Week 8

(July, 19 2024 - July 25, 2024)

Meeting 1

(July 24, 2024)

Attendees

• Rajul Jha
• Gaurav
• Avinal Kumar
• Katharina

Discussions

• Discussed potential improvements in the #PR1 with Avinal

• Gaurav discussed in detail what we need to achieve with the download dependencies task.

  • The user should have ability to download dependencies for scan.
  • Then they can run fossology scanners on them in CI pipeline before hand to identify potential licenses and resolve them before hand.
  • We want to use the Cyclone DX toolkit for generating SBOMs of the repo.
    • Then use our custom written downloader for downloading the packages from the SBOM.
  • User needs to pass the language flag along with some download-deps flag or (something) since we are using language dependant tools.

Work Done

• Completed refactoring the previous #PR2754:

  • It follows the Don't repeat Yourself (DRY) principle.
  • Add type annotations to all the functions.
  • Add a new boolean flag whole that can be used to extract whole information from the scanners.

• Completed the licenses line number display in the CI in the same #PR2754.

• Started working on documenting the new scanners features locally as discussed with Shaheem.

• Explored the scan dependencies part for the scanners. Need more clarity as to what exactly we need to achieve here.

Planning for next week

• Plan out the structure and research in depth about the download dependencies task part.
• After structuring, need to plan out and flesh out the design details for the same.
• Start working on this next major task :)