink to the upstream repository web page for this repo:...
We have some major gaps in Package Detection where Resources are not associated with a Package or a Package is not detected. The task here is to run SCIO Scans...
In #485, we have an issue where we get two DiscoveredPackages for the same package when we scan a pypi wheel using the `scan_codebase` pipeline. This is happening because we...
SCIO: Design how to report file-level Package data that are not part of a top-level Package instance
When we have left over package data that are not "assembled" in a top level package, we will need to design how these are presented to user.
Running the latest version of the tip of the main branch still reports a tag that's 6 months old. It would be useful to have something that reflects the git...