@lf32 I do not know about it so I have no opinion... we are using ace I think already though https://github.com/nexB/scancode.io/blob/main/scanpipe/templates/scanpipe/resource_detail.html#L78
@lf32 returning the question, what do you thing of it?
2022-09-09 21:52:44.04 Pipeline [scan_codebase] starting 2022-09-09 21:52:44.15 Step [copy_inputs_to_codebase_directory] starting 2022-09-09 21:52:44.24 Step [copy_inputs_to_codebase_directory] completed in 0.09 seconds 2022-09-09 21:52:44.25 Step [extract_archives] starting 2022-09-09 21:52:45.00 Step [extract_archives] completed in 0.76 seconds 2022-09-09 21:52:45.01 Step [collect_and_create_codebase_resources] starting 2022-09-09 21:52:49.75 Step [collect_and_create_codebase_resources] completed in 4.74 seconds 2022-09-09 21:52:49.75 Step [tag_empty_files] starting 2022-09-09 21:52:49.81 Step [tag_empty_files] completed in 0.06 seconds 2022-09-09 21:52:49.81 Step [scan_for_application_packages] starting 2022-09-09 21:53:17.12 Step [scan_for_application_packages] completed in 27.30 seconds 2022-09-09 21:53:17.13 Step [scan_for_files] starting 2022-09-09 21:53:20.83 Pipeline failed Task output A process in the process pool was terminated abruptly while the future was running or pending. Traceback: File "/app/scanpipe/pipelines/__init__.py", line 115, in execute step(self) File "/app/scanpipe/pipelines/scan_codebase.py", line 99, in scan_for_files scancode.scan_for_files(self.project) File "/app/scanpipe/pipes/scancode.py", line 310, in scan_for_files _scan_and_save(resource_qs, scan_file, save_scan_file_results) File "/app/scanpipe/pipes/scancode.py", line 297, in _scan_and_save scan_results, scan_errors = future.result() File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 439, in result return self.__get_result() File "/usr/local/lib/python3.9/concurrent/futures/_base.py", line 391, in __get_result raise self._exception
go mod vendorto populate the
./vendordirectory, and then run scancode, pointing it at the vendor directory, and it scans all the files. Thus to scan source code deps, I can't just point it at a cloned version of the repo, but I'm required to first prep the repo by pulling in all the source files of all the deps, using the appropriate package manage per each. Is my understanding right? I was looking at using https://github.com/pivotal/LicenseFinder, and see that it works with the package managers for you to do this prep step automatically. Is this something that scancode supports and I'm just not seeing it? Does scancode.io work differently than the scancode-toolkit in this case?