Simple Java implementation of a scanner for the OSSKB (Open Source KB).
** Deprecated **
This project is not actively maintained.
For an up-to-date API/SDK/CLI implementation, please refer to the Python CLI.
The code can be used as a library, or as a CLI.
A jar with dependencies is generated by Maven Assembly plugin using mvn package.
Usage:
usage: scanner
-blacklist <arg> Scan and blacklist components in SBOM file
-f,--format <arg> Optional format for the scan result. One of: plain,
spdx, cyclonedx
-h Shows usage
-identify <arg> Scan and identify components in SBOM file
-ignore <arg> Scan and ignore components in SBOM file
-o,--output <arg> Save output to file
To build the code please run:
mvn clean package
And to test run:
java -jar target/scanner-*-jar-with-dependencies.jar
To publish please run:
mvn deploy -Dmaven.test.skip=true
It should then be possible to find it on Maven Central.
If the staging environment is used, then details for releasing it can be found here.
This reference code illustrates the usage of the SCANOSS API to obtain file identification against the OSSKB without sending the actual code, but instead the WFP hashes
The provided FILE is read into memory, WFP fingerprints are calculated and sent to the OSSKB API
Results are printed via STDOUT.
scanner.java is released under the Apache 2.0 license. Please check the LICENSE file for further details.