Hi Prasaath,
For your use case I think that the recommendations given previously are likely
correct; scancode for individual projects (in nearly any programming language)
with the appropriate flags for license and copyright, and then use FOSSology
for ISOs.
Scancode is faster for smaller projects because you don't have the overhead of
a web server, database, etc. but FOSSology provides better tooling to drill
down and manage licenses at the file level for large ISOs and tarballs.
There are, of course, other tools in the ecosystem, but I think for your use
case you'll get a lot of mileage from those two.
Cheers,
Jeremiah
From: fossology@lists.fossology.org on behalf
of Prasaath Ramasamy (prasaara) via lists.fossology.org
Sent: Tuesday, September 22, 2020 6:30:57 AM
To: Michael C. Jaeger
Cc: Anupam Ghosh; Mishra, Gaurav; Prasad Iyer (prasadiy); Shiv Majji (smajji);
Ted Gauthier (tedg); fossol...@fossology.org
Subject: Re: [FOSSology] Fossology scan result
*** THIS IS AN EXTERNAL EMAIL: Please do not reply, click on any links, or open
any attachments unless you trust the sender and know that the content is safe.
***
Thanks Michael, I will check those links. My use case is to have a scanner to
scan source code (from diff technologies like java, python, ruby etc) and also
ISO images and give the license and component details.
-Prasaath
-Original Message-
From: Michael C. Jaeger
Sent: Monday, September 21, 2020 6:13 PM
To: Prasaath Ramasamy (prasaara)
Cc: Anupam Ghosh ; Mishra, Gaurav
; Prasad Iyer (prasadiy) ; Shiv
Majji (smajji) ; Ted Gauthier (tedg) ;
fossol...@fossology.org
Subject: Re: [FOSSology] Fossology scan result
Hello,
please note there are more open source tools out there, for example for
component analysis:
* SW360 Antenna: https://github.com/eclipse/antenna
* And the tools from the ACT Initiative:
https://www.linuxfoundation.org/press-release/2019/12/the-linux-foundations-automated-compliance-work-garners-new-funding-advances-tools-development/
* it depends a little on for which technology you re trying to identify the
components from.
As for snippet scanning, I there're maybe open source attempts to tackle it,
but could you describe maybe the use case that you have? It sounds like you
would like to have one tool that does all the three things at once? (license
scnaning, snippet scanning, SCA)
Kind regards, Michael
> On 21. Sep 2020, at 12:23, Anupam Ghosh wrote:
>
> Hello Prasaath,
>
> Fossology is mainly design to scan licenses/copyrights information
> from your package, so, Fossology does not look into code-snippets or
> dependencies inside source package.
>
> For code-snippet identification or dependency identification you have to use
> a third party software.
>
> With regards,
> Anupam
>
> From: fossology@lists.fossology.org On
> Behalf Of Prasaath Ramasamy (prasaara) via lists.fossology.org
> Sent: Monday, September 21, 2020 8:42 AM
> To: fossol...@fossology.org; Mishra, Gaurav (CT RDA SSI ISF-IN)
>
> Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji)
> ; Ted Gauthier (tedg)
> Subject: Re: [FOSSology] Fossology scan result
>
> Hello Fossology Team,
>
> Can you let me know if the component name identification is possible along
> with the discovered license ?
>
> -Prasaath
>
> From: Prasaath Ramasamy (prasaara)
> Sent: Wednesday, September 16, 2020 3:37 PM
> To: fossol...@fossology.org
> Cc: Prasad Iyer (prasadiy) ; Shiv Majji (smajji)
> ; Ted Gauthier (tedg)
> Subject: Fossology scan result
>
> Hello team,
>
> I tried scanning a couple of Java source code and python source code and the
> fossology tool was able to give me a list of all licenses (like Apache, MIT
> etc..) but I am not able to find the corresponding component names (i.e.
> activation, ant, apache-commons-logging etc…). Is there a way in the
> fossology tool to get component names ?
>
> -Prasaath
>
This e-mail and any attachment(s) are intended only for the recipient(s) named
above and others who have been specifically authorized to receive them. They
may contain confidential information. If you are not the intended recipient,
please do not read this email or its attachment(s). Furthermore, you are hereby
notified that any dissemination, distribution or copying of this e-mail and any
attachment(s) is strictly prohibited. If you have received this e-mail in
error, please immediately notify the sender by replying to this e-mail and then
delete this e-mail and any attachment(s) or copies thereof from your system.
Thank you.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#3402): https://lists.fossology.org/g/fossology/message/3402
Mute This Topic: https://lists.fossology.org/mt/76884403/21656
Group Owner: fossology+ow...@lists.fossology.org
Unsubscribe: https://lists.fossology.org/g/fossology/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-