search

sourcegraph / sourcegraph-public-snapshot

Code AI platform with Code Search & Cody
https://sourcegraph.com
Other
10.11k stars 1.27k forks source link

FOSSA extension #715

Open sqs opened 5 years ago

sqs commented 5 years ago

@xizhao is interested in FOSSA building a license and security extension that would show, for any repo/dir/file, a list of license- and security-related warnings. These would be for the entire repo/dir/file (not per-line). The content would be something like a list of links to CVEs and a link to more info about them on FOSSA. It should work for public and private code and with public and self-hosted FOSSA instances.

@xizhao see https://about.sourcegraph.com/blog/extension-authoring for instructions and examples. It’s in alpha but we are 100% committed to it and will address anything you run into. @ryan-blunden can chime in.

ryan-blunden commented 5 years ago

Hey @xizhao, I'd love to help you get started. It's a perfect use case for a Sourcegraph extension.

I'm working on an extension skeleton generator as we speak, but for now, I'd recommend you start with the hello world tutorial. That will take you through installing everything you need to build and publish to the Sourcegraph extension registry.

Ping me on Twitter if you'd like to set up some time to chat.

ryan-blunden commented 5 years ago

@xizhao We now have documentation for extension authoring.

ryan-blunden commented 5 years ago

@xizhao We now have an extension creator and improved documentation

There is also sample code for an extension that lints Dockerfiles which may provide some of the functionality the FOSSA extension needs.