Skip to main content

Using opOSSum with ScanCode Output - How to Convert ScanCode Output JSON to Opossum JSON

 opOSSum is a nice Open Source compliance tool which can be found on GitHub. ScanCode is another nice Open Source compliance tool which can be found on GitHub, too. While the latter provides extensive code scanning functionality, the former can create comprehensive reports and visualize scan results. One just has to figure out how to get opOSSum to read ScanCode output. 

This is not really an issue, but - as far as I can tell - has not yet been documented anywhere on the internet. opOSSum does read ScanCode json output, but it reqires some transformation beforehand. Good news: opOSSum also provides the tool to perform said transformation. 

As usual, this is more of a step-by-step-guide for noobs such as myself for future reference, but I figured maybe this can be of use for the community as well. 

Prerequisites: 

1. Get ScanCode

Just get it from https://github.com/nexB/scancode-toolkit/releases, I chose scancode-toolkit-XX.X.X_sources.tar.xz, and unpack it

2. Get opOSSum

Download recent version from https://github.com/opossum-tool/OpossumUI/releases/ - if you're on linux like me, choose OpossumUI-for-linux.AppImage. If this is your first time using the AppImage format (it was for me) note that in order to use the file you need to make it executable (right click, properties, permissions, allow executing file as program). 

3. Get opOSSum tool to transform json

As I mentioned before we need to transform ScanCode output JSON to opOSSum JSON. Thererfore, head over to https://github.com/opossum-tool/opossum.lib.hs and download the sources. 

Now at some point - I don't quite remember when - either scanning or transforming failed because zlib was missing. So just to make sure you don't run into these troubles, check if it does exist on your system:

Bash:     whereis zlib 

If no results (i.e. zlib locations) show up, get zlib. For ubuntu, zlib can be installed through your package manager, the package is zlib1g-dev. 

4. Scan the code with ScanCode

Assuming you came here for a reason, you probably already know what you want to scan. If you're just trying out things, just use one of the downloads above. 

To produce a ScanCode.json, use the following command: 

Bash:    /path/to/ScanCode/scancode -clpieu --json-pp /path/to/output.json /path/to/codeyouwanttoscan/

What's clpieu? These are the options scanning the input for copyright, licenses, packages, other info, emails and URLs. Other info includes size, type, date, programming language, hashes etc. (see https://scancode-toolkit.readthedocs.io/en/latest/cli-reference/list-options.html)  

5. Convert to opOSSum-json

Bash:     /path/to/oppossum-lib-hs/opossum-lib-exe.sh --scancode /path/to/output.json > /path/to/output_converted.json 

where output.json is the file from step 4

6. Use output in opOSSum

Run file from step 2 (e.g. by just double-clicking), open output_converted.json - done. 

From here on, consider visiting the opOSSum user guide.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Joomla! 2.5: Multiple views, one model

Here goes MVC again: I was a bit confused that every time I created a second or third view for a component, I had to create a separate model for it. Did not make sense to me - I had the necessary algorithms in the model for the first view, did I really need to do copy & paste? I hate it! Redundancy, redundancy, redundancy. That case occurred in my current project - I created user profiles and needed an "edit" view. The data is the same, but I need to have the data in editable text fields instead of fixed labels, and maybe some other buttons here and there...  Well, some time later I realized that I just did not quite understand what Joomla! acutally means by "view".  And that there is something called "layout". Long story short: If you have a model that provides all necessary information and you just want to have a different presentation of it, just add a new .php file to your views/<yourviewname>/tmpl folder - let's call it "layo...
2 comments
Read more

Galaxy S5 Lollipop Update Issue

Disclaimer: getting anything wrong with flashing might brick your device - this is not a manual. I am not responsible for any damage to your phone or data...  -- So I finally checked the software update availability on my Samsung Galaxy S5, and guess what - the Android 5.0 update was available. Finally. I cleared up some space on my phone (it claims that it needs 3 GB of free space for the installation) and started the update. It is a big image (1.4 GB), so it takes a while to download, then the phone shuts down, restarts, and starts to install. I started wondering when the installation process started at 25%, went down to 1, up to 20, 30% and then - "error". Phone restarts, everything OK except for the fact that I still have KitKat on my phone. Tried again. Same result. Tried again. Same result. Googled it. No results. Nobody seemed to run into that same error. There was indeed an error message after the phone restarted successfully - "Try it again, try Kies or go...
Post a Comment
Read more

Pi Access Point with RTL9182CU-Adapter

Well, I tried a long time and this is mainly a note to myself: go here first: http://blog.sip2serve.com/post/38010690418/raspberry-pi-access-point-using-rtl8192cu then go here: https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point/install-software you do not need to fix the Invalid Argument error, just apply the WPA-Supplicant fix from here: http://forums.adafruit.com/viewtopic.php?f=19&t=47716&start=15
Post a Comment
Read more