Re: [FOSSology] Fossology scan result
Hi Prasaath, For your use case I think that the recommendations given previously are likely correct; scancode for individual projects (in nearly any programming language) with the appropriate flags for license and copyright, and then use FOSSology for ISOs. Scancode is faster for smaller projects because you don't have the overhead of a web server, database, etc. but FOSSology provides better tooling to drill down and manage licenses at the file level for large ISOs and tarballs. There are, of course, other tools in the ecosystem, but I think for your use case you'll get a lot of mileage from those two. Cheers, Jeremiah From: fossology@lists.fossology.org on behalf of Prasaath Ramasamy (prasaara) via lists.fossology.org Sent: Tuesday, September 22, 2020 6:30:57 AM To: Michael C. Jaeger Cc: Anupam Ghosh; Mishra, Gaurav; Prasad Iyer (prasadiy); Shiv Majji (smajji); Ted Gauthier (tedg); fossol...@fossology.org Subject: Re: [FOSSology] Fossology scan result *** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open any attachments unless you trust the sender and know that the content is safe. *** Thanks Michael, I will check those links. My use case is to have a scanner to scan source code (from diff technologies like java, python, ruby etc) and also ISO images and give the license and component details. -Prasaath -Original Message- From: Michael C. Jaeger Sent: Monday, September 21, 2020 6:13 PM To: Prasaath Ramasamy (prasaara) Cc: Anupam Ghosh ; Mishra, Gaurav ; Prasad Iyer (prasadiy) ; Shiv Majji (smajji) ; Ted Gauthier (tedg) ; fossol...@fossology.org Subject: Re: [FOSSology] Fossology scan result Hello, please note there are more open source tools out there, for example for component analysis: * SW360 Antenna: https://github.com/eclipse/antenna * And the tools from the ACT Initiative: https://www.linuxfoundation.org/press-release/2019/12/the-linux-foundations-automated-compliance-work-garners-new-funding-advances-tools-development/ * it depends a little on for which technology you re trying to identify the components from. As for snippet scanning, I there're maybe open source attempts to tackle it, but could you describe maybe the use case that you have? It sounds like you would like to have one tool that does all the three things at once? (license scnaning, snippet scanning, SCA) Kind regards, Michael > On 21. Sep 2020, at 12:23, Anupam Ghosh wrote: > > Hello Prasaath, > > Fossology is mainly design to scan licenses/copyrights information > from your package, so, Fossology does not look into code-snippets or > dependencies inside source package. > > For code-snippet identification or dependency identification you have to use > a third party software. > > With regards, > Anupam > > From: fossology@lists.fossology.org On > Behalf Of Prasaath Ramasamy (prasaara) via lists.fossology.org > Sent: Monday, September 21, 2020 8:42 AM > To: fossol...@fossology.org; Mishra, Gaurav (CT RDA SSI ISF-IN) > > Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji) > ; Ted Gauthier (tedg) > Subject: Re: [FOSSology] Fossology scan result > > Hello Fossology Team, > > Can you let me know if the component name identification is possible along > with the discovered license ? > > -Prasaath > > From: Prasaath Ramasamy (prasaara) > Sent: Wednesday, September 16, 2020 3:37 PM > To: fossol...@fossology.org > Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji) > ; Ted Gauthier (tedg) > Subject: Fossology scan result > > Hello team, > > I tried scanning a couple of Java source code and python source code and the > fossology tool was able to give me a list of all licenses (like Apache, MIT > etc..) but I am not able to find the corresponding component names (i.e. > activation, ant, apache-commons-logging etc…). Is there a way in the > fossology tool to get component names ? > > -Prasaath > This e-mail and any attachment(s) are intended only for the recipient(s) named above and others who have been specifically authorized to receive them. They may contain confidential information. If you are not the intended recipient, please do not read this email or its attachment(s). Furthermore, you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and then delete this e-mail and any attachment(s) or copies thereof from your system. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3402): https://lists.fossology.org/g/fossology/message/3402 Mute This Topic: https://lists.fossology.org/mt/76884403/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [FOSSology] Fossology scan result
Hello, please note there are more open source tools out there, for example for component analysis: * SW360 Antenna: https://github.com/eclipse/antenna * And the tools from the ACT Initiative: https://www.linuxfoundation.org/press-release/2019/12/the-linux-foundations-automated-compliance-work-garners-new-funding-advances-tools-development/ * it depends a little on for which technology you re trying to identify the components from. As for snippet scanning, I there're maybe open source attempts to tackle it, but could you describe maybe the use case that you have? It sounds like you would like to have one tool that does all the three things at once? (license scnaning, snippet scanning, SCA) Kind regards, Michael > On 21. Sep 2020, at 12:23, Anupam Ghosh wrote: > > Hello Prasaath, > > Fossology is mainly design to scan licenses/copyrights information from your > package, > so, Fossology does not look into code-snippets or dependencies inside source > package. > > For code-snippet identification or dependency identification you have to use > a third party software. > > With regards, > Anupam > > From: fossology@lists.fossology.org On Behalf > Of Prasaath Ramasamy (prasaara) via lists.fossology.org > Sent: Monday, September 21, 2020 8:42 AM > To: fossol...@fossology.org; Mishra, Gaurav (CT RDA SSI ISF-IN) > > Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji) > ; Ted Gauthier (tedg) > Subject: Re: [FOSSology] Fossology scan result > > Hello Fossology Team, > > Can you let me know if the component name identification is possible along > with the discovered license ? > > -Prasaath > > From: Prasaath Ramasamy (prasaara) > Sent: Wednesday, September 16, 2020 3:37 PM > To: fossol...@fossology.org > Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji) > ; Ted Gauthier (tedg) > Subject: Fossology scan result > > Hello team, > > I tried scanning a couple of Java source code and python source code and the > fossology tool was able to give me a list of all licenses (like Apache, MIT > etc..) but I am not able to find the corresponding component names (i.e. > activation, ant, apache-commons-logging etc…). Is there a way in the > fossology tool to get component names ? > > -Prasaath > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3400): https://lists.fossology.org/g/fossology/message/3400 Mute This Topic: https://lists.fossology.org/mt/76884403/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [FOSSology] Fossology scan result
Hello Prasaath, Fossology is mainly design to scan licenses/copyrights information from your package, so, Fossology does not look into code-snippets or dependencies inside source package. For code-snippet identification or dependency identification you have to use a third party software. With regards, Anupam From: fossology@lists.fossology.org On Behalf Of Prasaath Ramasamy (prasaara) via lists.fossology.org Sent: Monday, September 21, 2020 8:42 AM To: fossol...@fossology.org; Mishra, Gaurav (CT RDA SSI ISF-IN) Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji) ; Ted Gauthier (tedg) Subject: Re: [FOSSology] Fossology scan result Hello Fossology Team, Can you let me know if the component name identification is possible along with the discovered license ? -Prasaath From: Prasaath Ramasamy (prasaara) Sent: Wednesday, September 16, 2020 3:37 PM To: fossol...@fossology.org<mailto:fossol...@fossology.org> Cc: Prasad Iyer (prasadiy) mailto:prasa...@cisco.com>>; Shiv Majji (smajji) mailto:sma...@cisco.com>>; Ted Gauthier (tedg) mailto:t...@cisco.com>> Subject: Fossology scan result Hello team, I tried scanning a couple of Java source code and python source code and the fossology tool was able to give me a list of all licenses (like Apache, MIT etc..) but I am not able to find the corresponding component names (i.e. activation, ant, apache-commons-logging etc...). Is there a way in the fossology tool to get component names ? -Prasaath -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3399): https://lists.fossology.org/g/fossology/message/3399 Mute This Topic: https://lists.fossology.org/mt/76884403/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[FOSSology] Fossology scan result
Hello team, I tried scanning a couple of Java source code and python source code and the fossology tool was able to give me a list of all licenses (like Apache, MIT etc..) but I am not able to find the corresponding component names (i.e. activation, ant, apache-commons-logging etc...). Is there a way in the fossology tool to get component names ? -Prasaath -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3397): https://lists.fossology.org/g/fossology/message/3397 Mute This Topic: https://lists.fossology.org/mt/76884403/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-