Good day, I am working on the SPDX-GitHub integration. This email is an update on my progress and some future plans for this project.
Right now my code is able to download and scan a repo using a scanner such as ScanCode, and outputs an SPDX document. I also have code to respond to webhook for a push, which means that it can be set up to run a new scan each time the repo has a new push. However, creating a webhook for a repo is restricted to administrators of that repo, so only an admin could use this feature. There is a configuration file where the user can specify the name of the output SPDX document. Future plans include turning this into a web API, adding the ability to use the configuration file to select which scanner should be used, merging a new SPDX file with the old one when the webhook code is triggered (as opposed to simply replacing it), and pushing the SPDX output file back to the repository rather than keeping it locally. I will also be working on improving the code by improving my tests, writing installation instructions for the Readme, reorganizing the code, and changing it to PEP8. Thanks and have a great day, Anna Buhman
_______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
