Skip to main content

Week 2

(June 10, 2025 - June 16, 2025)

Meeting 2

(June 12, 2025)

Attendees

Discussions

  • Added a new “Reuse from OSSelot” section to the upload page’s Reuse Configuration tab, including all necessary frontend changes for selecting and downloading OSSelot reports.
  • Jan recommended using OSSelot’s own REST API (instead of the GitHub API) to fetch package versions and SPDX data.
  • Jan will present my changes to the OSSelot contributors for feedback; I’ll incorporate their suggestions in the next iteration.

Updates

  1. Analyzed the existing Reuse Configuration workflow

    • Traced how the upload page currently handles reuse settings.

  2. Implemented the “Reuse from OSSelot” UI

    • Created the frontend layout and interactions.

    • Screenshots:

      • reuse-from-osselot1
      • reuse-from-osselot2

  3. Explored OSSelot’s data endpoints

    • Reviewed the JSON schema at https://github.com/Open-Source-Compliance/package-analysis/tree/main/analysed-packages to understand how version lists and SPDX payloads are structured.

  4. Built an OsselotHelper utility

    • Implemented methods to fetch available versions and download the corresponding SPDX report for a given package.

Plan for Next Week

  1. Deep dive into the Report-Import agent: map out its current workflow for ingesting external reports.
  2. Integrate OSSelot reports into the agent: adapt the Report-Import logic to accept and process OSSelot-sourced SPDX files.
  3. Incorporate contributor feedback: review suggestions from OSSelot maintainers and refine API integration and frontend behavior.
  4. Switch fully to the OSSelot API: remove any remaining GitHub API calls and ensure all version/SPDX fetches use the official OSSelot endpoints.