Skip to main content

FOSSLight Scanner

Project description

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner license: Apache-2.0 Current python package version REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.

Contents

Please refer to https://fosslight.org/fosslight-guide/scanner/ for the FOSSLight Scanner User Guide.

📋 Prerequisite

FOSSLight Scanner needs a Python 3.10+.

🎉 How to install

It can be installed using pip3. It is recommended to install it in a virtualenv environment.

pip3 install fosslight_scanner

🚀 How to run

FOSSLight Scanner is run with the fosslight command.

fosslight [Mode] [option1] <arg1> [option2] <arg2>...

Parameters

Mode

        all                     Run all scanners(Default)
        source                  Run FOSSLight Source
        dependency              Run FOSSLight Dependency
        binary                  Run FOSSLight Binary
        prechecker              Run FOSSLight Prechecker
        compare                 Compare two FOSSLight reports

Options:

        -h                      Print help message
        -p <path>               Path to analyze (ex, -p {input_path})
                                 * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
                                   (ex, -p {before_name}.xlsx {after_name}.xlsx)
        -w <link>               Link to be analyzed can be downloaded by wget or git clone
        -f <format>             FOSSLight Report file format (excel, yaml)
                                 * Compare mode result file: supports excel, json, yaml, html
        -o <output>             Output directory or file
        -c <number>             Number of processes to analyze source
        -e <path>               Path to exclude from analysis (files and directories, pattern matching is available)
                                 * IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
                                   Example) fosslight -e "test/abc.py" "*.jar" "test/"
        -r                      Keep raw data
        -t                      Hide the progress bar
        -v                      Print FOSSLight Scanner version
        -s <path>               Path to apply setting from json file (check format with 'tests/fixtures/setting.json' in this repository)
                                 * Direct cli flags have higher priority than setting file
                                   (ex, '-f yaml -s tests/fixtures/setting.json' - result file extension is .yaml)
  • Refs.
  • Pattern matching guide for the -e option
    • ⚠️ Make sure to use double quotes ("") when entering values.
      • Example) fosslight -e "test/abc.py" "*.jar" "test/"
    • ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.

Ex 1. Local Source Analysis

fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

If using additional flags like -d, document them in Options section or link to related guide.

Ex 2. Local Source Analysis with Path to Exclude

fosslight all -p /home/source_path -e "temp_dir" "src/temp.py"

Ex 3. Download Link and analyze

fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"

If you want to analyze private repository, set your GitHub token like below.

fosslight all -w "https://my_github_token@github.com/Foo/private_repo"

Ex 4. Compare the BOM of two FOSSLight reports

fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel

📁 Result

$ tree
.
├── fosslight_log
│   ├── fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx: OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

🐳 How to run using Docker

  1. Build image using Dockerfile.
docker build -t fosslight .
  1. Run with the image you built.
    ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output

👏 How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

📄 License

FOSSLight Scanner is released under Apache-2.0.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fosslight_scanner-2.1.24.tar.gz (32.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fosslight_scanner-2.1.24-py3-none-any.whl (26.2 kB view details)

Uploaded Python 3

File details

Details for the file fosslight_scanner-2.1.24.tar.gz.

File metadata

  • Download URL: fosslight_scanner-2.1.24.tar.gz
  • Upload date:
  • Size: 32.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.13

File hashes

Hashes for fosslight_scanner-2.1.24.tar.gz
Algorithm Hash digest
SHA256 e01d3e571479af5d097663d8d688c429e2dd8d4fe45dd6167726da1ece1cbf55
MD5 5530f9438c02952e926b085dde500636
BLAKE2b-256 f4d2c4686e2711c6cb8dcd976e802d552ec3c444932179220a17a3b7d29e26c5

See more details on using hashes here.

File details

Details for the file fosslight_scanner-2.1.24-py3-none-any.whl.

File metadata

File hashes

Hashes for fosslight_scanner-2.1.24-py3-none-any.whl
Algorithm Hash digest
SHA256 ada14ee4e2786f68780f8a249d2393a49878c58aba60caec1223927a987d937f
MD5 3a7804af604fcbe3f0d6e0f7808b8e00
BLAKE2b-256 f19e7c24ce3772cf8f64b289acec13d08a4a04fec52a4a644e9711d25721a946

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page