philips-software / bom-base Goto Github PK
View Code? Open in Web Editor NEWCaching repository for bill-of-materials metadata
License: Other
Caching repository for bill-of-materials metadata
License: Other
When a license is found to be a (valid) URL, a harvester (or just the base repository harvester) could pass the URL to the license scanner to read the referenced license and use the result of the scan instead.
Would be nice to see how many tasks are remaining in the queue, and how many packages are currently stored.
Idea would be to provide this information on a status API, and have the main client screen periodically poll that information.
In #76 we tried to fix creating verified releases.
This does not seem to work see ( https://github.com/philips-software/bom-base/releases/tag/v0.2.1 )
Add scancode in dockerfile
In #74 we've added analyse scripts.
Please add some documentation on how to use this and why you want to use this.
The scripts are part of a blog we're writing on the differences between Black Duck license information and other sources. We can also add a link to that blog in this README.
There's a list of known issues in the readme.
Move the known issues from the readme to issues to make them more contributor friendly to resolve
It more easy to see who's working on what.
Some npm trees have dependencies which are unmet. UNMET PEER DEPENDENCY
This will end-up with an 405 error in the harvester.
├─┬ @svgr/[email protected]
│ ├── @babel/[email protected] deduped
│ ├─┬ @babel/[email protected]
│ │ └── @babel/[email protected]
│ ├─┬ @babel/[email protected]
│ │ ├── @babel/[email protected]
│ │ ├── UNMET PEER DEPENDENCY @babel/core@^7.13.0
│ │ ├─┬ @babel/[email protected]
2021-07-08 15:07:38.305 ERROR 13310 --- [ pool-2] .a.i.SimpleAsyncUncaughtExceptionHandler : Unexpected exception occurred invoking async method: public void com.philips.research.bombase.core.meta.registry.QueuedTaskRunner.execute(com.github.packageurl.PackageURL,java.util.function.Consumer,java.util.function.Consumer)
com.philips.research.bombase.core.npm.NpmException: Failed to harvest pkg:npm/unmet%20peer%20dependency%20%40babel%2Fcore@%5E7.13.0
at com.philips.research.bombase.core.npm.domain.NpmHarvester.harvest(NpmHarvester.java:61) ~[classes!/:0.1.1-SNAPSHOT]
at com.philips.research.bombase.core.npm.domain.NpmHarvester.lambda$onUpdated$0(NpmHarvester.java:45) ~[classes!/:0.1.1-SNAPSHOT]
at com.philips.research.bombase.core.meta.registry.QueuedTaskRunner.lambda$execute$0(QueuedTaskRunner.java:38) ~[classes!/:0.1.1-SNAPSHOT]
at java.base/java.util.Optional.ifPresent(Optional.java:176) ~[na:na]
at com.philips.research.bombase.core.meta.registry.QueuedTaskRunner.execute(QueuedTaskRunner.java:36) ~[classes!/:0.1.1-SNAPSHOT]
at com.philips.research.bombase.core.meta.registry.QueuedTaskRunner$$FastClassBySpringCGLIB$$b8050159.invoke(<generated>) ~[classes!/:0.1.1-SNAPSHOT]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.7.jar!/:5.3.7]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) ~[spring-aop-5.3.7.jar!/:5.3.7]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.7.jar!/:5.3.7]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.7.jar!/:5.3.7]
at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115) ~[spring-aop-5.3.7.jar!/:5.3.7]
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:832) ~[na:na]
Caused by: com.philips.research.bombase.core.npm.NpmException: NPM server responded with status 405
at com.philips.research.bombase.core.npm.domain.NpmClient.query(NpmClient.java:56) ~[classes!/:0.1.1-SNAPSHOT]
at com.philips.research.bombase.core.npm.domain.NpmClient.getPackage(NpmClient.java:45) ~[classes!/:0.1.1-SNAPSHOT]
at com.philips.research.bombase.core.npm.domain.NpmHarvester.harvest(NpmHarvester.java:50) ~[classes!/:0.1.1-SNAPSHOT]
... 14 common frames omitted
Many package managers provide a generic repository URL as source location. When using this URL for download, this will yield the latest version of the default branch in the GIT repository. This is most probably not the source code for the actual package version.
The downloader understands a syntax of appending @
and the version number to a GIT URL, but this should be provided by the harvester.
Gotcha: Sometimes a Git URL is specified by a package manager with a "user" prefix, like: [email protected]/...
The ScanCode Toolkit scanner could automatically convert this internal identifier into the more common phrasing of a component being generic "Public Domain".
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.