FOSSology Scan Action
The Fossology Scan GitHub Action allows you to run license and copyright scans using the Fossology scanner within your GitHub Actions workflows. This action is highly customizable and supports various scanning modes and configurations to fit your compliance needs.
- Perform license and copyright scans
- Copyright and Keyword Scanning
- Diff Scan (Default): This scans for only the diff content of the Pull Request on which it is triggered. This is a good option to run via a Pull Request trigger.
- Repo Scan: This scans the entire repo from which the pipeline is triggered. It is a good option to run on PR's or publishing releases.
- Differential Scan: This scans for the changes between any two tags. User can provide any tow tags to scan between. It is a good option to scan between any two tags or any two versions of the repo.
You can learn more about CI Scanners in fossology here
scan_mode:
description: "Specifies whether to perform diff scans, repo scans, or differential scans.
Leave blank for diff scans."
required: false
default: ""
scanners:
description: "Space-separated list of scanners to invoke."
required: true
default: "nomos ojo copyright keyword"
report_format:
description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in."
required: false
default: ""
keyword_conf_file_path:
description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)"
required: false
default: ""
allowlist_file_path:
description: "Path to allowlist.json file."
required: false
default: ""
from_tag:
description: "Starting tag to scan from. (Use only with differential mode)"
required: false
default: ""
to_tag:
description: "Ending tag to scan to. (Use only with differential mode)"
required: false
default: ""github_api_url:
description: "Base URL of the GitHub API (default: ${{ github.api_url }})"
required: false
default: ${{ github.api_url }}
github_repository:
description: "Repository name (default: ${{ github.repository }})"
required: false
default: ${{ github.repository }}
github_token:
description: "GitHub Token (default: ${{ github.token }})"
required: false
default: ${{ github.token }}
github_pull_request:
description: "GitHub PR number (default: ${{ github.event.number }})"
required: false
default: ${{ github.event.number }}
github_repo_url:
description: "GitHub Repo URL (default: ${{ github.repositoryUrl }})"
required: false
default: ${{ github.repositoryUrl }}
github_repo_owner:
description: "GitHub Repo Owner (default: ${{ github.repository_owner }})"
required: false
default: ${{ github.repository_owner }}Below is an example of how to use the Fossology Scan GitHub Action in your workflows.
name: License scan on PR
on: [pull_request]
jobs:
compliance_check:
runs-on: ubuntu-latest
name: Perform license scan
steps:
- name: Checkout
uses: actions/checkout@v2
- name: License check
id: compliance
uses: fossology/fossology-action@v1
with:
scan_mode: ''
scanners: 'nomos ojo'
report_format: 'SPDX_JSON'
name: License scan on tags
on: [tags]
jobs:
compliance_check:
runs-on: ubuntu-latest
name: Perform license scan
steps:
- name: Checkout
uses: actions/checkout@v2
- name: License check
id: compliance
uses: fossology/fossology-action@v1
with:
scan_mode: 'differential'
scanners: 'nomos ojo copyright keyword'
from_tag: 'v003'
to_tag: 'v004'
report_format: 'SPDX_JSON'This project is licensed under the GNU GENERAL PUBLIC LICENSE Version 2, June 1991.