Week 11
(Aug, 09 2024 - Aug 15, 2024)
Meeting 1
(Aug 14, 2024)
Attendees
- Rajul Jha
- Gaurav
- Avinal Kumar
- Katharina
Discussions
- Showed the demo of the download dependencies feature to Gaurav and got feedback for the same.
- Discussed using the
ununpack
agent for unpacking the downloaded packages rather than the current dependency on python libraries. - Rather than taking an input directory as input to the
--sbom-path
, it would be better to take a single file as input.- Software projects only have one
sbom
as a convention. So, if the project is using multiple languages or dependencies, then they are combined to a single sbom file, which can be passed to our scanner. - We want to implement different parsers for different languages. So, we need a parent class of the parsers whose job is to set which parser should handle a particular component.
- We can differentiate between languages and which parser to use based on the
purl
for the component.
- Software projects only have one
- Got a new feature request in order to allow scanning a particular directory by providing the path to it via CLI.
Work Done
- Implemented the feature of scanning dependencies using
fossologyscanner
.- Introduced a module
ScanDeps
that has a Parsers file that contains specific parsers for each supported language. - Currently, it has
PythonParser
only. Working onNPMParser
. The job of the parsers is to take the sbom file and extract the download urls from it, save it in a particular format like a tuple of(<package_name> , <download_url>)
. - These results are then fed to a
Downloader
class that has methods to concurrently download these packages from the urls, and then extract them from their respective formats to a directory calledpkg_downloads
.- The
download_concurrently
method improves the speed of downloading and exporting packages significantly by allowing multiple downloads to run on different threads parallelly.
- The
- Introduced a module
- Started working on the new feature and improving the different parsers.
Planning for next week
- Complete the PythonParser and raise a PR for the same.
- Complete the directory scan feature and raise a PR.
- Start working on
NPMParser
next.