The SCANOSS webhook is a multiplatform webhook that performs source code scans against the SCANOSS API. Supports integration with GitHub, GitLab and BitBucket APIs.
SCANOSS provides a source code scanner that can be used to detect Open Source dependencies in your code.
The purpose of this code is to offer a reference implementation that can be expanded to suit the needs of individuals and organisations.
Once you have built the python wheel (Check out the Building instructions), you can install SCANOSS webhook using pip: pip install -U dist/*.whl
The specific instructions to install SCANOSS webhook depend on the particular vendor. SCANOSS webhook requires to be configured to receive pull requests, and be allowed to post commit comments and set the build status.
To test the webhook, once configured, you can perform a commit. If all permissions are right and everything goes smoothly, you should see that the webhook has created a comment in your commit, containing a summary of the scan results.
Go to your user Settings > Developer Settings. Select Personal access Tokens, select Generate new token button.
Select the following scopes:
repo:status
repo_deployment
public_repo
Click on Generate token and save the token generated.
To configure the SCANOSS Webhook in a repository, go to the repository Settings > Webhooks. The click on Add a Webhook.
Fill in the Add webhook form:
application/json
push
events only.github:
api-base: https://api.github.com # Or your local GitHub Enterprise API endpoint
api-user: your-api-user
api-key: your-personal-access-token
secret-token: your-secret-token
scanoss:
url: https://api-url-for-scanoss.example.com
token: my-scanoss-token
On the webhook user's settings, you can create an App password, with repository write permissions.
You can check the extended instructions on the Bitbucket webhooks documentation
bitbucket:
api-base: https://bitbucket.org/ # This can also be your local bitbucket deployment URL.
api-key: your-bb-app-password
api-user: your-bb-user-name
scanoss:
url: https://api-url-for-scanoss.example.com
token: my-scanoss-token
In GitLab, on the webhook user's settings, select Access Tokens. Fill in a name and expiry date, and select api scope. Then Create personal access token. Take note of the token generated.
In GitLab, go to the repository where you want to install the webhook. Then select settings, then Webhook. Fill in the form with the URL of the webhook, add a secret token, and check Push events.
gitlab:
api-base: https://gitlab.com/api/v4 # This can also be your local GitLab API endpoint
api-key: your-gitlab-access-token
secret-token: your-secret-token
scanoss:
url: https://api-url-for-scanoss.example.com
token: my-scanoss-token
Please see our Contributing Guide and our Code of Conduct.
Python 3 is required. It uses setuptools to build a PIP wheel.
Install dependencies: make init && make init-dev
Generate a new wheel: make dist
. The binaries will be located under dist
.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
1. 开源生态
2. 协作、人、软件
3. 评估模型