Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Dec 04 22:49
    SupremeHedgehog starred nexB/scancode-toolkit
  • Dec 04 14:29
    webtech-tom starred nexB/scancode-toolkit
  • Dec 03 20:52
    pedroraft starred nexB/scancode-toolkit
  • Dec 03 19:51
    TimothyGillespie starred nexB/scancode-toolkit
  • Dec 01 17:26
    DennisClark assigned #3167
  • Dec 01 17:26
    DennisClark labeled #3167
  • Dec 01 17:26
    DennisClark opened #3167
  • Dec 01 17:12
    DennisClark commented #3165
  • Dec 01 16:43
    RayGozer commented #3165
  • Dec 01 16:41
    RayGozer commented #3165
  • Dec 01 13:10
    pombredanne commented #3165
  • Dec 01 12:38
    pombredanne commented #3166
  • Dec 01 12:34
    pombredanne commented #3166
  • Dec 01 08:03
    rohitcoder labeled #3166
  • Dec 01 08:03
    rohitcoder opened #3166
  • Dec 01 03:07
    mjherzog commented #3165
  • Dec 01 02:23
    RayGozer labeled #3165
  • Dec 01 02:23
    RayGozer opened #3165
  • Nov 30 07:21
Philippe Ombredanne
@pombredanne
@swastkk it starts on time, and last up to an hour. This time if finished early
You can read the call notes at https://github.com/nexB/aboutcode/wiki/MeetingMinutes that @AyanSinhaMahapatra post :)
(or will post)
Hritik Vijay
@Hritik14
Do we have any data on how scancode compares to syft ?
Philippe Ombredanne
@pombredanne
@Hritik14 nope, but I would guess we do better since I looked at their code and we are doing much more introspection than they do... they only do a surface scan of package manifest.
Doing some comparison would be awesome!
Hritik Vijay
@Hritik14
@pombredanne Interesting. I'm planning on doing some comparison in that case. We've syft at our current org and I wanted them to pursue scancode.
Philippe Ombredanne
@pombredanne
@Hritik14 :+1:
@Hritik14 For containers this would be using ScanCode.io
Ramzi
@i1337_gitlab
Hello,
I'm facing an issue with scancode, each time that run it on any source code even it's code source I'm getting an empty result file
I installed scancode, using pip on a mac, and I tired the last version and the one before but unfortunately I'm getting the same results.
Screenshot 2022-11-11 at 10.02.19.png
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
what options are you running scancode with? can you give us the exact command you ran? And I'm guessing this is the html-app output format, which is also deprecated btw, try JSON/YAML or use scancode-workbench to visualize.
Ramzi
@i1337_gitlab
I used :
"scancode --html project.html project/"
Ramzi
@i1337_gitlab
This is the output of the yaml scan results
scancode-toolkit.yaml
Steven Esser
@steven-esser
1 reply
shivu
@sshivam:matrix.org
[m]
Hello everyone. I am currently a 2nd yr student pursuing engineering at DAIICT. I am proficient in javascript and in working with node js. I have an intermediate knowledge with python and I would like to contribute to aboutcode community. Can anyone help me get started? Thanks!!
Swastik Sharma
@swastkk
This week's community call?
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@sshivam:matrix.org welcome to aboutcode! See https://aboutcode.readthedocs.io/en/latest/contributing.html and feel free to look at our projects and open issues https://github.com/search?o=desc&q=org%3AnexB+label%3A"good+first+issue"+state%3Aopen&s=created&type=Issues to see what you can contribute. scancode.io/vulnerablecode has javascript/python :P
@swastkk yes we will have the call tomorrow usual time
Philippe Ombredanne
@pombredanne
@sshivam:matrix.org welcome :)
@swastkk and tomorrow is now today :)
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@/all weekly community call to start in a couple of minutes at https://meet.jit.si/AboutCode, join us there.
Philippe Ombredanne
@pombredanne
:)
Jordan Goldin
@jsgoldin
Hello! I'm working on setting up scancode for dependency license detection/compliance for my organizations many many repos. I have a few questions I'm hoping can be answered or pointed in the right direction :)

I noticed the number of files listed in the scan "Summary" differs from the number of files in the directory being scanned. For example using a clone of https://github.com/django/django:

scancode -clpeui -n 2 --json-pp scancode-result.json django

Summary:
Initial counts: 9814 resource(s): 6648 file(s) and 3166 directorie(s)
Final counts: 9814 resource(s): 6648 file(s) and 3166 directorie(s) for 39.68 MB

find django  | wc -l
    5976

Wondering what accounts for that difference?

Philippe Ombredanne
@pombredanne
@jsgoldin that may be a counter bug ?
SCTK has a pending bug in nexB/scancode-toolkit#3093 that likely counts the files twice (only in the CLI display, not in the JSON scan)
But also :
$ git clone https://github.com/django/django
...
$ find django/ -type f | wc -l
6677
$ find django/ -type d| wc -l
3183
$ rm -rf django/.git
$ find django/ -type d| wc -l
3166
$ find django/ -type f | wc -l
6651
we ignore links, but this looks closer to your counts
@jsgoldin do not hesitate to reach out
you may fancy checking out https://github.com/nexB/scancode.io/
that can help organize scans in projects
and https://github.com/nexB/python-inspector if you are using Python :)

we ignore links, but this looks closer to your counts

And we definitely ignore the .git directory

that would be .gitattributes and .git and .gitignore
that leads us to 6649... just one off the 6648 count you found
which is likely explained by a link ...
or by this : django/tests/staticfiles_tests/apps/test/static/test/CVS
@jsgoldin the count is right: 6648 files and 3166 directories it is :)
ignoring the VCS files
.git dir, .gitattributes and .gitignore and CVS
Jordan Goldin
@jsgoldin
Excellent, thank you! Appreciate the quick response.
Philippe Ombredanne
@pombredanne
@jsgoldin sure thing! Please enter issues too... any weird stuff is worthy of an issue :)
Tushar Goel
@TG1999
@/all the weekly status call has been started here https://meet.jit.si/AboutCode
Philippe Ombredanne
@pombredanne
@/all weekly community call starting now at https://meet.jit.si/AboutCode, join us there!
hehe
Andrea Spacca
@aspacca
fyi: I don't know how I missed https://github.com/raimon49/pip-licenses when looking for a NOTICE.txt generator. Since I was not able to release yet my project based on scancode due to several reasons I will test pip-licenses and in case abandon my output plugin. Please, don't take it as a critic, but as an hint on how to improve :): one of the blocker that slowed down my first public release was the breaking changes between <31.x and =31.x and new upcoming between 31.x and 32.x
Philippe Ombredanne
@pombredanne
@aspacca sure thing ... thanks for chiming in. If pip-licenses can float your boat, then this is great! It seems fairly simple and only deals with Python and declared licenses and texts found in manifests and some simple formatting.
Philippe Ombredanne
@pombredanne
@/all weekly community meeting started at https://meet.jit.si/AboutCode
Jeremiah C. Foster
@jeremiah
Yay! :-)
Philippe Ombredanne
@pombredanne
@jeremiah :) Hey!