2 Star 7 Fork 2

SCANOSS / webhook

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
贡献代码
同步代码
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
Loading...
README
BSD-3-Clause

SCANOSS Webhook logo

SCANOSS Webhook

The SCANOSS webhook is a multiplatform webhook that performs source code scans against the SCANOSS API. Supports integration with GitHub, GitLab and BitBucket APIs.

SCANOSS provides a source code scanner that can be used to detect Open Source dependencies in your code.

The purpose of this code is to offer a reference implementation that can be expanded to suit the needs of individuals and organisations.

Installation

Once you have built the python wheel (Check out the Building instructions), you can install SCANOSS webhook using pip: pip install -U dist/*.whl

Configuration

Integration with Git repositories

The specific instructions to install SCANOSS webhook depend on the particular vendor. SCANOSS webhook requires to be configured to receive pull requests, and be allowed to post commit comments and set the build status.

To test the webhook, once configured, you can perform a commit. If all permissions are right and everything goes smoothly, you should see that the webhook has created a comment in your commit, containing a summary of the scan results.

Github

Create a Personal Access Token

Go to your user Settings > Developer Settings. Select Personal access Tokens, select Generate new token button.

Select the following scopes:

  • repo:status
  • repo_deployment
  • public_repo

Click on Generate token and save the token generated.

Configure the webhook

To configure the SCANOSS Webhook in a repository, go to the repository Settings > Webhooks. The click on Add a Webhook.

Fill in the Add webhook form:

  • Add the webhook URL as the Payload URL
  • Select Content Type application/json
  • Add a secret
  • The webhook needs to receive push events only.
  • Make sure that Active is checked.

Configuration example

github:
  api-base: https://api.github.com # Or your local GitHub Enterprise API endpoint
  api-user: your-api-user
  api-key: your-personal-access-token
  secret-token: your-secret-token
scanoss:
  url: https://api-url-for-scanoss.example.com
  token: my-scanoss-token

Bitbucket

Create an App password

On the webhook user's settings, you can create an App password, with repository write permissions.

Configure the webhook

  1. From Bitbucket, open the repository where you want to add the webhook.
  2. Click the Settings link on the left side.
  3. From the links on the Settings page, click the Webhooks link.
  4. Click the Add webhook button to create a webhook for the repository. The Add new webhook page appears. Fill in the name, and URL, and make sure that the webhook can receive pull requests.

You can check the extended instructions on the Bitbucket webhooks documentation

Configuration example

bitbucket:
  api-base: https://bitbucket.org/ # This can also be your local bitbucket deployment URL.
  api-key: your-bb-app-password
  api-user: your-bb-user-name
scanoss:
  url: https://api-url-for-scanoss.example.com
  token: my-scanoss-token

GitLab

Generate an Access Token

In GitLab, on the webhook user's settings, select Access Tokens. Fill in a name and expiry date, and select api scope. Then Create personal access token. Take note of the token generated.

Configure the webhook

In GitLab, go to the repository where you want to install the webhook. Then select settings, then Webhook. Fill in the form with the URL of the webhook, add a secret token, and check Push events.

Configuration example

gitlab:
  api-base: https://gitlab.com/api/v4 # This can also be your local GitLab API endpoint
  api-key: your-gitlab-access-token
  secret-token: your-secret-token
scanoss:
  url: https://api-url-for-scanoss.example.com
  token: my-scanoss-token

Contributing

Please see our Contributing Guide and our Code of Conduct.

Building

Python 3 is required. It uses setuptools to build a PIP wheel.

  • Install dependencies: make init && make init-dev

  • Generate a new wheel: make dist. The binaries will be located under dist.

Copyright (C) 2017-2020, SCANOSS Ltd. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

简介

SCANOSS Webhook是一個多平台Webhook,可對SCANOSS API執行源代碼掃描。 支持與Gitee,Github,GitLab和BitBucket API集成。 SCANOSS提供了一個源代碼掃描程序,可用於檢測代碼中的開放源代碼依賴項。 該代碼的目的是提供一個參考實現,可以對其進行擴展以適合個人和組織的需求。 展开 收起
Python
BSD-3-Clause
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
Python
1
https://gitee.com/SCANOSS/webhook.git
git@gitee.com:SCANOSS/webhook.git
SCANOSS
webhook
webhook
master

搜索帮助

14c37bed 8189591 565d56ea 8189591