[
Date Prev][Date Next][
Thread Prev][Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [sw360-dev] request for new repository https://github.com/sw360/capywfa
|
Hi Gaurav!
Oh, yes, sorry, I only noticed I forgot to mention my username after
sending the mail. :-( But yes, gernot-h is exactly the right one. :-)
Many thanks for the quick answer and setting up the project already!
Will start pushing our sources there shortly.
--
Best regards,
Gernot
On 19.03.25 08:52, Gaurav Mishra wrote:
Hello Gernot,
It is great news that you want to contribute this tool to the community,
that too under MIT license.
Being a veteran of the SW360 community, I have created the requested
repository https://github.com/sw360/capywfa <https://github.com/sw360/
capywfa> for you.
Can you please confirm "gernot-h" is your GitHub username so I can
invite you as a maintainer.
Thanks and regards,
Gaurav Mishra
On Tue, 18 Mar 2025 at 16:47, Gernot Hillier via sw360-dev <sw360-
dev@xxxxxxxxxxx <mailto:sw360-dev@xxxxxxxxxxx>> wrote:
Dear SW360 team!
I wrote a set of small workflow tools in Python, based on
https://github.com/sw360/capycli <https://github.com/sw360/capycli>
(which I co-maintain) to automate SW360
mapping and upload for large collections of packages. We use these
tools
within Siemens and Siemens Healthineers for several projects since a
couple of years. From the README:
---
Main goal of this project is to automate submission of Open Source
packages to the [SW360](https://github.com/eclipse-sw360/sw360
<https://github.com/eclipse-sw360/sw360>)
component catalogue, e.g. for license clearing. It is based on
[CaPyCli](https://github.com/sw360/capycli <https://github.com/
sw360/capycli>).
For now, this is mainly used for Debian and Alpine Linux packages, but
most of our building blocks might be helpful for clearing of large
collections of (linux) packages in general.
## Clearing tools
These tools are designed to provide full automation e.g. for
integration
in CI pipelines, but at the same time we stay a friendly neighbour to
users creating SW360 entries interactively. Major design decisions:
* We rely on [Package URLs](https://github.com/package-url/purl-
spec/ <https://github.com/package-url/purl-spec/>)
to identify software components and versions. We mostly avoid
heuristics.
* We try hard to not create duplicates. Existing components, releases
and attachments will be re-used if they can be identified by Package
URLs.
* If no matching component is found, the SBOM item will be skipped and
the user is asked to manually identify existing components, add
package URLs and re-run the tool.
* New components can be created if the user adds additional meta-
data to
the SBOM e.g. to specify the component name, homepage and
description.
Please use upstream names like e.g. "Perl::Critic" instead of Debian's
"libperl-critic-perl".
* Existing attachments may be verified. If the hash doesn't match, the
scripts try to automatically download, extract and compare existing
attachments.
---
We think this might be helpful for other SW360 users, too, so I
discussed this with the CaPyCli maintainer and my management and we
agreed to publish it under MIT license.
Therefore, I would like to request a new repository
https://github.com/sw360/capywfa <https://github.com/sw360/capywfa>
for publishing the core. Who can help
me here, is there some process to be followed?
By the way, we also have dedicated tools for fetching Debian and Alpine
sources from snapshot.debian.org <http://snapshot.debian.org> and
alpine/aports, which are also in
preparation for being published.
--
Gernot Hillier
Siemens AG, Foundational Technologies
Linux Expert Center
_______________________________________________
sw360-dev mailing list
sw360-dev@xxxxxxxxxxx <mailto:sw360-dev@xxxxxxxxxxx>
To unsubscribe from this list, visit https://www.eclipse.org/
mailman/listinfo/sw360-dev <https://www.eclipse.org/mailman/
listinfo/sw360-dev>
