SCA License Text Collector

Yes

What is License Text Collector?

The purpose of this tool is to collect the license text from various open-source forges like github, npm, nuget and update the Notices Text field in the FlexNet Code Insight Inventory details for the specified project or an inventory utilizing the available RESTAPIs within the FlexNet Code Insight and the respective forge APIs.

The tool is available as a jar file in a public Github Repository - SCA-License-Collector

Why License Text Collector?

Currently we do not have any mechanism or a particular feature to update the notices text for an inventory automatically. It would require some manual effort. So, this tool can be used to update the notices text in an automated way.

How does it Work?

This tool makes live calls to two FNCI APIs to get the inventories of a particular project or a particular inventory whose ID is specified.
- Project scope = project/inventory/{project_id}
- Inventory scope = inventories/{inventory_id}
Please refer to the API documentation-REST API guide, available in the product.
To collect the license text from opensource repositories, we make use of the respective forge APIs.
After the license text collection, it calls the FNCI API to update the notices text field of an inventory.

Supported Forges:

Github
Nuget
NPMJS

Prerequisites

Java version: 1.8 and above
FNCI base URL
A GitHub personal access token is required to avoid REST API call limitations.
FlexNet Code Insight Auth Token is required to access FlexNet Code Insight REST APIs.

Inputs:

Project Scope: project ID
Inventory Scope: inventory ID
Overwrite: True/False
By Default, Overwrite=false. If there are existing notices, they won't be overwritten.

Running the jar:

Download the jar from the github repository. Please refer to the link above.
From the jar, extract the application.properties file and place it in the same location as the jar.
Edit the application.properties file as below:
1. Update the app.auth.github.token variable in the application.properties file with your personal access token value in place of "<githubToken>".
2. Update the app.auth.fnci.token variable in the application.properties file with your personal access token value in place of "<authToken>".
3. Update the app.fnci.base.url with the FNCI URL- http://<host>:<port>/codeinsight/api/
4. Update the app.fnci.api.queryParam with appropriate query parameters for project or inventory API based on the given input(project or inventory).
5. Below is the screenshot of an application.properties file that has to be updated before running the tool.

4. Please use the below command and provide the following input arguments while running the jar:

java -jar sca-license-collector-1.0.0.jar <input-options>

Note: In case the sourcecode is downloaded from the github location: Use the maven build command to build the jar - "mvn clean install -DskipTests=true" and then follow the above steps to run the jar

Examples:

java -jar sca-license-collector-1.0.0.jar --proj=<project_id> --overwrite=true/false

OR

java -jar sca-license-collector-1.0.0.jar --inv=<inventory_id> --overwrite=true/false

Use --overwrite, if you wish to overwrite existing notices.

Note: By default, --overwrite is set to false. If there are existing notices, they won't be overwritten.

Delivering the tool

The license text collector tool is delivered as a jar file.
The jar is published in the public repository : SCA-License-Collector
This is an opensource project and available for the public.

SCA License Text Collector