Replies: 3 comments
-
|
@basm77 re:
There is no such thing as "upstream" servers, so nothing is shared anywhere. You can run ScanCode.io is an air-gapped, isolated network alright. We do maintain a public server for the PurlDB, which in turn has its own dedicated ScanCode.io worker, but nothing is "shared" anywhere outside of these servers too.
Again, there is no such thing as "upstream" servers, so nothing is shared anywhere. With that said, we are working on a system to share SBOM and vulnerability data called https://github.com/nexB/federatedcode/ and when deployed, we will deployed and share a public an open repository of SBOMs and scans for all open source package that are tracked there. |
Beta Was this translation helpful? Give feedback.
-
|
@pombredanne thanks for your reply. Could you please let me know whether scancode.io supports licence violation/conflicts checks in the code? |
Beta Was this translation helpful? Give feedback.
-
@basm77 Yes! This is known in ScanCode.io as "License policies" and "Compliance alerts". You can learn more about those concept following the dedicated tutorial at https://scancodeio.readthedocs.io/en/latest/tutorial_license_policies.html |
Beta Was this translation helpful? Give feedback.
-
Hi,
I tried to setup the server as run with docker image and started the app using docker compose.
I ran the code scanning pipeline namely scan_code, vulnerability
I would like to know when running the scans is the code getting shared to any upstream servers used by scancode.io. ?
And is the sbom contents are read or viewed by scanocode.io upstream servers?
Beta Was this translation helpful? Give feedback.
All reactions