Good day, I am working on the SPDX-GitHub integration, and as of today this is the functionality we have:
1. The user can run our code from the command line to download a GitHub repo as a zip file, unzip it, scan it for licenses, and output an SPDX document. 2. The user can create a webhook from a repository if they are an administrator of that repository. Then if they are running a server with our code that is exposed to the internet, our code can run a new scan each time there is a push to the repository in question. Currently I am working on getting a webhook to be created using the GitHub API rather than manually from the web page. As mentioned, a limitation to the use of webhooks is that only an administrator of a repository can create a new webhook. A non-admin could still run a scan using our code, but would not be able to get it to update automatically in response to a new push without the help of an administrator. What other functionality should the GitHub SPDX application have once it is completed? What thoughts are there on the limitation for webhooks? The following is are links to the code mentioned above. This code is written to work with ScanCode, but it could also use DoSOCSv2. Downloading and scanning a repo: https://github.com/spdx/spdx-github/blob/master/run_scan/download_repo_run_scan.py Responding to a push notification from a webhook: https://github.com/spdx/spdx-github/blob/master/run_scan/github_webhooks.py Thanks and have a great day, Anna Buhman
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
