Create library to find the corresponding source code for a package #374
Assignees
Comments
3 tasks
pombredanne
changed the title
pombredanne
changed the title
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Add documentation and cosmetic refactor Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
pombredanne
added a commit
that referenced
this issue
May 6, 2024
Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com>
TG1999
added a commit
that referenced
this issue
May 9, 2024
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
TG1999
added a commit
that referenced
this issue
May 9, 2024
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
TG1999
added a commit
that referenced
this issue
May 9, 2024
* Create purl2vcs library #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Create purl2vcs library #374 Add documentation and cosmetic refactor Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Make purl2vcs tests pass #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Streamline and update main purldb version Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Remove cruft from purl2vcs pyproject #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Prepare move to purl2vcs dir #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Move all to purl2vcs dir #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Add purl2vcs to configure #374 Reference: #374 Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> * Fix dependencies #374 Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com> * Remove docs from configure #374 Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com> --------- Signed-off-by: Philippe Ombredanne <pombredanne@nexb.com> Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com> Co-authored-by: Tushar Goel <tushar.goel.dav@gmail.com>
|
This has been released at https://pypi.org/search/?q=purl2vcs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I would like to have a flexible library to find the corresponding source code for a package
Core features for this are already part of the find source module and here what I would like if a specific reusable and documented library that wraps this feature so it can be reused in ScanCode.io, VulnerableCode and PurlDB.
The library can be stored in the purldb repo (like the purldb toolkit) but should be released as it own PyPI package for reuse
For PurlDB, an outcome would be also to update or create the package set once the source repo is found and ensure it is further indexed.
Some notes:
Finding the repo and the commits of a version is sometimes difficult because in many cases the information is not directly available in a package archive metadata and we may need to dive deeper in key files, other files or other packages in the set.
The typical flow would be assuming PURL inputs:
The text was updated successfully, but these errors were encountered: