Skip to main content

Using opOSSum with ScanCode Output - How to Convert ScanCode Output JSON to Opossum JSON

 opOSSum is a nice Open Source compliance tool which can be found on GitHub. ScanCode is another nice Open Source compliance tool which can be found on GitHub, too. While the latter provides extensive code scanning functionality, the former can create comprehensive reports and visualize scan results. One just has to figure out how to get opOSSum to read ScanCode output. 

This is not really an issue, but - as far as I can tell - has not yet been documented anywhere on the internet. opOSSum does read ScanCode json output, but it reqires some transformation beforehand. Good news: opOSSum also provides the tool to perform said transformation. 

As usual, this is more of a step-by-step-guide for noobs such as myself for future reference, but I figured maybe this can be of use for the community as well. 

Prerequisites: 

1. Get ScanCode

Just get it from https://github.com/nexB/scancode-toolkit/releases, I chose scancode-toolkit-XX.X.X_sources.tar.xz, and unpack it

2. Get opOSSum

Download recent version from https://github.com/opossum-tool/OpossumUI/releases/ - if you're on linux like me, choose OpossumUI-for-linux.AppImage. If this is your first time using the AppImage format (it was for me) note that in order to use the file you need to make it executable (right click, properties, permissions, allow executing file as program). 

3. Get opOSSum tool to transform json

As I mentioned before we need to transform ScanCode output JSON to opOSSum JSON. Thererfore, head over to https://github.com/opossum-tool/opossum.lib.hs and download the sources. 

Now at some point - I don't quite remember when - either scanning or transforming failed because zlib was missing. So just to make sure you don't run into these troubles, check if it does exist on your system:

Bash:     whereis zlib 

If no results (i.e. zlib locations) show up, get zlib. For ubuntu, zlib can be installed through your package manager, the package is zlib1g-dev. 

4. Scan the code with ScanCode

Assuming you came here for a reason, you probably already know what you want to scan. If you're just trying out things, just use one of the downloads above. 

To produce a ScanCode.json, use the following command: 

Bash:    /path/to/ScanCode/scancode -clpieu --json-pp /path/to/output.json /path/to/codeyouwanttoscan/

What's clpieu? These are the options scanning the input for copyright, licenses, packages, other info, emails and URLs. Other info includes size, type, date, programming language, hashes etc. (see https://scancode-toolkit.readthedocs.io/en/latest/cli-reference/list-options.html)  

5. Convert to opOSSum-json

Bash:     /path/to/oppossum-lib-hs/opossum-lib-exe.sh --scancode /path/to/output.json > /path/to/output_converted.json 

where output.json is the file from step 4

6. Use output in opOSSum

Run file from step 2 (e.g. by just double-clicking), open output_converted.json - done. 

From here on, consider visiting the opOSSum user guide.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Joomla! 2.5: Multiple views, one model

Here goes MVC again: I was a bit confused that every time I created a second or third view for a component, I had to create a separate model for it. Did not make sense to me - I had the necessary algorithms in the model for the first view, did I really need to do copy & paste? I hate it! Redundancy, redundancy, redundancy. That case occurred in my current project - I created user profiles and needed an "edit" view. The data is the same, but I need to have the data in editable text fields instead of fixed labels, and maybe some other buttons here and there...  Well, some time later I realized that I just did not quite understand what Joomla! acutally means by "view".  And that there is something called "layout". Long story short: If you have a model that provides all necessary information and you just want to have a different presentation of it, just add a new .php file to your views/<yourviewname>/tmpl folder - let's call it "layo...
1 comment
Read more

Joomla / Eclipse: Use Eclipse to edit files

Even though I could use any Editor or Notepad, after some days of Joomla! I was yearning for some syntax highlighting and maybe even automatic code completion... I did some Java programming in the past, and I am really used to the Eclipse IDE. Eclipse IDE for JavaScript Web Developers seemed to be a good deal for what I was up to do, so I gave it a try. I feel kind of stupid even posting about this, but upon starting up Eclipse, I started to wonder how I would do that - being that Eclipse works with projects, and I didn't want to put all of my components into an Eclipse workspace, and I didn't want to put up a subversioning system. Turns out it is quite simple: Right-click somewhere in the package explorer,  select 'New', 'Project...'. In the dialog, open the folder 'General' and select 'Project'. Click 'Next'. For the name, I usually put the com_componentname / mod_modulename, as in my file system. But I don't think it matters....
Post a Comment
Read more

Win 7 / App Data Folders Empty

Some time ago, I observed something strange happening to my laptop: all of my menu entries in my start menu (and "all programs" menu) vanished, the task bar icons changed into a "unknown file type" icon, and nothing but Firefox was working any more. My personal files didn't seem to be affected, except for the folder "App Data". It still had all of its folders, but they were left empty. I could literally watch the menu items disappear. I could do nothing against it. A virus? A bug? I have no clue. Very nice: all of my emails were gone, too. Of course. Including all of my vacation plans, confirmation emails etc. A very good friend of mine pointed to a free tool called " Shadow Explorer ". I learned that Windows 7 creates " Shadow Copies " of nearly everything on the computer. This tool enables you to see these copies (up to about 2 or 3 weeks in the past) and recover the files. I was able to recover most of my missing app da...
Post a Comment
Read more