在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
SCANOSS WebhookThe SCANOSS webhook is a multiplatform webhook that performs source code scans against the SCANOSS API. Supports integration with GitHub, GitLab and BitBucket APIs. SCANOSS provides a source code scanner that can be used to detect Open Source dependencies in your code. The purpose of this code is to offer a reference implementation that can be expanded to suit the needs of individuals and organisations. InstallationOnce you have built the python wheel (Check out the Building instructions), you can install SCANOSS webhook using pip: ConfigurationIntegration with Git repositoriesThe specific instructions to install SCANOSS webhook depend on the particular vendor. SCANOSS webhook requires to be configured to receive pull requests, and be allowed to post commit comments and set the build status. To test the webhook, once configured, you can perform a commit. If all permissions are right and everything goes smoothly, you should see that the webhook has created a comment in your commit, containing a summary of the scan results. GithubCreate a Personal Access TokenGo to your user Settings > Developer Settings. Select Personal access Tokens, select Generate new token button. Select the following scopes:
Click on Generate token and save the token generated. Configure the webhookTo configure the SCANOSS Webhook in a repository, go to the repository Settings > Webhooks. The click on Add a Webhook. Fill in the Add webhook form:
Configuration examplegithub: api-base: https://api.github.com # Or your local GitHub Enterprise API endpoint api-user: your-api-user api-key: your-personal-access-token secret-token: your-secret-tokenscanoss: url: https://api-url-for-scanoss.example.com token: my-scanoss-token BitbucketCreate an App passwordOn the webhook user's settings, you can create an App password, with repository write permissions. Configure the webhook
You can check the extended instructions on the Bitbucket webhooks documentation Configuration examplebitbucket: api-base: https://bitbucket.org/ # This can also be your local bitbucket deployment URL. api-key: your-bb-app-password api-user: your-bb-user-namescanoss: url: https://api-url-for-scanoss.example.com token: my-scanoss-token GitLabGenerate an Access TokenIn GitLab, on the webhook user's settings, select Access Tokens. Fill in a name and expiry date, and select api scope. Then Create personal access token. Take note of the token generated. Configure the webhookIn GitLab, go to the repository where you want to install the webhook. Then select settings, then Webhook. Fill in the form with the URL of the webhook, add a secret token, and check Push events. Configuration examplegitlab: api-base: https://gitlab.com/api/v4 # This can also be your local GitLab API endpoint api-key: your-gitlab-access-token secret-token: your-secret-tokenscanoss: url: https://api-url-for-scanoss.example.com token: my-scanoss-token ContributingPlease see our Contributing Guide and our Code of Conduct. BuildingPython 3 is required. It uses setuptools to build a PIP wheel.
|
请发表评论