Analyze at once for Open Source Compliance.
FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.
FOSSLight Scanner needs a Python 3.6+.
It can be installed using pip3. It is recommended to install it in the python 3.7 + virtualenv environment.
$ pip3 install fosslight_scanner
FOSSLight Scanner is run with the fosslight command.
fosslight [Mode] [option1] <arg1> [option2] <arg2>...
Mode
all Run all scanners(Default)
source Run FOSSLight Source
dependency Run FOSSLight Dependency
binary Run FOSSLight Binary
prechecker Run FOSSLight Prechecker
compare Compare two FOSSLight reports
Options:
-h Print help message
-p <path> Path to analyze (ex, -p {input_path})
* Compare mode input file: Two FOSSLight reports (supports excel, yaml)
(ex, -p {before_name}.xlsx {after_name}.xlsx)
-w <link> Link to be analyzed can be downloaded by wget or git clone
-f <format> FOSSLight Report file format (excel, yaml)
* Compare mode result file: supports excel, json, yaml, html
-o <output> Output directory or file
-c <number> Number of processes to analyze source
-e <path> Path to exclude from analysis (ex, -e {dir} {file})
-r Keep raw data
-t Hide the progress bar
-v Print FOSSLight Scanner version
-s <path> Path to apply setting from json file (check format with 'setting.json' in this repository)
* Direct cli flags have higher priority than setting file
(ex, '-f yaml -s setting.json' - result file extension is .yaml)
$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
$ fosslight all -p /home/source_path -e temp_dir src/temp.py
$ fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
If you want to analyze private repository, set your github token like below.
$ fosslight all -w "https://my_github_token@github.com/Foo/private_repo
$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
$ tree
.
├── fosslight_log
│ ├── fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
$docker build -t fosslight .
$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
FOSSLight Scanner is released under Apache-2.0.
FAQs
FOSSLight Scanner
We found that fosslight-scanner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.