Comments (6)
Let's say I want to perform code scans on different parts of a project separately and then merge the final results. What would be the best approach for achieving this with ORT?
We've had some (oral) discussions about this quite some time ago in our ORT Community meetings in the context of this PR, but came to the (preliminary) conclusion that it's too hard to get right for all use-cases, and thus the idea to implement something like this stalled.
from ort.
Re-scanning the entire project can be time-consuming
One idea is to scan packages one-by-one in advance to populate the scan storage (you should set up a database for that beforehand), so the "real" scan does through smoothly.
from ort.
how is it mapped among
binary artifacts
,source artifacts
andsource repository
.
That depends a bit on your configuration of source code origins:
ort/model/src/main/kotlin/config/DownloaderConfiguration.kt
Lines 43 to 47 in ce7d028
In general, ORT does not download binary artifacts, but only source artifacts or source code from VCS. Which of the latter two (and in which order) is determined by the above setting, and any errors messages refer to getting code from that configured origin(s).
from ort.
fyi, I also want to know how the version control system is worked , I can see it from logs that ,sometimes Could not fetch only revision
, some times Could not find any revision candidates for package
, some times Could not resolve revision for package
, and how is it mapped among binary artifacts
,source artifacts
and source repository
.
from ort.
@ChenZhaobin please also stick to one topic per issue, and consider starting a discussion instead if you're not actually reporting a bug or requesting a feature.
from ort.
understood, thanks for the quick help.
from ort.
Related Issues (20)
- PURL encoding for SwiftPM is invalid as PURL specification. HOT 1
- [BUG] Cargo: submodules and local packages are being skipped HOT 3
- tests: Turn assets into resources HOT 1
- FossID: improve the error reporting when the credentials are wrong
- FossID: Scanner option `fetchSnippetMatchedLines` should be removed
- Docker image for version 22.3.0 does not contain the `scancode` executable anymore HOT 8
- Invalid expires attribute date on setting Cookies during Analyzer HOT 2
- Gemfile parsing for Bundler (Ruby) doesn't correctly take into account platforms (ruby, java etc.) HOT 9
- Consider using `testcontainers-git` to test authentication with Git servers
- Mention the ORT version the report was created with.
- Generated package configuration path excludes does not respect vcs path curations HOT 1
- Effective license of `BSD-3-Clause AND BSD-3-Clause`
- Support getting Node-related tooling versions from the `frontend-gradle-plugin` HOT 1
- Consolidate Scan Storages HOT 2
- package-curations: Allow adding arbitrary tags to packages HOT 12
- SSLHandshakeException with ClearlyDefined.io HOT 1
- Add "Black Duck" as advisor for known security vulnerabilities HOT 4
- Enable the reporting of known security vulnerabilities as Open VEX document HOT 1
- Document the precedence /behavior in case of multiple package configuration providers
- Automate the creation of how-to-fix hints for vulnerabilities
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ort.