Skip to main content

Using opOSSum with ScanCode Output - How to Convert ScanCode Output JSON to Opossum JSON

 opOSSum is a nice Open Source compliance tool which can be found on GitHub. ScanCode is another nice Open Source compliance tool which can be found on GitHub, too. While the latter provides extensive code scanning functionality, the former can create comprehensive reports and visualize scan results. One just has to figure out how to get opOSSum to read ScanCode output. 

This is not really an issue, but - as far as I can tell - has not yet been documented anywhere on the internet. opOSSum does read ScanCode json output, but it reqires some transformation beforehand. Good news: opOSSum also provides the tool to perform said transformation. 

As usual, this is more of a step-by-step-guide for noobs such as myself for future reference, but I figured maybe this can be of use for the community as well. 

Prerequisites: 

1. Get ScanCode

Just get it from https://github.com/nexB/scancode-toolkit/releases, I chose scancode-toolkit-XX.X.X_sources.tar.xz, and unpack it

2. Get opOSSum

Download recent version from https://github.com/opossum-tool/OpossumUI/releases/ - if you're on linux like me, choose OpossumUI-for-linux.AppImage. If this is your first time using the AppImage format (it was for me) note that in order to use the file you need to make it executable (right click, properties, permissions, allow executing file as program). 

3. Get opOSSum tool to transform json

As I mentioned before we need to transform ScanCode output JSON to opOSSum JSON. Thererfore, head over to https://github.com/opossum-tool/opossum.lib.hs and download the sources. 

Now at some point - I don't quite remember when - either scanning or transforming failed because zlib was missing. So just to make sure you don't run into these troubles, check if it does exist on your system:

Bash:     whereis zlib 

If no results (i.e. zlib locations) show up, get zlib. For ubuntu, zlib can be installed through your package manager, the package is zlib1g-dev. 

4. Scan the code with ScanCode

Assuming you came here for a reason, you probably already know what you want to scan. If you're just trying out things, just use one of the downloads above. 

To produce a ScanCode.json, use the following command: 

Bash:    /path/to/ScanCode/scancode -clpieu --json-pp /path/to/output.json /path/to/codeyouwanttoscan/

What's clpieu? These are the options scanning the input for copyright, licenses, packages, other info, emails and URLs. Other info includes size, type, date, programming language, hashes etc. (see https://scancode-toolkit.readthedocs.io/en/latest/cli-reference/list-options.html)  

5. Convert to opOSSum-json

Bash:     /path/to/oppossum-lib-hs/opossum-lib-exe.sh --scancode /path/to/output.json > /path/to/output_converted.json 

where output.json is the file from step 4

6. Use output in opOSSum

Run file from step 2 (e.g. by just double-clicking), open output_converted.json - done. 

From here on, consider visiting the opOSSum user guide.

Labels:

Comments

Post a Comment

Popular posts from this blog

Joomla! 2.5: Multiple views, one model

Here goes MVC again: I was a bit confused that every time I created a second or third view for a component, I had to create a separate model for it. Did not make sense to me - I had the necessary algorithms in the model for the first view, did I really need to do copy & paste? I hate it! Redundancy, redundancy, redundancy. That case occurred in my current project - I created user profiles and needed an "edit" view. The data is the same, but I need to have the data in editable text fields instead of fixed labels, and maybe some other buttons here and there...  Well, some time later I realized that I just did not quite understand what Joomla! acutally means by "view".  And that there is something called "layout". Long story short: If you have a model that provides all necessary information and you just want to have a different presentation of it, just add a new .php file to your views/<yourviewname>/tmpl folder - let's call it "layo...
1 comment
Read more

Joomla / Eclipse: Use Eclipse to edit files

Even though I could use any Editor or Notepad, after some days of Joomla! I was yearning for some syntax highlighting and maybe even automatic code completion... I did some Java programming in the past, and I am really used to the Eclipse IDE. Eclipse IDE for JavaScript Web Developers seemed to be a good deal for what I was up to do, so I gave it a try. I feel kind of stupid even posting about this, but upon starting up Eclipse, I started to wonder how I would do that - being that Eclipse works with projects, and I didn't want to put all of my components into an Eclipse workspace, and I didn't want to put up a subversioning system. Turns out it is quite simple: Right-click somewhere in the package explorer,  select 'New', 'Project...'. In the dialog, open the folder 'General' and select 'Project'. Click 'Next'. For the name, I usually put the com_componentname / mod_modulename, as in my file system. But I don't think it matters....
Post a Comment
Read more

Joomla! 2.5: Component as Article

Can you put a component on a page together with other articles? Like, for example, to have a component and a blog layout on the "Home" page? Yes, you can! There are some nice extensions that allow for this. I used the "Plugin Include Component" plugin, which is available on extensions.joomla.org . With this plugin, you simply create an article that contains a special tag, indicating the component to include. Just like this: Install the plugin and put the following code in whatever article you need it in (substitute 'componentName' and 'viewname' for your component's and view's name...). {component url='index.php?option=com_ componentName &view= viewname '}
Post a Comment
Read more