Optionally scan package files too #83
Comments
AyanSinhaMahapatra
added a commit
that referenced
this issue
May 6, 2024
For rootfs pipelines (rootfs, docker, docker-windows) all package files which were a part of system packages had their status updated and consequently were not being scanned for licenses, copyrights, emails and urls. We were also not scanning package metadata files tagged as application packages in scan_codebase and the rootfs pipelines. This commit scans all package files and package metadata files to make sure we are not missing any information. Reference: #762 Reference: #1194 Reference: #83 Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
AyanSinhaMahapatra
added a commit
that referenced
this issue
May 6, 2024
For rootfs pipelines (rootfs, docker, docker-windows) all package files which were a part of system packages had their status updated and consequently were not being scanned for licenses, copyrights, emails and urls. We were also not scanning package metadata files tagged as application packages in scan_codebase and the rootfs pipelines. This commit scans all package files and package metadata files to make sure we are not missing any information. Reference: #762 Reference: #1194 Reference: #83 Signed-off-by: Ayan Sinha Mahapatra <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Files that are detected as part of a package are not further scanned in the default pipelines. We should have a few pipeline extras to allow optionally to:
fetch and scan corresponding source code with scancode TK(done to PurlDB)The text was updated successfully, but these errors were encountered: