You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Following #720 and nexB/purldb#87 we need to have a pipeline that would only populate the packages and dependencies (and eventually later on also resolve dependencies)
The goal is to ensure that the purlDB is kept always up-to-date with the set of packages effectively used in a development codebase.
Separately I would like to have a way to determine if any of the package populated in the purlDB here has any license or origin issues based on data clarity and accuracy (using summaries, scores, --todo, package set, policies, compliance alerts, etc. and TBD )and I want to be alerted to review and eventually curate the issues that were uncovered, by exception.
Ideally there would be some minimal request/ticket system where a form would be posted for any item that would need further review. The ideal outcome would be to push and store a curated version of the package data (possibly in the purldB as part of a package set with a "curated" type) , or some ABOUT file that I could download to save in my codebase.
The text was updated successfully, but these errors were encountered:
pombredanne
changed the title
run a package-only scan on a codebase
Run a package-only scan on a codebase as a new pipeline - Proactively scan and review all my packages
Jul 21, 2023
Following #720 and nexB/purldb#87 we need to have a pipeline that would only populate the packages and dependencies (and eventually later on also resolve dependencies)
The goal is to ensure that the purlDB is kept always up-to-date with the set of packages effectively used in a development codebase.
The overall process would be:
Separately I would like to have a way to determine if any of the package populated in the purlDB here has any license or origin issues based on data clarity and accuracy (using summaries, scores, --todo, package set, policies, compliance alerts, etc. and TBD )and I want to be alerted to review and eventually curate the issues that were uncovered, by exception.
Ideally there would be some minimal request/ticket system where a form would be posted for any item that would need further review. The ideal outcome would be to push and store a curated version of the package data (possibly in the purldB as part of a package set with a "curated" type) , or some ABOUT file that I could download to save in my codebase.
The text was updated successfully, but these errors were encountered: