On 13/07/21 10:57, email@example.com wrote:
I see that meta-spdxscanner has been moved to http://git.yoctoproject.org,Yes, you can contact me or contribute to meta-spdxscanner to this ML.
and doesn't maintained on github
I'd like to have advice from you to understand if is it possible to test it withoutI have not maintained scancode-tk for long time. And recently there are somebody else asked me about scancode-tk.
any external service and discover what kind of artefacts are generated into
Yes, I planned to make scancode-tk.bbclass work without external service. But there are always issues because environment.
The problem of scancode-tk.bbclass that scancode must work with specify a version of python(latest requires 3.6), but you know that for YP or your host, it is hard to meet the requirement.
I found the newest version of scancode-tk support running in docker. So I plan to make scancode-tk.bbclass work with scancode command by docker next.
Of course, if you have good ideas, please tell me, or contribute to meta-spdxscanner directlly.
By the way, why not try fossology? It is really good that you can browse the compliance information on fossology server after you get spdx files by bitbake of YP.
thank you for answering.
Considering the problems I encounter with scancode-tk and that the artifacts it produces are simple text files that need further analysis, I was just deciding to migrate to Fossology with "fossology-rest".
The only drawback is having to install the server, but I don't think it will be a problem.
Thanks again, I will contact you again if you have any problems with this mode.
Marco Cavallini | KOAN sas
Bergamo - Italia
embedded software engineeringhttps://KoanSoftware.com