Analyze Codebase (Command Line)
The focus of this tutorial is to guide you through scanning a codebase package using ScanCode.io.
Note
This tutorial assumes you have a recent version of ScanCode.io installed locally on your machine and running with Docker. If you do not have it installed, see our Installation guide for instructions.
Requirements
Before you follow the instructions in this tutorial, you need to:
Install ScanCode.io locally
Have Shell access on the machine where ScanCode.io is installed
Instructions
Create a new directory in your home directory that will be used to put the input code to be scanned.
$ mkdir -p ~/codedrop/
Download the following package archive and save it to the ~/codedrop/ directory: asgiref-3.3.0-py3-none-any.whl
$ curl https://files.pythonhosted.org/packages/c0/e8/578887011652048c2d273bf98839a11020891917f3aa638a0bc9ac04d653/asgiref-3.3.0-py3-none-any.whl --output ~/codedrop/asgiref-3.3.0-py3-none-any.whl
Create an alias to the
scanpipe
command executed through thedocker compose
command line interface with:
$ alias scanpipe="docker compose -f ${PWD}/docker-compose.yml run --volume ~/codedrop/:/codedrop:ro web scanpipe"
Create a new project named
asgiref
:
$ scanpipe create-project asgiref
>> Project asgiref created with work directory /var/scancodeio/workspace/projects/asgiref-35519104
Add the package archive to the project workspace’s input/ directory:
$ scanpipe add-input --project asgiref --input-file /codedrop/asgiref-3.3.0-py3-none-any.whl
>> File copied to the project inputs directory:
- asgiref-3.3.0-py3-none-any.whl
Add the
scan_codebase
pipeline to your project:
$ scanpipe add-pipeline --project asgiref scan_codebase
>> Pipeline scan_codebase added to the project
Note
The content of the input/ directory will be copied in the
codebase/ directory where extractcode
will be executed before
running scancode
.
Alternatively, the codebase content can be manually copied to the
codebase/ directory in which case the --input
option can be
omitted.
Run the
scan_codebase
pipeline on your project. The pipeline execution progress is shown within the following command’s output:
$ scanpipe execute --project asgiref
>> Pipeline scan_codebase run in progress..
Pipeline [scan_codebase] starting
Step [copy_inputs_to_codebase_directory] starting
Step [copy_inputs_to_codebase_directory] completed in 0.00 seconds
Step [extract_archives] starting
[...]
Pipeline completed
scan_codebase successfully executed on project asgiref
Finally, export the scan results as JSON format:
$ scanpipe output --project asgiref --format json --print > asgiref-3.3.0_results.json
Tip
The inputs
and pipelines
can be provided at the same time when
calling the create-project
command. For instance, the following command
will create a new project named asgiref2
, add the package archive as the
project input, add the scan_codebase
pipeline to the project, and
execute it:
$ scanpipe create-project asgiref2 \
--input-file /codedrop/asgiref-3.3.0-py3-none-any.whl \
--pipeline scan_codebase \
--execute
>> Project asgiref2 created with work directory /var/scancodeio/workspace/projects/asgiref2-bea7a5e9
File copied to the project inputs directory:
- asgiref-3.3.0-py3-none-any.whl
Start the scan_codebase pipeline execution...
[...]
Pipeline completed
scan_codebase successfully executed on project asgiref2