Create a notion of "Projects" #1738
Comments
|
@NicolasToussaint I like the idea! In my team we use the concept of a "clearing request", this is simply a collection of uploads that belong to a specific product/project and needs to be scanned together, very similar to the concept you describe here. We tried using the
While both steps work well, we are missing following features:
Extending the tag feature could be another option to implement "projects". |
|
I wonder if there is a need to consider how the various licenses work together in a project? While I think a lot will depend on how the project is built with regard to dependencies nonetheless the "project" grouping might be able to provide an overall scenario for how a given project with multiple licenses is licensed overall and which license applies to which software component. |
|
Hi all, I have a wrapper framework around existing Fossology (3.6.0) that I use for project scanning, to try to accomplish something along these lines. The code is at https://github.com/swinslow/scaffold -- it is unfortunately lacking in documentation at the moment, mostly because I've just been using it myself and haven't written it up. This is probably overkill for many folks' use cases, but sharing here in case it's at all helpful. To use it, you set up a
You also set up a corresponding file listing out different texts which corresponds to particular licenses (this is for use in automated monkbulk scanning runs). Then, the framework automatically runs through the following steps:
I have no idea if any of this is useful or relevant to what you're looking at :) I'm sure several parts are specific to the particular workflow I've got. But I'm happy to share more details and/or actually write up some documentation on it, if that would be helpful. |
|
Many thanks for your detailed thoughts on this ! @deveaud-m Tags look good, I had never used them before, but it looks interesting to build on top of that. @jeremiah In my case, a project will often be composed of various components that with various "use cases" (front-end, back-end, mobile, embedded, standalone software). So we will still want to analyse the findings separately. @swinslow Many thanks for sharing and describing your work! |
|
@NicolasToussaint agreed -- if Fossology had a concept of "projects", I expect it would be very helpful. I've found it particularly useful to be able to combine pulls from multiple repos into a single Fossology upload, so that I can do things like run bulk text matches, reuse prior results, export combined SPDX files, etc., at the "project" level. That has made the process faster for me when I'm dealing with a larger number of repos, rather than clearing them one-by-one. So I'd suggest that if there's a way to run agents / actions across multiple uploads in a Fossology "project," that might be useful for at least some use cases. |
+1 I like the idea of a sort of "policy engine" across a diverse source code that may or may not become a binary but rather has another, maybe higher level, cohesion. |
|
@NicolasToussaint |
Description
For multiple reasons, I would like to be able to identify uploads to projects.
A project would be defined by:
As a suggestion, a new table entry could be created containing all info mentioned above.
This could be used, for example:
In terms of UI integration:
Anyone has an opinion on such a feature ?
The text was updated successfully, but these errors were encountered: