Analyze Codebase (Command Line)

The focus of this tutorial is to guide you through scanning a codebase package using ScanCode.io.

Note

This tutorial assumes you have a current version of ScanCode.io installed locally on your machine. If you do not have it installed, see our Installation guide for instructions.

Requirements

Before you follow the instructions in this tutorial, you need to:

  • Install ScanCode.io locally

  • Download the following package archive and save it to your home directory: asgiref-3.3.0-py3-none-any.whl

  • Have Shell access on the machine where ScanCode.io is installed

Instructions

  • Open a shell in the ScanCode.io installation directory and activate the virtual environment - virtualenv:

$ source bin/activate
>> (scancodeio) $
  • Create a new project named asgiref:

$ scanpipe create-project asgiref
>> Project asgiref created with work directory projects/asgiref-072c89db
  • Add the package archive to the project workspace’s input/ directory:

$ scanpipe add-input --project asgiref --input-file ~/asgiref-3.3.0-py3-none-any.whl
>> File(s) copied to the project inputs directory:
  - asgiref-3.3.0-py3-none-any.whl
  • Add the scan_codebase pipeline to your project:

$ scanpipe add-pipeline --project asgiref scan_codebase
>> Pipeline(s) added to the project

Note

The content of the input/ directory will be copied in the codebase/ directory where extractcode will be executed before running scancode. Alternatively, the codebase content can be manually copied to the codebase/ directory in which case the --input option can be omitted.

  • Run the scan_codebase pipeline on your project. The pipeline execution progress is shown within the following command’s output:

$ scanpipe execute --project asgiref
>> Pipeline scan_codebase run in progress..
   2021-07-12 17:45:53.85 Pipeline [scan_codebase] starting
   2021-07-12 17:45:53.85 Step [copy_inputs_to_codebase_directory] starting
   2021-07-12 17:45:53.86 Step [copy_inputs_to_codebase_directory] completed in 0.00 seconds
   2021-07-12 17:45:53.86 Step [extract_archives] starting
   [...]
   2021-07-12 17:46:01.61 Pipeline completed
  • Finally, you can view your scan results in JSON or CSV file formats inside the project’s output/ directory.

Tip

The inputs and pipelines can be provided at the same time when calling the create-project command. For instance, the following command will create a new project named asgiref, add the package archive as the project input, add the scan_codebase pipeline to the project, and execute it:

$ scanpipe create-project asgiref \
    --input-file ~/asgiref-3.3.0-py3-none-any.whl \
    --pipeline scan_codebase \
    --execute