Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 10:00
    pombredanne commented #3237
  • 07:13
    erkansecurity starred nexB/scancode-toolkit
  • Feb 06 13:30
    AyanSinhaMahapatra commented #3238
  • Feb 06 13:22
    AyanSinhaMahapatra commented #3214
  • Feb 06 13:13
    AyanSinhaMahapatra assigned #3239
  • Feb 06 13:13
    AyanSinhaMahapatra labeled #3239
  • Feb 06 13:13
    AyanSinhaMahapatra opened #3239
  • Feb 05 21:41
    chinyeungli labeled #3238
  • Feb 05 21:41
    chinyeungli labeled #3238
  • Feb 05 21:41
    chinyeungli opened #3238
  • Feb 05 18:08
    msaffitz starred nexB/scancode-toolkit
  • Feb 05 15:43
    mossmaurice starred nexB/scancode-toolkit
  • Feb 04 20:38
    jwachter starred nexB/scancode-toolkit
  • Feb 04 19:59
    jcgay starred nexB/scancode-toolkit
  • Feb 04 09:41
    joel-costigliola starred nexB/scancode-toolkit
  • Feb 03 18:54

    JonoYang on maven-pom-parse-dep-backport

    Bump dependency versions *… (compare)

  • Feb 03 18:44

    JonoYang on maven-pom-parse-dep-backport

    Bump dependency versions *… (compare)

  • Feb 03 18:22
    alexmills802 starred nexB/scancode-toolkit
  • Feb 03 17:41
    efeminella starred nexB/scancode-toolkit
  • Feb 02 14:58
    chrisschn starred nexB/scancode-toolkit
Omkar Phansopkar
@OmkarPh
GSoC update: Completed menu actions, added release scripts
Akhil Raj
@lf32
GSoC update: created charts for licenses
George Kraft
@gk4delltech
Regarding nexB/scancode-toolkit#3048, I'm getting "Analysis exception processing SPDX file: Missing document namespace" when verifying an spdx.json from a hello world scan. This seems very basic. Could someone review and give me a hint. :-)
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@gk4delltech I've replied in your issue :)
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@aspacca It should be out very soon we are preparing for the final 31 release nexB/scancode-toolkit#3053
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@/all we're starting the aboutcode call at https://meet.jit.si/AboutCode meeting minutes: https://github.com/nexB/aboutcode/wiki/MeetingMinutes
Omkar Phansopkar
@OmkarPh
GSoC update: Created automatic release using github actions & dropzone for files
ziad hany
@ziadhany
GSoC update: migrate rust importer
Scancode workbench builds
You can find sample json files here: https://github.com/OmkarPh/scancode-workbench/tree/v4.0-react-typescript/samples
Omkar Phansopkar
@OmkarPh
nexB/scancode-toolkit#3061
Scancode toolkit setup error on macos m1 chip nexB/scancode-toolkit#3061
Jono Yang
@JonoYang

@OmkarPh

My screenshot is a panel from the soos.io webapp. soos.io determines whether or not a project has a vulnerabilty by checking the packages and dependencies listed in a project's manifest file. In my screenshot, on the left side, there is a nested list of packages from a manifest, and under each package are the dependencies for that package.
On the right side, is the vulnerability details for the package. In our case, I think showing the package or dependency information in detail would be alright.

image.png
Omkar Phansopkar
@OmkarPh
this looks great
Akhil Raj
@lf32
GSoC update: Highlight license matches
Philippe Ombredanne
@pombredanne
@lf32 thanks!
@lf32 when is a good time to have a live session together?
Akhil Raj
@lf32
Aboutcode timings would be ok @pombredanne
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
^ Usually that time is much busier as we have other calls. Earlier in the day works better for phillipe @lf32
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@pombredanne opening this page: https://github.com/nexB/aboutcode/wiki/MeetingMinutes now shows The wiki page took too long to render. Please edit this wiki page’s content so it renders faster. sometimes. Should we make this a year-wise page instead?
1 reply
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
Hey @lf32 , forget about also adding the link to .yml files (for .RULE/.LICENSE) files in the details page. Just have one link to the .RULE/.LICENSE file instead. This is because we are thinking of merging the .RULE and .yml files into one .RULE YAML fornt-matter file instead as a part of nexB/scancode-toolkit#3049
Akhil Raj
@lf32
Hey, so if you are free for now can we have a meet?
Philippe Ombredanne
@pombredanne
@lf32 I could not reproduce you ScanCode TK Apple M1 installation issue. Can you try again and if this happens again, please create an issue
@lf32 me , not now, but tomorrow morning CEST could work
Akhil Raj
@lf32
Hey @pombredanne, which SCTK Apple M1 installation?
Philippe Ombredanne
@pombredanne
@lf32 you reported an issue Monday? ... or may be that was @OmkarPh ? :]
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
That was reported by @OmkarPh , yes.
Philippe Ombredanne
@pombredanne
ah :)
Omkar Phansopkar
@OmkarPh

That was reported by @OmkarPh , yes.

yeah it was me ;)

@lf32 I could not reproduce you ScanCode TK Apple M1 installation issue. Can you try again and if this happens again, please create an issue

I've already tried doing unzip tar -> ./scancode --help thrice :/
nexB/scancode-toolkit#3061
is there someone else who has m1 mac

Jay Kumar
@35C4n0r
Greetings Everyone,
My name is Jay. I am a 2nd year undergrad. I am experienced with Python, Full Stack MERN development, C++ and a little bit in Flutter. I have been doing Python for almost 3 years now and I am very excited to do open Source Contribution. This would be my first time contributing in this repo, i would love it if someone could help me to get started. Thank you.
Kevin Ji
@KevinJi22
@pombredanne I've addressed almost all your comments on my PR except for two. For this comment, what do you mean by "adding a new extension point"? I was thinking of adding a new class called AdditionalLicenseLocationProvider or something and having the path providers for additional licenses subclass that. What are your thoughts?
It seems like I'll have to modify the PluginCode repository for this.
2 replies
@pombredanne also, for this, I don't think there's a way to identify if a license matches an external license vs. a license already in the licenseDB, right? So I'm not sure how we can set these fields to empty for additional licenses
1 reply
Omkar Phansopkar
@OmkarPh
gsoc update - Created packages > dependencies page (Top level packages overview)
ziad hany
@ziadhany
GSoC update: Add support for rust ranges
Philippe Ombredanne
@pombredanne
@/all weekly meeting call started
@KevinJi22 hey :)
Philippe Ombredanne
@pombredanne
Sorry for changing my mind on the option name :]
Akhil Raj
@lf32
GSoC update: improve layout for license details
Keshav Priyadarshi
@keshav-space
GSoC Update: Streamline VulnTotal CLI, support JSON and YAML output, add support for grouping Vulnerability by CVE
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@keshav-space just curious, can we try this CLI out from https://github.com/nexB/vulnerablecode/tree/vulntotal? Or is it still in PRs?
4 replies
Akhil Raj
@lf32
Andrea Spacca
@aspacca
@pombredanne >@aspacca --license-score is not the best way to filter licenses IMHO. Instead you may want to check the primary license returned in the new --summary feature (in v31+)
testing with new --summary feature: it seems to be a summary for the root, not faceted by package
4 replies
Akhil Raj
@lf32
@pombredanne
Andrea Spacca
@aspacca
I'm using packages.[].license_expression