-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When we display package manifest and lock files, hyperlink to the upstream package repo web page #403
Comments
@pombredanne can I work on this |
@soma2000-lang sure thing. If you do, I think starting with requirements.txt files would be great. Another easy one would be go.mod and go.sum |
Ok |
@pombredanne is this issue unresolved?. I would love to work on it in case it is before mentioned. |
@the-illuminatus I have not heard back from Soma and there has been no pending PRs... so go for it! |
Sure, thanks!
…On Sun, 10 Apr 2022, 10:19 pm Philippe Ombredanne, ***@***.***> wrote:
@the-illuminatus <https://github.com/the-illuminatus> I have not heard
back from Soma and there has been no pending PRs... so go for it!
Note that you can likely reuse the URL templates and functions to get the
proper URL that exist in scancode-toolkit packagedcode code. See
https://github.com/nexB/scancode-toolkit/blob/fff140efd68dd0098f09ad1bc675569f1f1ad6ae/src/packagedcode/pypi.py#L1163
—
Reply to this email directly, view it on GitHub
<#403 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASKNS5G4GWQZJ3NACQTFQVLVEMBCNANCNFSM5PIPHJTQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
A good example of a similar UI would be the hyperlinking in this https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/Gemfile ... or https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python/-/blob/v2/requirements.txt |
Sure will look into it.
…On Mon, 25 Jul 2022, 9:58 pm Philippe Ombredanne, ***@***.***> wrote:
A good example of a similar UI would be the hyperlinking in this
https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium/-/blob/master/Gemfile
... or
https://gitlab.com/gitlab-org/security-products/analyzers/gemnasium-python/-/blob/v2/requirements.txt
In the SCIO UI, when we look a Codebase Resource content and that's a
manifest file, we should get the URLs collected from SCTK or just use a few
heuristics to hyperlink to the public package repo
—
Reply to this email directly, view it on GitHub
<#403 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ASKNS5D5UQCBDFDLSBRHAV3VV26CFANCNFSM5PIPHJTQ>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
@the-illuminatus Thanks! note also that @lf32 was interested in fixing it. |
@pombredanne is this issue still open? |
Yes, It's open |
@lf32 @pombredanne |
Yes @melencholicmice, this is still in open. |
@pombredanne @lf32 Hello sir i had few doubts in this issue , i will be really thankful if you can help me in them
|
We have to make the hyperlink in resource view in scancode.io. Let's assume we scan using this download URL: https://github.com/nexB/python-inspector/releases/download/v0.9.4/python-inspector-0.9.4.tar.gz and use the scan_codebase/scan_package pipeline. We will have a Here each requirement will be a hyperlink, i.e.
The code could go in https://github.com/nexB/scancode.io/blob/main/scanpipe/pipes/resolve.py, but this can be discussed more in the PR review stage, first step would be to get something working first, maybe with a few supported type of manifests, then we can think more about generalizing and supporting more lockfiles/manifests. |
Greetings @pombredanne and @AyanSinhaMahapatra, I have executed ScanCode.io locally and comprehended the issue along with the anticipated outcome, and I'd love to fix this. As this is my first endeavor in resolving an issue for a public project, I kindly request guidance on how to commence the process and identification of the particular file requiring code adjustments. Thank you! |
When we display a package manifest or lockfile in the resource details, we should have a way to add a hyperlink to the upstream repository web page for this repo: for instance when we browse a requirements.txt lockfile, if it contains:
scancode-toolkit==30.0.1
we should recognize this and link to https://pypi.org/project/scancode-toolkit/30.1.0/We can parse manifests alright and we can create URLs based on the ScanCode TK packagedcode classes.
The text was updated successfully, but these errors were encountered: