Re: What is the best tool to scan the code?
3) license analysis You can try fossology, it is an open source project under linux foundation
Re: What is the best tool to scan the code?
Hi, 1. ossindex from sonatype covers a lot 2. not sure what you means, findbugs or more checkstyle/pmd? 3. rat plugin for example (see apache creadur tools too, there are license tools). Also note that with the initial dep review + review of the license each time a new dep is added in standard asf review flow you rarely need to scan them actually. 4. you can also check binary only contains your code + deps so no need to rescan in such a case. Blackduck is good but does not scale well for huge projects (> 60 modules) and is not free, sourceclear is also a not that bad alternative but is not free too I think. My 2cts being that the previous setup works well for asf projects, stays free and integrated to the build (compared to blackduck or sourceclear which are using two steps/async process as solutions). Hope it helps Le mer. 4 sept. 2019 à 23:13, Xun Hu a écrit : > We would like to scan our code to: > 1) dependency analysis > 2) snippet matching > 3) license analysis > 4) binary analysis - optional > > We found one paid solution - black duck, not sure there is any open source > solution on the market. > > Thanks, > -xun > > -Original Message- > From: Justin Mclean > Sent: Wednesday, September 4, 2019 1:59 PM > To: general@incubator.apache.org > Subject: Re: What is the best tool to scan the code? > > HI, > > > We have one open source project, and I would like to find a tool to scan > the code before we open it. > > Sorry but it unclear to me, what you what to scan the code for. > > Thanks, > Justin > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > > - > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > >
Re: What is the best tool to scan the code?
HI, > We would like to scan our code to: > 1) dependency analysis Most build tools can do this. > 2) snippet matching I don’t know of any open source project that does this, but that not to say ones doesn’t exist. > 3) license analysis Apache Rat is a simple tool that can help with this, if you want something more detailed try Fossology. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
RE: What is the best tool to scan the code?
We would like to scan our code to: 1) dependency analysis 2) snippet matching 3) license analysis 4) binary analysis - optional We found one paid solution - black duck, not sure there is any open source solution on the market. Thanks, -xun -Original Message- From: Justin Mclean Sent: Wednesday, September 4, 2019 1:59 PM To: general@incubator.apache.org Subject: Re: What is the best tool to scan the code? HI, > We have one open source project, and I would like to find a tool to scan the > code before we open it. Sorry but it unclear to me, what you what to scan the code for. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
Re: What is the best tool to scan the code?
HI, > We have one open source project, and I would like to find a tool to scan the > code before we open it. Sorry but it unclear to me, what you what to scan the code for. Thanks, Justin - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
What is the best tool to scan the code?
Hi, all, We have one open source project, and I would like to find a tool to scan the code before we open it. What is the best tool you can recommend to us? Best, -xun - To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org