-
Notifications
You must be signed in to change notification settings - Fork 11
Fossology spdx web api
Users can use wget to return file level information like sha1, license, copyright, etc.(SPDX file level spec):
wget -qO - --no-check-certificate --post-file=mypackage.tar.gz --timeout=0 http://myfossologyspdxserver/?mod=spdx_license_once
For example:
wget -qO - --no-check-certificate --post-file=./time-1.7.tar --timeout=0 https://fossologyspdx.ist.unomaha.edu/?mod=spdx_license_once
You may get:
FileName: getopt.h
FileType: SOURCE
FileChecksum: SHA1: c5dca7ccc0db510fa7eeff1c5edb6fe66c598652
LicenseConcluded: NOASSERTION
LicenseInfoInFile: GPL-2.0+
FileCopyrightText: copyright (c) 1989, 90, 91, 92, 93, 94 free software foundation, inc.
Notes:
- Because wget's default timeout is 900seconds,[--timeout=0]option could void wget re-try before the command return the value.
The approach of the API is:
1: Unpack package by using FOSSology ununpack agent.
2: Scan unpacked files by using FOSSology nomos agent.
3: Scan unpacked files by using FOSSology copyright agent.
3: Format information for output.(SPDX spec is considered now)
You can find details of above agent from here
You also can find other details about How to use FOSSology from the command line.