-
Notifications
You must be signed in to change notification settings - Fork 11
Fossology spdx web api
Users can use wget to return file level information like sha1, license, copyright, etc.(SPDX file level spec):
wget -qO - --no-check-certificate --post-file=mypackage.tar.gz --timeout=0 http://myfossologyspdxserver/?mod=spdx_license_once&noCopyright=false
For example:
wget -qO - --no-check-certificate --post-file=./time-1.7.tar --timeout=0 https://fossologyspdx.ist.unomaha.edu/?mod=spdx_license_once&noCopyright=false
You may get:
...other files info...
FileName: getopt.h
FileType: SOURCE
FileChecksum: SHA1: c5dca7ccc0db510fa7eeff1c5edb6fe66c598652
LicenseConcluded: NOASSERTION
LicenseInfoInFile: GPL-2.0+
FileCopyrightText: copyright (c) 1989, 90, 91, 92, 93, 94 free software foundation, inc.
...other files info...
Notes:
- Because wget's default timeout is 900seconds,[--timeout=0]option could void wget re-try before the command return the value.
options:
- noCopyright: true/false. Only when this option is set to "true", copyright information will be scanned
- recursiveUnpack: true/false. Only when this option is set to "true", sent package will be recursively unpacked. Default is skipped(equals false).
The approach of the API is:
1: Unpack package by using FOSSology ununpack agent.
2: Scan unpacked files by using FOSSology nomos agent.
3: Scan unpacked files by using FOSSology copyright agent(only when option is set to "noCopyright=true").
4: Format information for output.(SPDX spec is considered now)
You can find details of above agent from here
You also can find other details about How to use FOSSology from the command line.