ort icon indicating copy to clipboard operation
ort copied to clipboard

Published 20 hours ago verified publisher icon oss-review-toolkit

Support Black Duck Hub as a snippet scanner

Open porsche-rishisaxena opened this issue 3 years ago • 6 comments

As ORT is an orchestrator, it should allow to configure BlackDuck as scanner where code snippet can be scanned and result can be stored in ORT backend storage i.e. PostgreSQL

High Level Consideration

  1. Analyzer-result.yml generated by running analyzer
  2. API call request to BlackDuck transforming .yml meta-data to .json format
  3. API response from BlackDuck in .json format
  4. scan-result from black-duck stored in ORT backend storage i.e., PostgreSQL
  5. scan-result is fed into ORT evaluate to report for generating various output formats such as Web App, and JSON.

porsche-rishisaxena avatar Oct 28 '21 07:10 porsche-rishisaxena

Also see #3265 and #2819, FYI.

sschuberth avatar Nov 18 '21 09:11 sschuberth

Maybe also @JeroenKnoops's BlackDuck GitHub Action is of interest in this context.

sschuberth avatar Dec 12 '21 08:12 sschuberth

@porsche-rishisaxena Can you update this issue to make clear whether BlackDuck means Protex or Hub?

tsteenbe avatar Jul 06 '22 11:07 tsteenbe

Clarified in ORT developer meeting of July 7th, 2022 - it's Black Duck Hub not the legacy Black Duck Protex IP

tsteenbe avatar Jul 07 '22 08:07 tsteenbe

Hello,

We are in the process of designing a common abstraction to represent the snippets in the ORT model. This abstraction will be submitted to the ORT community. Our plan is to support FossID and SCANOSS but we would like, if possible, to support also Blackduck.

Could someone provide a sample response of Blackduck (ideally on the Semver4j project), so we can have a look at their data model for snippets ?

nnobelis avatar Mar 24 '23 08:03 nnobelis

@nnobelis What kind of format do you require? The SPDX output?

JeroenKnoops avatar Mar 26 '23 19:03 JeroenKnoops