Dear ONAP Community, With Ernest Borowski (Samsung, cc'd) we have deployed (long awaited) public instance of scancode.io: https://scancode.onap.eu
To interact with it via Web UI or API (which allows you to do more) you can login with your GitHub account using SSO. First - lets create a scan via Web UI of an image that is on nexus: 1. Click Add Project or go to https://scancode.onap.eu/project/add/ 2. Fill the form: - Provide a name for the project- to keep it readable please use full docker url, including version, e.g. `nexus3.onap.org:10001/onap/babel:1.9.2` - In Download URLs, you can use docker url prepended with "docker://" schema, e.g. `docker://nexus3.onap.org:10001/onap/babel:1.9.2` - Choose Docker pipeline - Wait for website to refresh -- be aware that it may take a while It is also possible to scan unreleased images by providing image tarball (e.g. from docker save). Please use the name of the docker you're building and append to version tag (e.g. nexus3.onap.org:10001/onap/babel:1.9.3-testing0) You can see the Web UI here: https://imgur.com/a/3EGeajI To use scancode.onap.eu via it's API you first need to log in via Web UI. Go to https://scancode.onap.eu/accounts/profile/ and copy your API token. API is documented but there is no discoverability (AFAIK): see Extra Actions buttons on pages below: https://scancode.onap.eu/api/projects/ https://scancode.onap.eu/api/projects/%7Buuid%7D/ For example to get results for a scan of nexus3.onap.org:10001/onap/integration-python:9.1.0 you can curl like so: curl -L -X GET https://scancode.onap.eu/api/project/03143a0b-ddcd-4777-80cb-1a2fcbb91bd3/results -H 'Authorization: Token <your-api-token>' We will currently focus our efforts on fixing Alpine package licenses in upstream, as this is something a lot bigger community will benefit from, thus getting to integrating this instance with ONAP Docker builds might take a bit longer for us and if anyone is already familiar with the ONAP Jenkins would like to step in We would greatly appreciate it. If not- the integration will surely come, but we are unable to make any promises on when. Best Regards Alexander Mazuruk Ernest Borowski -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23837): https://lists.onap.org/g/onap-discuss/message/23837 Mute This Topic: https://lists.onap.org/mt/89189791/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
