search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.57k stars 308 forks source link

Support GitHub Dependency submission API #5523

Open tsteenbe opened 2 years ago

tsteenbe commented 2 years ago

GitHub's Dependency submission API allows you to submit dependencies for projects, such as the dependencies resolved when a project is built or compiled, see https://docs.github.com/en/rest/dependency-graph/dependency-submission

As ORT generally detects dependencies better than GitHub I propose we add a feature to ORT to allow users to upload found dependencies to GitHub's Dependency submission API. We could then use this feature in ORT for GitHub Action developed in https://github.com/oss-review-toolkit/ort/issues/3512

mnonnenmacher commented 2 years ago

The notifier module would probably be a good place to implement this.

sschuberth commented 2 years ago

Hmm, I would have rather thought of a reporter that pushes results to the remote API rather than writing to a local file.

tsteenbe commented 2 years ago

For consistency I recommend we do the same as we did for SW360 as both are about uploading dependency info ... or if we decide to do things differently for Dependency submission API to update our SW360 support

sschuberth commented 2 months ago

We could probably just re-use the model classes from here.