You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by Xun Hu <xu...@futurewei.com> on 2019/09/04 16:07:46 UTC
What is the best tool to scan the code?
Hi, all,
We have one open source project, and I would like to find a tool to scan the code before we open it.
What is the best tool you can recommend to us?
Best,
-xun
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: What is the best tool to scan the code?
Posted by "Tan,Zhongyi" <ta...@baidu.com>.
3) license analysis
You can try fossology, it is an open source project under linux foundation
Re: What is the best tool to scan the code?
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi,
1. ossindex from sonatype covers a lot
2. not sure what you means, findbugs or more checkstyle/pmd?
3. rat plugin for example (see apache creadur tools too, there are license
tools). Also note that with the initial dep review + review of the license
each time a new dep is added in standard asf review flow you rarely need to
scan them actually.
4. you can also check binary only contains your code + deps so no need to
rescan in such a case.
Blackduck is good but does not scale well for huge projects (> 60 modules)
and is not free, sourceclear is also a not that bad alternative but is not
free too I think.
My 2cts being that the previous setup works well for asf projects, stays
free and integrated to the build (compared to blackduck or sourceclear
which are using two steps/async process as solutions).
Hope it helps
Le mer. 4 sept. 2019 à 23:13, Xun Hu <xu...@futurewei.com> a écrit :
> We would like to scan our code to:
> 1) dependency analysis
> 2) snippet matching
> 3) license analysis
> 4) binary analysis - optional
>
> We found one paid solution - black duck, not sure there is any open source
> solution on the market.
>
> Thanks,
> -xun
>
> -----Original Message-----
> From: Justin Mclean <ju...@classsoftware.com>
> Sent: Wednesday, September 4, 2019 1:59 PM
> To: general@incubator.apache.org
> Subject: Re: What is the best tool to scan the code?
>
> HI,
>
> > We have one open source project, and I would like to find a tool to scan
> the code before we open it.
>
> Sorry but it unclear to me, what you what to scan the code for.
>
> Thanks,
> Justin
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
Re: What is the best tool to scan the code?
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
> We would like to scan our code to:
> 1) dependency analysis
Most build tools can do this.
> 2) snippet matching
I don’t know of any open source project that does this, but that not to say ones doesn’t exist.
> 3) license analysis
Apache Rat is a simple tool that can help with this, if you want something more detailed try Fossology.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
RE: What is the best tool to scan the code?
Posted by Xun Hu <xu...@futurewei.com>.
We would like to scan our code to:
1) dependency analysis
2) snippet matching
3) license analysis
4) binary analysis - optional
We found one paid solution - black duck, not sure there is any open source solution on the market.
Thanks,
-xun
-----Original Message-----
From: Justin Mclean <ju...@classsoftware.com>
Sent: Wednesday, September 4, 2019 1:59 PM
To: general@incubator.apache.org
Subject: Re: What is the best tool to scan the code?
HI,
> We have one open source project, and I would like to find a tool to scan the code before we open it.
Sorry but it unclear to me, what you what to scan the code for.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: What is the best tool to scan the code?
Posted by Justin Mclean <ju...@classsoftware.com>.
HI,
> We have one open source project, and I would like to find a tool to scan the code before we open it.
Sorry but it unclear to me, what you what to scan the code for.
Thanks,
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org