Week 11

(Aug, 09 2024 - Aug 15, 2024)

Meeting 1

(Aug 14, 2024)

Showed the demo of the download dependencies feature to Gaurav and got feedback for the same.
Discussed using the ununpack agent for unpacking the downloaded packages rather than the current dependency on python libraries.
Rather than taking an input directory as input to the --sbom-path, it would be better to take a single file as input.
- Software projects only have one sbom as a convention. So, if the project is using multiple languages or dependencies, then they are combined to a single sbom file, which can be passed to our scanner.
- We want to implement different parsers for different languages. So, we need a parent class of the parsers whose job is to set which parser should handle a particular component.
- We can differentiate between languages and which parser to use based on the purl for the component.
Got a new feature request in order to allow scanning a particular directory by providing the path to it via CLI.

Implemented the feature of scanning dependencies using fossologyscanner.
- Introduced a module ScanDeps that has a Parsers file that contains specific parsers for each supported language.
- Currently, it has PythonParser only. Working on NPMParser. The job of the parsers is to take the sbom file and extract the download urls from it, save it in a particular format like a tuple of (<package_name> , <download_url>).
- These results are then fed to a Downloader class that has methods to concurrently download these packages from the urls, and then extract them from their respective formats to a directory called pkg_downloads.
  - The download_concurrently method improves the speed of downloading and exporting packages significantly by allowing multiple downloads to run on different threads parallelly.
Started working on the new feature and improving the different parsers.