Week 8
(July, 19 2024 - July 25, 2024)
Meeting 1
(July 24, 2024)
Attendees
- Rajul Jha
- Gaurav
- Avinal Kumar
- Katharina
Discussions
-
Gaurav discussed in detail what we need to achieve with the download dependencies task.
- The user should have ability to download dependencies for scan.
- Then they can run fossology scanners on them in CI pipeline before hand to identify potential licenses and resolve them before hand.
- We want to use the Cyclone DX toolkit for generating SBOMs of the repo.
- Then use our custom written downloader for downloading the packages from the SBOM.
- User needs to pass the language flag along with some
download-deps
flag or (something) since we are using language dependant tools.
Work Done
-
Completed refactoring the previous #PR2754:
- It follows the Don't repeat Yourself (DRY) principle.
- Add type annotations to all the functions.
- Add a new boolean flag
whole
that can be used to extract whole information from the scanners.
-
Completed the licenses line number display in the CI in the same #PR2754.
-
Started working on documenting the new scanners features locally as discussed with Shaheem.
-
Explored the scan dependencies part for the scanners. Need more clarity as to what exactly we need to achieve here.
Planning for next week
- Plan out the structure and research in depth about the download dependencies task part.
- After structuring, need to plan out and flesh out the design details for the same.
- Start working on this next major task :)