README: Welcome to our GITHUB!

SYSTEM DESCRIPTION

Our system uses a forked version of DoSOCsv2 which contains a feature that gives dosocs a pom.xml and its artifacts and source files and relays dependency information in the corresponding table

The feature works by performing a oneshot scan on the artifacts. It then creates a temporary directory in the current folder, it will then copy all the transitive dependencies from the original pom.xml into the temp directory. When this is accomplished dosocs then creates documents for all the dependencies in the temp folder. It also generates external document references to refer to the project artifacts document and various metadata which are needed to render dependency relationship information.

Referances: to https://docs.python.org/2/tutorial/inputoutput.html

http://perldoc.perl.org/functions/exec.html

http://perldoc.perl.org/

SYSTEM ENVIRONMENT

Ubuntu 14.04

http://www.ubuntu.com/download/desktop

Python 2.7.x

<ul><p>https://www.python.org/downloads/</p></ul>

Perl 2.7.6

<ul><p>http://askubuntu.com/questions/119700/how-do-i-update-install-perl</p></ul>

Install Notes

These are the install notes for installing system envrionment to run the plugin.

DoSOCSV2:

Install Instructions: Follow the instruction to install our DoSOCSV2 branch https://github.com/Ayy-ay-oos/DoSOCSv2

Download Dosocs branch Zip file and install in Documents folder

Configuration

Step 1 - Download and install

Based on configuration from https://github.com/DoSOCSv2/DoSOCSv2

Grab the source tarball for the latest release](https://github.com/ttgurney/dosocs2/releases) and use `pip` to install it as a package. If you are not inside a virtualenv you may have to run `pip` as root (not recommended!). Replace `0.x.x` with the latest release version number.

$ tar xf 0.x.x.tar.gz
$ pip install ./dosocs2-0.x.x

Step 2 - Change the default configuration

Not required, but strongly recommended, is to generate an initial config file:

$ dosocs2 newconfig
dosocs2: wrote config file to /home/tom/.config/dosocs2/dosocs2.conf

The default config points to a SQLite database stored in your home directory. For example, for user tom, this database would be created at /home/tom/.config/dosocs2/dosocs2.sqlite3. If you like, you can open the config file and change the connection_uri variable to use a different location for the database.

If you have FOSSology installed, you also need to set the path of the default nomos scanner if it is not already correct. Likewise for any of the other supported scanners you want to use (see doc/scanners.md)

Step 3 (Optional) - Add PostgreSQL configuration

Follow this step if you want to use PostgreSQL instead of SQLite for the SPDX database.

You will have to create the spdx (or whatever name you want) role and database yourself. I recommend setting a different password than the one given...:

$ sudo -u postgres psql
psql (9.3.9)
Type "help" for help.

postgres=# create role spdx with login password 'spdx';
CREATE ROLE
postgres=# create database spdx with owner spdx;
CREATE DATABASE

Then change the connection_uri variable in your dosocs2.conf:

# connection_uri = postgresql://user:pass@host:port/database
connection_uri = postgresql://spdx:spdx@localhost:5432/spdx

Step 4 - Database setup

Finally, to create all necessary tables and views in the database:

$ dosocs2 dbinit

You only need to do this once. This command will drop all existing tables from your SPDX database, so be careful!

Usage

The simplest use case is scanning a package, generating a document, and printing an SPDX document in one shot:

$ dosocs2 oneshot package.tar.gz
dosocs2: package.tar.gz: package_id: 1
dosocs2: running nomos on package 1
dosocs2: package.tar.gz: document_id: 1
[... document output here ...]

Also works on directories:

$ dosocs2 oneshot ./path/to/directory

The scan results and other collected metadata are saved in the database so that subsequent document generations will be much faster.

To just scan a package and store its information in the database:

$ dosocs2 scan package.tar.gz
dosocs2: package_tar_gz: package_id: 456
dosocs2: running nomos on package 456

In the default configuration, if a scanner is not specified, only nomos is run by default. It gathers license information, but is a bit slow. One can use the -s option to explicitly specify which scanners to run:

$ dosocs2 scan -s nomos_deep,dependency_check package.tar.gz
dosocs2: package_tar_gz: package_id: 456
dosocs2: running nomos_deep on package 456
dosocs2: running dependency_check on package 456

After dosocs2 scan, no SPDX document has yet been created. To create one in the database (specifying the package ID):

$ dosocs2 generate 456
dosocs2: (package_id 456): document_id: 123

Then, to compile and output the document in tag-value format:

$ dosocs2 print 123
[... document output here ...]

Use dosocs2 --help to get the full help text. The doc directory here also provides more detailed information about how dosocs2 works and how to use it.

Maven 3.0.5:

Install Instructions: Follow the instructions to install Maven. https://maven.apache.org/docs/3.0.5/release-notes.html

Run command:

 sudo apt-get install maven

Check mavens version by running:

 mvn -version

It will show something like: Apache Maven 3.0.5 Maven home: /usr/share/maven Java version: 1.7.0_51, vendor: Oracle Corporation Java home: /usr/lib/jvm/java-7-openjdk-amd64/jre Default locale: en_US, platform encoding: UTF-8 OS name: "linux", version: "3.13.0-24-generic", arch: "amd64", family: "unix"

  Verify Maven repo location is /urs/share/maven-repo

Install and Configure Perl

  Sudo apt-get update
  sudo apt-get upgrade
  sudo apt-get install –y perl
  sudo apt-get install libfile-find-rule-perl
  cpan Modern::Perl

Create a folder named perl in your documents folder. Here is where you will run the plugin and where 
the dependency tree information will be stored.  Place the pom file, that is to be scanned, into this 
folder and name it pom.xml. It is important that theses are in the correct place for the plugin to run.

After running, you will see a file named mvn.txt that stored the dependency tree before it is scanned
and put into DoSocs.

Running plugin

Download souce from source folder called plugin.pl
Run plugin with line: Perl plugin.pl

COPYRIGHT

Donatien Adjadohoun

Aayush Khadka

Faisal Al Rashdi

Mikayla Newton

SOURCE LICENSE

GPLv2:

The licensed under GPLv2

https://spdx.org/licenses/GPL-2.0.html

CC:

You are free to share, copy and redistribute the material in any medium or format. Adapt, remix, transform, and build upon the material for any purpose, even commercially.

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

DOCUMENT LICENSE

Attribution 4.0 International:

This is a human-readable summary of (and not a substitute for) the license.

https://creativecommons.org/licenses/by/4.0/

COMMUNICATION PLAN

As a group we plan to use guthub as our main point of communication. We create issues to log the parts that we are wprking on and allow us all to see what each other is working on and to ask question pertaining to our plugin code and repository.

Data Flow Diagram

SPDX Schema