Quick Jar scan - Githubissues

aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!

https://github.com/aboutcode-org/scancode-toolkit/releases/

2.1k stars 542 forks source link

Quick Jar scan #218

Open pombredanne opened 8 years ago

pombredanne commented 8 years ago

I received this suggestion: being able to quickly scans Java Jars, focusing on the META-INF directory and packages and not on the whole content for a quick scan could be very useful and this without requiring a full archive extraction

mjherzog commented 8 years ago

Wouldn't this be a packagecode scan for Jar metadata rather than scancode?

pombredanne commented 8 years ago

well yes and no. packagedcode is just a module of scancode, so this would likely be a scan with code effectively in the packagedcode module from scancode.

dmlangdon commented 8 years ago

I appreciate your willingness to look at this. Not sure of the implementation details, but personally I think this should be built into scancode an not a separate option. Doesn't sound like it would be, but this seems like a logical extension of the tool functionality.

pombredanne commented 8 years ago

@dmlangdon this would not be a separate option, but built in a standard scancode scan.

pombredanne commented 8 years ago

@dmlangdon The reference to packagedcode is about which Python package the corresponding code would live in.