Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
The SCANOSS python package provides a simple easy to consume library for interacting with SCANOSS APIs/Engine.
To install (from pypi.org), please run:
pip3 install scanoss
To upgrade an existing installation please run:
pip3 install --upgrade scanoss
To take advantage of faster fingerprinting, please install the optional scanoss_winnowing package:
pip3 install scanoss_winnowing
Or directly using:
pip3 install scanoss[fast_winnowing]
Alternatively, there is a docker image of the compiled package. It can be found here. Details of how to run it can be found here.
If installing on Ubuntu 2023.04, Fedora 38, Debian 11, etc. a few additional steps are required before installing scanoss-py
. More details can be found here.
The recommended method is to install pipx
and use it to install scanoss-py
:
sudo apt install pipx
pipx ensurepath
This will install the pipx
package manager, which can then be used to install scanoss-py
:
pipx install scanoss[fast_winnowing]
This will install the scanoss-py
app in a separate virtual environment and create a link to the local path for execution.
The package can be run from the command line, or consumed from another Python script.
The Python package manager (pip), will register the following command during installation:
scanoss-py
It is also possible to launch it using:
python3 -m scanoss.cli
Running the bare command will list the available sub-commands:
> scanoss-py
usage: scanoss-py [-h] [--version]
{version,ver,scan,sc,fingerprint,fp,wfp,dependencies,dp,dep,file_count,fc,convert,cv,cnv,cvrt,component,comp,utils,ut}
...
SCANOSS Python CLI. Ver: 1.6.1, License: MIT, Fast Winnowing: True
options:
-h, --help show this help message and exit
--version, -v Display version details
Sub Commands:
valid subcommands
{version,ver,scan,sc,fingerprint,fp,wfp,dependencies,dp,dep,file_count,fc,convert,cv,cnv,cvrt,component,comp,utils,ut}
sub-command help
version (ver) SCANOSS version
scan (sc) Scan source code
fingerprint (fp, wfp)
Fingerprint source code
dependencies (dp, dep)
Scan source code for dependencies, but do not decorate them
file_count (fc) Search the source tree and produce a file type summary
convert (cv, cnv, cvrt)
Convert file format
component (comp) Component support commands
utils (ut) General utility support commands
From there it is possible to scan a source code folder:
> scanoss-py scan -o scan-output.json <source-folder>
The SCANOSS CLI supports dependency decoration. In order for this to work, it requires the installation of scancode:
pip install scancode-toolkit
Dependencies can then be decorated by adding the --dependencies
option to the scanner:
> scanoss-py scan --dependencies -o scan-output.json <source-folder>
The scanoss package can also be used in other Python projects/scripts. A good example of how to consume it can be found here.
In general the easiest way to consume it is to import the required module as follows:
from scanoss.scanner import Scanner
def main():
scanner = Scanner()
scanner.scan_folder( '.' )
if __name__ == "__main__":
main()
By Default, scanoss uses the API URL endpoint for SCANOSS OSS KB: https://api.osskb.org/scan/direct. This API does not require an API key.
These values can be changed from the command line using:
> scanoss-py scan --apiurl <URL> --key <KEY>
From code, it would look like this:
from scanoss.scanner import Scanner
def main():
scanner = Scanner(url='new-url', api_key='key')
scanner.scan_folder( '.' )
if __name__ == "__main__":
main()
Python 3.7 or higher.
The source for this package can be found here.
For client usage help please look here.
Details of each release can be found here.
FAQs
Simple Python library to leverage the SCANOSS APIs
We found that scanoss demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.