SCANOSS Python Library

The SCANOSS python package provides a simple, easy to consume library for interacting with SCANOSS APIs/Engine.

Installation

To install (from pypi.org), please run:

pip3 install scanoss

Usage

The package can be run from the command line, or consumed from another Python script.

For more details, please look at PACKAGE.md.

Container Usage

To leverage the CLI from within a container, please look at GHCR.md.

Development

Before starting with development of this project, please read our CONTRIBUTING and CODE OF CONDUCT.

Requirements

Python 3.9 or higher.

The dependencies can be found in the requirements.txt and requirements-dev.txt files.

To install dependencies, run:

pip3 install -r requirements.txt
pip3 install -r requirements-dev.txt

To enable dependency scanning, an extra tool is required: scancode-toolkit

pip3 install -r requirements-scancode.txt

Pre-commit Setup

This project uses pre-commit hooks to ensure code quality and consistency. To set up pre-commit, run:

pip3 install pre-commit
pre-commit install

This will install the pre-commit tool and set up the git hooks defined in the .pre-commit-config.yaml file to run automatically on each commit.

Devcontainer Setup

To simplify the development environment setup, a devcontainer configuration is provided. This allows you to develop inside a containerized environment with all necessary dependencies pre-installed.

To use the devcontainer setup:

1. Install Visual Studio Code.
2. Install the Remote - Containers extension.
3. Open the project in Visual Studio Code.
4. Run

cp .devcontainer/devcontainer.example.json .devcontainer/devcontainer.json

5. Update the devcontainer.json file with the desired settings.
6. When prompted, reopen the project in the container.

This will build the container defined in the .devcontainer folder and open a new Visual Studio Code window connected to the container.

Package Development

More details on Python packaging/distribution can be found here, here, and here.

It is good practice to set up a Virtual Env (venv) to isolate and simplify development/testing. If using PyCharm, please follow these instructions.

In order to develop/test a Python package, it is necessary to register the package locally. This can be done using the following command:

python3 setup.py develop --user

There is also a Makefile in the repository, which provide helpers to achieve this:

make dev_setup

The client now makes use of REST & gRPC. For gRPC specific environment variables please look here.

Package Deployment

Packaging the library for deployment is done using setup.

Versioning

The version of the package is defined in the scanoss init file. Please update this version before packaging/releasing an update.

Packaging

To package the library, please run:

make dist

Deployment

This project uses twine to upload packages to pypi.org. In order to run twine, a user needs to be registered with both TestPyPI and PyPI. Details for using TestPyPI can be found here and PyPI here.

Once the credentials have been stored in $HOME/.pypirc, the following command can be run:

make publish_test

This will deploy the package to TestPyPI. Run some tests to verify everything is ok.

Then deploy to prod:

make publish

This will deploy the package to PyPI.

The package will then be available to install using:

pip3 install scanoss

GitHub Actions

There are a number of workflows setup for this repository. They provide the following:

• Local build/test
  • Automatically triggered on pushes or PRs to main. Can also be run manually for other branches
• Local container build/test
  • Automatically triggered on pushes or PRs to main. Can also be run manually for other branches
• Publish to Test PyPI
  • Can be manually triggered to push a test version from any branch
• Publish to PyPI
  • Build and publish the Python package to PyPI (triggered by v*.. tag)
• Publish container to GHCR
  • Build and publish the Python container to GHCR (triggered by v*.. tag)

Bugs/Features

To request features or alert about bugs, please do so here.

Changelog

Details of major changes to the library can be found in CHANGELOG.md.

Background

Details about the Winnowing algorithm used for scanning can be found here.

Dataset License Notice

This application is licensed under the MIT License. In addition, it includes an unmodified copy of the OSADL copyleft license dataset (osadl-copyleft.json) which is licensed under the Creative Commons Attribution 4.0 International license (CC-BY-4.0) by the Open Source Automation Development Lab (OSADL) eG.

Attribution: A project by the Open Source Automation Development Lab (OSADL) eG. Original source: https://www.osadl.org/fileadmin/checklists/copyleft.json