sschuberth
Follow
Create your own GitHub profile
Sign up for your own profile on GitHub, the best place to host code, manage projects, and build software alongside 50 million developers.
Sign up
Pinned
2,697 contributions in the last year
Activity overview
Contribution activity
July 2020
Created a pull request in oss-review-toolkit/ort that received 4 comments
Add a generic package manager based on SPDX documents
Please have a look at the individual commit messages for the details.
+458
−0
•
4
comments
- Jenkinsfile: Handle unstable status codes in analyzer and scanner stages
- Fix the import order in all files and add a detekt rule for it
- analyzer: Fix the import order in all files
- Revert "CycloneDxReporter: Escape the component description if needed"
- Add the Android SDK to the Dockerfile
- Spdx utils changes
- cli: Rework the returned status codes
- Jenkinsfile updates
- AntennaAttributionDocumentReporterTest: Apply some minor code improvements
- AntennaAttributionDocumentReporterTest: Improve getting the file size
- File format changes
- downloader: Improve the logic to determine the artifact file name
- Replace all spdx.org links with spdx.dev
- README: Add a badge for the LGTM service
- CycloneDxReporter: Write out one BOM per project by default
- CycloneDxReporter: Escape the component description if needed
- AntennaAttributionDocumentReporter: Optimize glyph replacement for speed
- Upgrade Gradle to version 6.5.1
- Dockerfile: Upgrade Cargo to version 0.44.1-0ubuntu1~18.04.1
- CycloneDxReporter: Respect the concluded license of packages
- Migrate the Antenna reporter to the new license API
- CycloneDxReporter: Migrate to the new license API
- test-utils: Add a dependency required for the kotest IntelliJ plugin
- cli: Rework the returned status codes
- spdx-utils: Miscellaneous fixes
- LocalScanner: Fix a trivial formatting issue
- ClearlyDefinedUploadCommand: Output the number of successful uploads
- docs: Add a documentation for the AntennaAttributionDocumentReporter
- LocalScanner: De-duplicate scan results retrieved from the storage
- AntennaAttributionDocumentReporter with fonts in directory
- SpdxDocumentReporter: Implement mapping to the `extracted license info` list
- DownloaderTest: Fix a typo
- Make `no-license-declared.kts` a test asset only
- Leave reporting unmapped declared license issues up to the evaluator rules
- README.md: Add SPDX document to the list of supported report formats
- SpdxDocumentReporter: Add purl as SPDX externalRefs
- CuratedPackage: Assign a default value to curations
- Revert "CuratedPackage: Serialize the curations property only if not …
- Project: Serialize the scopes property only if not empty
- Spdx document model fixes
- PackageReference: Serialize the dependencies property only if not empty
Created an issue in CycloneDX/cyclonedx-core-java that received 6 comments
A component's description is not escaped
I just noticed that a component's description is not escaped before writing the XML. I'd assume this is something the library should do, as the cal…
6
comments
- Leverage RustSec for Cargo projects
- Investigate means to leverate ORT for export control checks
- Support build2 as a package manager (for C/C++ projects)
- Docker: Support calling sdkmanager with proxy settings
- Think about declared licenses of NONE or NOASSERTION
- Allow to prefer source artifacts over source code from VCS
- Consider merging TestData.kt from evaluator and reporter
- Address LGTM alerts (in the WebApp)
- Allow to specify different scanners depending on package / project properties
- Get rid of our pydep fork in favor of a single script