vulnerablecode
vulnerablecode copied to clipboard
nexB
Add license_url for GitHub Importer
https://github.com/github/advisory-database/blob/main/LICENSE.md use this as license url
hi , i want to work on this issue. could you please tell how to proceed?
@iks1 Have a look at docs and just edit/add license_url, spdx_license_expression in importers/github.py https://vulnerablecode.readthedocs.io/en/latest/tutorial_add_new_importer.html#specify-the-importer-license
Hi @ziadhany I have gone through the documentation but it is not clear to me that where the 'license_url' actually resides and where to put it. If you can guide me a bit more that would be really helpful. Thank you.
@Akash-Kumar-Sen let's take a gitlab importer for example https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/gitlab.py. We go to the repository ( data source ) https://gitlab.com/gitlab-org/advisories-community/-/tree/main and search for a LICENSE and add license_url , then we find the spdx_license_expression using https://spdx.org/licenses/
spdx_license_expression = "MIT"
license_url = "https://gitlab.com/gitlab-org/advisories-community/-/blob/main/LICENSE"
@ziadhany so I have to do what you've just mentioned for the file https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/github.py instead of https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/gitlab.py?
@Akash-Kumar-Sen So you need to go to github importer https://github.com/nexB/vulnerablecode/blob/main/vulnerabilities/importers/github.py . add this in line 165.
license_url = "https://github.com/github/advisory-database/blob/main/LICENSE.md"
@ziadhany thank you for your help, I am new to the world of open source, your help can be a milestone in my career.
This is still open despite pull request https://github.com/nexB/vulnerablecode/pull/845. If @Akash-Kumar-Sen is not working on this right now, I can open a new pull request.
