You are viewing a plain text version of this content. The canonical link for it is here.

Posted to general@incubator.apache.org by Xun Hu <xu...@futurewei.com> on 2019/09/04 16:07:46 UTC

What is the best tool to scan the code?

Hi, all,

We have one open source project, and I would like to find a tool to scan the code before we open it.

What is the best tool you can recommend to us?

Best,
-xun



---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

Re: What is the best tool to scan the code?

Posted by "Tan,Zhongyi" <ta...@baidu.com>.



    3) license analysis

You can try fossology， it is an open source project under linux foundation

Re: What is the best tool to scan the code?

Posted by Romain Manni-Bucau <rm...@gmail.com>.

Hi,

1. ossindex from sonatype covers a lot
2. not sure what you means, findbugs or more checkstyle/pmd?
3. rat plugin for example (see apache creadur tools too, there are license
tools). Also note that with the initial dep review + review of the license
each time a new dep is added in standard asf review flow you rarely need to
scan them actually.
4. you can also check binary only contains your code + deps so no need to
rescan in such a case.

Blackduck is good but does not scale well for huge projects (> 60 modules)
and is not free, sourceclear is also a not that bad alternative but is not
free too I think.

My 2cts being that the previous setup works well for asf projects, stays
free and integrated to the build (compared to blackduck or sourceclear
which are using two steps/async process as solutions).

Hope it helps

Le mer. 4 sept. 2019 à 23:13, Xun Hu <xu...@futurewei.com> a écrit :

> We would like to scan our code to:
> 1) dependency analysis
> 2) snippet matching
> 3) license analysis
> 4) binary analysis  - optional
>
> We found one paid solution - black duck, not sure there is any open source
> solution on the market.
>
> Thanks,
> -xun
>
> -----Original Message-----
> From: Justin Mclean <ju...@classsoftware.com>
> Sent: Wednesday, September 4, 2019 1:59 PM
> To: general@incubator.apache.org
> Subject: Re: What is the best tool to scan the code?
>
> HI,
>
> > We have one open source project, and I would like to find a tool to scan
> the code before we open it.
>
> Sorry but it unclear to me, what you what to scan the code for.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Re: What is the best tool to scan the code?

Posted by Justin Mclean <ju...@classsoftware.com>.

HI,

> We would like to scan our code to:
> 1) dependency analysis

Most build tools can do this.

> 2) snippet matching

I don’t know of any open source project that does this, but that not to say ones doesn’t exist.

> 3) license analysis

Apache Rat is a simple tool that can help with this, if you want something more detailed try Fossology.

Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

RE: What is the best tool to scan the code?

Posted by Xun Hu <xu...@futurewei.com>.

We would like to scan our code to:
1) dependency analysis
2) snippet matching
3) license analysis
4) binary analysis  - optional

We found one paid solution - black duck, not sure there is any open source solution on the market.

Thanks,
-xun

-----Original Message-----
From: Justin Mclean <ju...@classsoftware.com> 
Sent: Wednesday, September 4, 2019 1:59 PM
To: general@incubator.apache.org
Subject: Re: What is the best tool to scan the code?

HI,

> We have one open source project, and I would like to find a tool to scan the code before we open it.

Sorry but it unclear to me, what you what to scan the code for.

Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org

Re: What is the best tool to scan the code?

Posted by Justin Mclean <ju...@classsoftware.com>.

HI,

> We have one open source project, and I would like to find a tool to scan the code before we open it.

Sorry but it unclear to me, what you what to scan the code for.

Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org