Open RajGuru878 opened 1 year ago
@RajGuru878 We would need more context to provide in order to reproduce the issues and provide any kind of help.
@tdruez please find error screenshot.
@RajGuru878 Thanks! Have you followed the instructions at https://scancodeio.readthedocs.io/en/latest/installation.html#run-the-app ?
What is the URL you a trying to reach for example in that screenshort?
@tdruez yeah i followed and configured same and i am trying with my system ip
Have you added your system ip in ALLOWED_HOSTS
and CSRF_TRUSTED_ORIGINS
?
@tdruez added and previously it was scanning but now it is giving that error.
@RajGuru878 Have you tried to use http://127.0.0.1 or http://localhost in place of your local ip?
previously it was scanning but now it is giving that error
Any changes since it was working? Did you update the code or something on the server?
@tdruez , while in localhost, it is working fine. But it is not scanned any package details and their version.
while in localhost, it is working fine. But it is not scanned any package details and their version.
@RajGuru878 Ok but let's not mixed up unrelated issues. I'm assuming your CSRF issues is now fixed.
Now, it seems that you are expecting some data from the scan_package
. Is the normcap
file input an archive?
@tdruez , When i load with localhost on that same system where i hosted, its working. When i will try to load that from my system (host) ip no, its giving CSRF error. I used link from github for normcap.
I used link from github for normcap.
@RajGuru878 Providing the actual link would help to reproduce the problem.
@tdruez this is the link i used to scan packages, i.e https://github.com/dynobo/normcap.git
@RajGuru878 scan_package
works on archives.
From the documentation:
Scan a single package archive with ScanCode-toolkit.
The URL you are providing is a git repo, not an archive.
Use one of the release links and it should work fine, for example: https://github.com/dynobo/normcap/archive/refs/tags/v0.5.0-beta1.zip
@tdruez It is scanned but it is not showing its package details and their versions.
@pombredanne any input on this detection?
Hello @tdruez Can anybody please help me in this. Whenever i am trying to scan packages, i am unable to get proper details from packages and dependencies section. Its only scanning resources. Not able to fetch dependencies and packages. Please help me to get those packages and dependencies or please guide me how i can scan those?
In below example i used to scan jitsi source code. Here only it is scanning resources not any packages and dependencies. For jitsi code i used this mentioned link https://github.com/jitsi/jitsi-meet
@RajGuru878 there is no "package" metadata that I can see inside the archive at https://github.com/jitsi/docker-jitsi-meet/archive/refs/tags/stable-8960-1.zip ... and it does not contain Jitsi source code proper, just container images build scripts.
Jitsi source code proper would be something such as at https://github.com/jitsi/jitsi-meet/archive/refs/tags/stable/jitsi-meet_8960.tar.gz
Or you could be scanning the docker image(s) of Jitsi with a project with a docker
pipeline using an input URL such as docker://jitsi/jibri:unstable-2023-10-27
Beyond this, here are a few directions for the case of this standalone repo, because I think we can do better and still report some packages:
We could treat Dockerfiles/Containerfiles as package data. See https://github.com/nexB/scancode-toolkit/issues/3561 but these would not be full top level packages IMHO.
We should create a top level package when using ScanCode.io with a "scan_package" pipeline and may be other pipelines.
For 2. we could infer a PURL from the download URL, and otherwise create a generic PURL.
pkg:github/jitsi/docker-jitsi-meet@stable-8960-1
pkg:generic/www.antlr2.org/antlr@2.7.7?download_url=https://www.antlr2.org/download/antlr-2.7.7.tar.gz
with new heuristics to design.
1.While we upload new project, its not moving forward. Its showing only file upload windows.