[sw360-dev] request for new repository https://github.com/sw360/capywfa

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[sw360-dev] request for new repository https://github.com/sw360/capywfa

From: Gernot Hillier <gernot.hillier@xxxxxxxxxxx>
Date: Tue, 18 Mar 2025 12:17:35 +0100
Delivered-to: sw360-dev@xxxxxxxxxxx
Feedback-id: 519:519-14443:519-21489:flowmailer
List-archive: <https://www.eclipse.org/mailman/private/sw360-dev/>
List-help: <mailto:sw360-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/sw360-dev>, <mailto:sw360-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/sw360-dev>, <mailto:sw360-dev-request@eclipse.org?subject=unsubscribe>
Organization: Siemens AG

Dear SW360 team!

I wrote a set of small workflow tools in Python, based onhttps://github.com/sw360/capycli (which I co-maintain) to automate SW360mapping and upload for large collections of packages. We use these toolswithin Siemens and Siemens Healthineers for several projects since acouple of years. From the README:

---

Main goal of this project is to automate submission of Open Sourcepackages to the [SW360](https://github.com/eclipse-sw360/sw360)component catalogue, e.g. for license clearing. It is based on[CaPyCli](https://github.com/sw360/capycli).

For now, this is mainly used for Debian and Alpine Linux packages, butmost of our building blocks might be helpful for clearing of largecollections of (linux) packages in general.


## Clearing tools

These tools are designed to provide full automation e.g. for integrationin CI pipelines, but at the same time we stay a friendly neighbour tousers creating SW360 entries interactively. Major design decisions:

* We rely on [Package URLs](https://github.com/package-url/purl-spec/)to identify software components and versions. We mostly avoid heuristics.* We try hard to not create duplicates. Existing components, releasesand attachments will be re-used if they can be identified by Package URLs.

* If no matching component is found, the SBOM item will be skipped and

the user is asked to manually identify existing components, addpackage URLs and re-run the tool.* New components can be created if the user adds additional meta-data tothe SBOM e.g. to specify the component name, homepage and description.Please use upstream names like e.g. "Perl::Critic" instead of Debian's

  "libperl-critic-perl".

* Existing attachments may be verified. If the hash doesn't match, thescripts try to automatically download, extract and compare existingattachments.

---

We think this might be helpful for other SW360 users, too, so Idiscussed this with the CaPyCli maintainer and my management and weagreed to publish it under MIT license.

Therefore, I would like to request a new repositoryhttps://github.com/sw360/capywfa for publishing the core. Who can helpme here, is there some process to be followed?

By the way, we also have dedicated tools for fetching Debian and Alpinesources from snapshot.debian.org and alpine/aports, which are also inpreparation for being published.


--
Gernot Hillier
Siemens AG, Foundational Technologies
Linux Expert Center

Follow-Ups:
- Re: [sw360-dev] request for new repository https://github.com/sw360/capywfa
  - From: Gaurav Mishra

Prev by Date: [sw360-dev] Request to Join Slack Communication for Eclipse Project Contribution
Next by Date: Re: [sw360-dev] request for new repository https://github.com/sw360/capywfa
Previous by thread: [sw360-dev] Request to Join Slack Communication for Eclipse Project Contribution
Next by thread: Re: [sw360-dev] request for new repository https://github.com/sw360/capywfa
Index(es):
- Date
- Thread

Breadcrumbs