-
Both CPE and PURL are open 'standards' of sorts. On the surface, it appears that OSS Index does some internal mappings between PURL and CPE via a one-way reference. This is likely simplistic to what a…
-
Dear @scanossdev
I hope this message finds you well. From ScanOSS, we are constantly reviewing open source code and noticed the use of language that could be considered vulgar or inappropriate on on…
-
Currently, for performance reasons (see https://github.com/oss-review-toolkit/ort/issues/7028), the matched lines are not fetched from FossID.
However it seems the current snippet model is not capa…
-
As ORT is an orchestrator, it should allow to configure BlackDuck as scanner where code snippet can be scanned and result can be stored in ORT backend storage i.e. PostgreSQL
High Level Considerati…
-
### Description
When installing scancode-toolkit-mini in a clean system using pip it installs successfully, but produces this error when trying to execute it:
File "/Users/egans/PycharmProject…
-
I maintain a project called "Coq Platform" which is essentially a set of opam packages. I would like to drag the license information for the ReadMe from opam. Almost all packages do have a license fie…
-
Hi!
I am using the `openchain-telco-sbom-validator `to validate my SPDX output. Although the error table is empty, the validator still shows a message saying the SPDX is not compliant with the OpenCh…
-
## Feature Request
### Description of Problem:
What InnerSource metrics would be valuable to measure around each InnerSource project in the Financial Industry to understand:
1. The value of the…
-
I'm running docker on commit 8c0bbf6582544465c1f77973a9724c41cd191624. It produces the following error.
```
=> ERROR [builder 4/11] COPY ./dist/scanoss-*-py3-none-any.whl /install/ …
-
### Description
It would be very useful to generate SBOM with purl entries through [purl2cpe](https://github.com/scanoss/purl2cpe) which is licensed under MIT. My basic idea would be to fill purl e…