GithubHelp home page GithubHelp logo

spdx / license-coverage-grader Goto Github PK

View Code? Open in Web Editor NEW
7.0 7.0 10.0 1.01 MB

This is a tool which take an SPDX document and pointer to the original source files, and determine a "grade" score to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.

Python 100.00%
license-coverage license-grader licence spdx

license-coverage-grader's Introduction

license-coverage-grader

This is a tool which take an SPDX document and pointer to the original source files, and determine a "grade" score to quantify how complete the licensing information is at the file level for the code represented by the SPDX document.

Project setup

Ideal OS: Ubuntu 16.04 LTS

Ideal python version: 2.7

1- The virtual environment we use for this repo is virtualenv.

create a folder named "license-grader-env"(you can call this folder anything you want, but this is cleaner), and navigate to it.

mkdir license-grader-env && cd license-grader-env

2- Make that folder a virtual environment

virtualenv .

3- Clone the repository

git clone https://github.com/spdx/license-coverage-grader.git

4- Navigate to the project you just cloned

cd license-coverage-grader/

5- Activate the virtual environment.

source ../../bin/activate

6- Now, install the utility, using pip.

pip install --editable .

This will give you access to a whole new lot of non fab commands, as described below.

Available terminal commands / functions

Requirement: Inorder to run the commands listed below,

i) you should be in the path:

license-grader-env/license-coverage-grader/license_grader$

ii) You must have the virtualenv activated:

If in license-grader-env/license-coverage-grader/license_grader$ , Run source ../../bin/activate

ALL THE COMMANDS BELOW HAVE A --help OPTION WHICH DISPLAYS DESCRIPTIVE MESSAGES.

For instance:

spdx-coverage-grade --help

Outputs:

Usage: grade [OPTIONS]

  Grades a source package

Options:
  --verbose          Will print verbose messages.
  --spdx TEXT        The spdx document.
  --package TEXT     The source package.
  --lines INTEGER    The min number of code lines allowed.
  --percent INTEGER  The min matching percentage.
  --help             Show this message and exit.

THE SAME GOES FOR THE scan, check and analyse methods.

1- Spdx document scan

if you have install the project with pip; spdx-coverage-scan --spdx ~/path/doc.spdx Scans the spdx document, and outputs the results in an xml format as a string, on the terminal. These results are not printed to a file. An example output is shown below:

    <spdx_file>
      <data>
          <item>
              <file val="src/lib/Makefile" />
              <license_info val="LINFO-1 LINFO-2" />
              <license_concluded val="LICO-1 LICO-2" />
          </item>
          <item>
              <file val="src/pkgagent/agent_tests/testdata/fossology-1.2.0-1.el5.i386.rpm/etc/init.d/fossology" />
              <license_info val="NOASSERTION" />
              <license_concluded val="NOASSERTION" />
          </item>
          <item>
              <file val="src/testing/dataFiles/TestData/archives/fossI16L518.7z/fossology/agents/foss_license_agent/licinspect/Makefile" />
              <license_info val="NOASSERTION" />
              <license_concluded val="NOASSERTION" />
          </item>
      </data>
  </spdx_file>

2- Package analysis

if you have install the project with pip; spdx-coverage-analyse --package ~/path_to_source_package Analyses the package it receives, and outputs the analysis results in an xml format as a string, on the terminal. An example output is shown below:

<?xml version="1.0"?><results>
<header>
  <cloc_url>http://cloc.sourceforge.net</cloc_url>
  <cloc_version>1.60</cloc_version>
  <elapsed_seconds>7.50479102134705</elapsed_seconds>
  <n_files>733</n_files>
  <n_lines>134231</n_lines>
  <files_per_second>97.6709408583149</files_per_second>
  <lines_per_second>17886.0410127592</lines_per_second>
</header>
<files>
  <file name="cadasta-platform/functional_tests/pages/Registration.py" blank="18" comment="2" code="64"  language="Python" />
  <file name="cadasta-platform/cadasta/templates/allauth/account/email.html" blank="21" comment="0" code="64"  language="HTML" />
  <file name="cadasta-platform/cadasta/questionnaires/views/api.py" blank="16" comment="0" code="64"  language="Python" />
  <file name="cadasta-platform/cadasta/party/urls/default.py" blank="6" comment="0" code="64"  language="Python" />
</files>
</results>
Analysing the source package: 3.90155696869 seconds

Done.

3- Check

if you have install the project with pip; spdx-coverage-check --spdx ~/path_to_spdx_document --package ~/path_to_source_package --lines 0 --percent 0 This Scans the pdx document and analyses the source package to determine how compatible they are.

4- Grader

if you have install the project with pip; spdx-coverage-grade --spdx ~/path_to_spdx_document --package ~/path_to_source_package --lines 0 --percent 0 This runs the package analysis and the spdx file scan commands described above, but does not output any other result appart from the license coverage grade attributed to the package; as show below:

The package matches the spdx file by 0.0, the lowest permitted value is: 0
Preliminary scan as established a match between the spdx document and the source files. Proceeding ...
GRADE:  F with 0.0 %  pass for files_with_license_concluded
GRADE:  F with 0.0 %  pass for files_with_any_kind_of_license_infos

license-coverage-grader's People

Contributors

jorgeraujo avatar krysnuvadga avatar paulolimac avatar satyabrat35 avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

jorgeraujo satyabrat35 krysnuvadga paulolimac ekongobie dalavancloud gorinovic cnuvadga sst-yoshizumi

license-coverage-grader's Issues

Pename cmds.py

Description

Rename cmds.py with a more descriptive name. By 'descriptive', the name should reflect the content of the file in relation to the project objective

Renaming the commands

Maybe I understand the README wrongly, but from how it reads, I fear that after installing license-coverage-grader, the command names would be too generic and therefore confusing or even clashing with some other commands on the system.

Therefore I would propose to rename them as follows:

  • gradespdx-coverage-grade
  • scanspdx-coverage-scan
  • checkspdx-coverage-check
  • analysespdx-coverage-analyse

You can probably think of a more meaningful name for at least the last three commands. I just wanted to mention what could potentially be an issue.

Great to see this tool exist, BTW! Kudos 👍

Add Repo Description

@goneall add this as a description to the repo "This is a tool which take an SPDX document and pointer to the original source files, and determine a "grade" score to quantify how complete the licensing information is at the file level for the code represented by the SPDX document. "

For topics you could just add 'license-coverage', 'license-grader', 'licence' and 'spdx'

Continuous Integration

To eliminate the long and tedious integration process, it will be good practice to integrate Travis CI with this repo

Missing Docstring

Most of the classes and methods are missing python document string. Adding docstring to these class and methods will be good for code maintenance and readability

Add Automated Unit Test

This code already contain some unit test. Adding more automated unit tests will do it some good

Replace the source package analyser

Initially we have used ‘cloc’ to scan and analyse the source package for valid lines of code. Given that ‘cloc’ has its downsides which rendered some results inaccurate, a new python tool tailored to be integrated with the license coverage grader instead of cloc will be a plus.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.