One of the industry partners told us it is really hard for them to determine which version of a project a piece of source code (in particular C++ projects) belongs to. This, for instance, is needed when a company has included a set of C++ libraries, but they don't know which versions they have.
We want to be able to generate a Software Bill of Materials (SBOM) based on a large folder filled with code. As the code should not be sent to the DB, we must make sure it's only a check command.
The method could be as follows:
Parse the project
Identify potential projects (say: more than 10 matches for one project)
Checkupload all tagged versions of those projects
Do another check to get the exact version of that project
The input in this case will most probably be a directory and not a git repo.
One of the industry partners told us it is really hard for them to determine which version of a project a piece of source code (in particular C++ projects) belongs to. This, for instance, is needed when a company has included a set of C++ libraries, but they don't know which versions they have.
We want to be able to generate a Software Bill of Materials (SBOM) based on a large folder filled with code. As the code should not be sent to the DB, we must make sure it's only a check command.
The method could be as follows:
The input in this case will most probably be a directory and not a git repo.