Comments (13)
I agree that if the package manager does not provide a declared license we should leave the field empty.
from ort.
I took over the draft PR at #6114, but didn't find the time yet to work on it. Maybe sponsoring could help to raise priority 😉
from ort.
looking forward to iOS project support
from ort.
@annania supporting iOS build tools is always tricky as the common tools only run on macOS. Swift is the exception and according to https://github.com/apple/swift should run beside macOS also on Debian, Fedora and Ubuntu
from ort.
Maybe https://github.com/mahmudahsan/Licenses could help.
from ort.
Swift now also runs on Windows (German article), so maybe this is a step towards adding platform-independent support for SPM to ORT.
from ort.
Swift is also available for Ubuntu, CentOS and Amazon Linux 2: https://swift.org/download/#releases
Using the provided docker image I was able to create a small Hello World app using a depdendency from the swift package manager:
root@bb84f80d3453:/swifttest# uname -a
Linux bb84f80d3453 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@bb84f80d3453:/swifttest# swift --version
Swift version 5.3 (swift-5.3-RELEASE)
Target: x86_64-unknown-linux-gnu
root@bb84f80d3453:/swifttest# cat Package.swift
// swift-tools-version:5.3
import PackageDescription
let package = Package(
name: "swifttest",
dependencies: [
.package(
name: "Files",
url: "https://github.com/johnsundell/files.git",
from: "4.0.0"
)
],
targets: [
.target(
name: "swifttest",
dependencies: ["Files"]),
.testTarget(
name: "swifttestTests",
dependencies: ["swifttest"]),
]
)
root@bb84f80d3453:/swifttest# cat Sources/swifttest/main.swift
import Files
print(Folder.current)
root@bb84f80d3453:/swifttest# swift build
Fetching https://github.com/johnsundell/files.git
Cloning https://github.com/johnsundell/files.git
Resolving https://github.com/johnsundell/files.git at 4.1.1
[7/7] Linking swifttest
root@bb84f80d3453:/swifttest# swift run swifttest
Folder(name: swifttest, path: /swifttest/)
Dependencies can also be listed:
root@bb84f80d3453:/swifttest# swift package show-dependencies --format json
{
"name": "swifttest",
"url": "/swifttest",
"version": "unspecified",
"path": "/swifttest",
"dependencies": [
{
"name": "Files",
"url": "https://github.com/johnsundell/files.git",
"version": "4.1.1",
"path": "/swifttest/.build/checkouts/files",
"dependencies": [
]
}
]
}
from ort.
Somewhat related, Swift System is now Open Source: https://swift.org/blog/swift-system/
from ort.
Just came across https://github.com/studo-app/Kotlift. Maybe it's of some use here?
from ort.
Yet one more tool that might become useful: https://github.com/LGE-OSS/swift-depends
from ort.
One issue I see in general with SPM is, that it seems to not support declaredLicenses
at all.
Maybe https://github.com/mahmudahsan/Licenses could help.
This project requires the user to specify all dependencies with their licenses manually.
Other tools / articles I found:
https://github.com/MacPaw/spm-licenses This seems to clone the repository and to read the LICENSE file.
https://davidvonk.dev/2020/12/24/generating-spm-licenses.html Uses the GitHub API to get the license information.
The GitHub API approach might be okay, but may not be feasible in our case, as this would require an implementation for every package source, and some might not support that kind of API at all.
Additionally, API limits would be an issue.
What we could do is, to just not set declaredLicenses
for SPM packages, which is IMO the correct way to handle that, because the package manager doesn't know about the license, and this is represented in the AnalyzerResult
.
The scanner would be able to download the sources and to add detectedLicenses
.
Edit: See also: apple/swift-package-manager#5403
from ort.
This archived project could also maybe provide some pointers on how to support SPM: https://github.com/mattt/swift-package-sbom
from ort.
Any news on this? I think leaving it empty is the best Idea. :)
from ort.
Related Issues (20)
- Upgrade to ScanCode 32.1.0
- Failing to scan repository with FossID: Cannot deserialize value of type `java.util.LinkedHashMap<java.lang.String,java.lang.String>` HOT 8
- Failing to analyze - with Cargo failed to resolve dependencies for path 'rust-client/Cargo.toml': NoSuchElementException: Collection contains no element matching the predicate. HOT 5
- In SPDX reports, include licenseInfoFromFiles and file-level information for the scanned project itself as well HOT 5
- Add Bun as supported package manager
- Analyzer does not allow to have multiple independent projects with the same type / name / version HOT 6
- Allow extending URL prefix replacements for Git HOT 3
- Allow usage of GOPROXY variable for go module downloads HOT 10
- Enable ORT to generate CycloneDX 1.6 SBOMs HOT 1
- FileNotFoundException for some dependencies with ScanCode plugin and npm repository HOT 5
- Wrong type and provider in Request-URL for Curations from ClearyDefined
- Make further database connection (pool) parameters configurable for Postgres based storages
- best solution to scan a project separately and combine results to a final report HOT 6
- declared_license_mapping curations are not applied in git repo projects
- Make VCS plugins configurable
- PURL encoding for SwiftPM is invalid as PURL specification. HOT 1
- [BUG] Cargo: submodules and local packages are being skipped HOT 3
- tests: Turn assets into resources HOT 1
- FossID: improve the error reporting when the credentials are wrong
- FossID: Scanner option `fetchSnippetMatchedLines` should be removed
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ort.