Hello, thanks for reaching out to us. To your questions:
*) is source code leaking out from a fossology server? Answer: 1. Usually not , the fossology solution is entire self contained. You can run fossology entirely without access to the internet. The main point why you would need Internet access is about updating your OS and packages. 2. But please understand that despite the FOSSology server can run everything on its own database, it your responsibility to secure your server installation from being hacked. One first task would be to enable a connection using https. 3. How do Monk or Nomos work? The scan for license statements, not source code snippets. As such, all the database information required to identify licensing statements in your uploads / source code comes with the installation of the fossology. In fact all the information is put in a file on the dev side for convenience to add new licenses (ref. https://github.com/fossology/fossology/blob/master/install/db/licenseRef.json) 4. From the next version / latest master, FOSSology will be able, if you activate this, to query the software heritage REST API: fossology computes a SHA256 value and sends this to the Software Heritage API. You can test this functionality in 3.8.0-RC1 *) Regarding the export of files only: I think there is a featzre to limit SPDX reporting to only files where licenses have been found, which can be switched on in the Conf setion -> SPDX Report Settings -> Ignore files with no info in SPDX … when you have opened an upload. Is that what you were looking for? This made especially for uploads where only few files contain license information and 1000 other files do not. Then SPDX files still list all files with NOASSERTION. If you do not want that there is this switch. Hope these answers help and please follow up on FOSSology, if you see the need for clarification, Michael From: <fossology@lists.fossology.org> on behalf of TV레전드 <482...@gmail.com> Date: Tuesday, 31. March 2020 at 05:28 To: "fossol...@fossology.org" <fossol...@fossology.org> Subject: [FOSSology] Hi I have a questions before using fossology Hi dear. Nice meet you i am korean james We company is looking for open source analysis tools so I installed fossology as docker version and tested it and result is good performence. i have a 2 questions 1. Isn't my source code leaked when I used the solution? I know Monk Agent to use DB, Please explain 2. Is there a way to export only the files that have been cleared when the report is drawn? - report is there is no distinction between files that are cleared from fossology and those that are not Thanks for running this great tool. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3340): https://lists.fossology.org/g/fossology/message/3340 Mute This Topic: https://lists.fossology.org/mt/72670290/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
