Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 10:38
    rritik772 synchronize #3233
  • 07:32
    OctoPie23 opened #90
  • 07:22
    varunlmxd commented #3138
  • 06:40
    rritik772 edited #3233
  • 06:40
    rritik772 edited #3233
  • 06:39
    rritik772 opened #3233
  • 06:19
    rritik772 forked
    rritik772/scancode-toolkit
  • 06:04
    rritik772 forked
    rritik772/scancode-toolkit
  • 05:36
    rritik772 commented #2990
  • Jan 28 18:57
    pombredanne commented #3024
  • Jan 28 14:46
    josuemotte starred nexB/scancode-toolkit
  • Jan 27 18:20
    AyanSinhaMahapatra edited #3232
  • Jan 27 17:39
    AyanSinhaMahapatra edited #3232
  • Jan 27 17:38
    AyanSinhaMahapatra synchronize #3232
  • Jan 27 17:38

    AyanSinhaMahapatra on app-archives-all-python

    Build app archives for all pyth… (compare)

  • Jan 27 17:11
    AyanSinhaMahapatra milestoned #3232
  • Jan 27 17:11
    AyanSinhaMahapatra opened #3232
  • Jan 27 17:11
    AyanSinhaMahapatra milestoned #3232
  • Jan 27 17:10

    AyanSinhaMahapatra on app-archives-all-python

    Build app archives for all pyth… (compare)

  • Jan 27 16:11
    pombredanne opened #3231
Omkar Phansopkar
@OmkarPh
GSoC update: Created automatic release using github actions & dropzone for files
ziad hany
@ziadhany
GSoC update: migrate rust importer
Omkar Phansopkar
@OmkarPh
https://github.com/OmkarPh/scancode-workbench/releases/tag/v4.0.0betaPowershell2
Scancode workbench builds
You can find sample json files here: https://github.com/OmkarPh/scancode-workbench/tree/v4.0-react-typescript/samples
Omkar Phansopkar
@OmkarPh
nexB/scancode-toolkit#3061
Scancode toolkit setup error on macos m1 chip nexB/scancode-toolkit#3061
Jono Yang
@JonoYang

@OmkarPh

My screenshot is a panel from the soos.io webapp. soos.io determines whether or not a project has a vulnerabilty by checking the packages and dependencies listed in a project's manifest file. In my screenshot, on the left side, there is a nested list of packages from a manifest, and under each package are the dependencies for that package.
On the right side, is the vulnerability details for the package. In our case, I think showing the package or dependency information in detail would be alright.

image.png
Omkar Phansopkar
@OmkarPh
this looks great
Akhil Raj
@lf32
GSoC update: Highlight license matches
Philippe Ombredanne
@pombredanne
@lf32 thanks!
@lf32 when is a good time to have a live session together?
Akhil Raj
@lf32
Aboutcode timings would be ok @pombredanne
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
^ Usually that time is much busier as we have other calls. Earlier in the day works better for phillipe @lf32
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@pombredanne opening this page: https://github.com/nexB/aboutcode/wiki/MeetingMinutes now shows The wiki page took too long to render. Please edit this wiki page’s content so it renders faster. sometimes. Should we make this a year-wise page instead?
1 reply
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
Hey @lf32 , forget about also adding the link to .yml files (for .RULE/.LICENSE) files in the details page. Just have one link to the .RULE/.LICENSE file instead. This is because we are thinking of merging the .RULE and .yml files into one .RULE YAML fornt-matter file instead as a part of nexB/scancode-toolkit#3049
Akhil Raj
@lf32
Hey, so if you are free for now can we have a meet?
Philippe Ombredanne
@pombredanne
@lf32 I could not reproduce you ScanCode TK Apple M1 installation issue. Can you try again and if this happens again, please create an issue
@lf32 me , not now, but tomorrow morning CEST could work
Akhil Raj
@lf32
Hey @pombredanne, which SCTK Apple M1 installation?
Philippe Ombredanne
@pombredanne
@lf32 you reported an issue Monday? ... or may be that was @OmkarPh ? :]
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
That was reported by @OmkarPh , yes.
Philippe Ombredanne
@pombredanne
ah :)
Omkar Phansopkar
@OmkarPh

That was reported by @OmkarPh , yes.

yeah it was me ;)

@lf32 I could not reproduce you ScanCode TK Apple M1 installation issue. Can you try again and if this happens again, please create an issue

I've already tried doing unzip tar -> ./scancode --help thrice :/
nexB/scancode-toolkit#3061
is there someone else who has m1 mac

Jay Kumar
@35C4n0r
Greetings Everyone,
My name is Jay. I am a 2nd year undergrad. I am experienced with Python, Full Stack MERN development, C++ and a little bit in Flutter. I have been doing Python for almost 3 years now and I am very excited to do open Source Contribution. This would be my first time contributing in this repo, i would love it if someone could help me to get started. Thank you.
Kevin Ji
@KevinJi22
@pombredanne I've addressed almost all your comments on my PR except for two. For this comment, what do you mean by "adding a new extension point"? I was thinking of adding a new class called AdditionalLicenseLocationProvider or something and having the path providers for additional licenses subclass that. What are your thoughts?
It seems like I'll have to modify the PluginCode repository for this.
2 replies
@pombredanne also, for this, I don't think there's a way to identify if a license matches an external license vs. a license already in the licenseDB, right? So I'm not sure how we can set these fields to empty for additional licenses
1 reply
Omkar Phansopkar
@OmkarPh
gsoc update - Created packages > dependencies page (Top level packages overview)
ziad hany
@ziadhany
GSoC update: Add support for rust ranges
Philippe Ombredanne
@pombredanne
@/all weekly meeting call started
https://meet.jit.si/AboutCode
@35C4n0r welcome! https://aboutcode.readthedocs.io/en/latest/contributing.html is a good start.
@KevinJi22 hey :)
Philippe Ombredanne
@pombredanne
Sorry for changing my mind on the option name :]
Akhil Raj
@lf32
GSoC update: improve layout for license details
Keshav Priyadarshi
@keshav-space
GSoC Update: Streamline VulnTotal CLI, support JSON and YAML output, add support for grouping Vulnerability by CVE
Ayan Sinha Mahapatra
@AyanSinhaMahapatra
@keshav-space just curious, can we try this CLI out from https://github.com/nexB/vulnerablecode/tree/vulntotal? Or is it still in PRs?
4 replies
Akhil Raj
@lf32
https://fontawesome.com/
Andrea Spacca
@aspacca
@pombredanne >@aspacca --license-score is not the best way to filter licenses IMHO. Instead you may want to check the primary license returned in the new --summary feature (in v31+)
testing with new --summary feature: it seems to be a summary for the root, not faceted by package
4 replies
https://gist.github.com/aspacca/e8fbe0076974c5b45d813aa70faaed0c
Akhil Raj
@lf32
@pombredanne
https://meet.jit.si/AboutCode
Andrea Spacca
@aspacca
I'm using packages.[].license_expression
sometimes the same license is reported twice in the expression: ie "mit AND mit"
4 replies
a minor thing about licenses_reference[].text_urls and text licenses_reference[].text
the second is not always the real content of the first
for MIT license for example: http://opensource.org/licenses/mit-license.php, here the content includes "Copyright <YEAR> <COPYRIGHT HOLDER>" (it's obvious the placeholders cannot be filled, and stripping the line is probably the proper thing to do)
3 replies
Andrea Spacca
@aspacca
last thing about https://github.com/nexB/pip-requirements-parser: not existing dependecies (I have a specific test case with "i_dont_exists" in requirements.txt) are not identified
pip raise an exception, pip-requirements-parser add them to the list of packages
for this reason I'm still using pip, just using the new --report argument