Support Black Duck Hub as a snippet scanner

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

https://oss-review-toolkit.org

Apache License 2.0

1.62k stars 313 forks source link

Support Black Duck Hub as a snippet scanner #4632

Open porsche-rishisaxena opened 3 years ago

porsche-rishisaxena commented 3 years ago

As ORT is an orchestrator, it should allow to configure BlackDuck as scanner where code snippet can be scanned and result can be stored in ORT backend storage i.e. PostgreSQL

High Level Consideration

Analyzer-result.yml generated by running analyzer
API call request to BlackDuck transforming .yml meta-data to .json format
API response from BlackDuck in .json format
scan-result from black-duck stored in ORT backend storage i.e., PostgreSQL
scan-result is fed into ORT evaluate to report for generating various output formats such as Web App, and JSON.

sschuberth commented 3 years ago

Also see #3265 and #2819, FYI.

sschuberth commented 2 years ago

Maybe also @JeroenKnoops's BlackDuck GitHub Action is of interest in this context.

tsteenbe commented 2 years ago

@porsche-rishisaxena Can you update this issue to make clear whether BlackDuck means Protex or Hub?

tsteenbe commented 2 years ago

Clarified in ORT developer meeting of July 7th, 2022 - it's Black Duck Hub not the legacy Black Duck Protex IP

nnobelis commented 1 year ago

Hello,

We are in the process of designing a common abstraction to represent the snippets in the ORT model. This abstraction will be submitted to the ORT community. Our plan is to support FossID and SCANOSS but we would like, if possible, to support also Blackduck.

Could someone provide a sample response of Blackduck (ideally on the Semver4j project), so we can have a look at their data model for snippets ?

JeroenKnoops commented 1 year ago

@nnobelis What kind of format do you require? The SPDX output?