Thank you for your kind explanation I hope there's only good things in your future.
James 2020년 4월 1일 (수) 오전 6:42, Jaeger, Michael C. <michael.c.jae...@siemens.com>님이 작성: > Hello, > > > > thanks for reaching out to us. To your questions: > > > > *) is source code leaking out from a fossology server? Answer: > > > > 1. Usually not , the fossology solution is entire self contained. You > can run fossology entirely without access to the internet. The main point > why you would need Internet access is about updating your OS and packages. > 2. But please understand that despite the FOSSology server can run > everything on its own database, it your responsibility to secure your > server installation from being hacked. One first task would be to enable a > connection using https. > 3. How do Monk or Nomos work? The scan for license statements, not > source code snippets. As such, all the database information required to > identify licensing statements in your uploads / source code comes with the > installation of the fossology. In fact all the information is put in a file > on the dev side for convenience to add new licenses (ref. > > https://github.com/fossology/fossology/blob/master/install/db/licenseRef.json > ) > 4. From the next version / latest master, FOSSology will be able, if > you activate this, to query the software heritage REST API: fossology > computes a SHA256 value and sends this to the Software Heritage API. You > can test this functionality in 3.8.0-RC1 > > > > *) Regarding the export of files only: I think there is a featzre to limit > SPDX reporting to only files where licenses have been found, which can be > switched on in the Conf setion -> SPDX Report Settings -> Ignore files with > no info in SPDX … when you have opened an upload. Is that what you were > looking for? This made especially for uploads where only few files contain > license information and 1000 other files do not. Then SPDX files still list > all files with NOASSERTION. If you do not want that there is this switch. > > > > Hope these answers help and please follow up on FOSSology, if you see the > need for clarification, > > > > Michael > > > > *From: *<fossology@lists.fossology.org> on behalf of TV레전드 < > 482...@gmail.com> > *Date: *Tuesday, 31. March 2020 at 05:28 > *To: *"fossol...@fossology.org" <fossol...@fossology.org> > *Subject: *[FOSSology] Hi I have a questions before using fossology > > > > Hi dear. > > > > Nice meet you > > i am korean james > > > > We company is looking for open source analysis tools > > so I installed fossology as docker version and tested it > > and result is good performence. > > > > > > > > i have a 2 questions > > > > 1. Isn't my source code leaked when I used the solution? I know Monk Agent > to use DB, Please explain > > > > 2. Is there a way to export only the files that have been cleared when the > report is drawn? > > - report is there is no distinction between files that are cleared from > fossology and those that are not > > > > Thanks for running this great tool. > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3341): https://lists.fossology.org/g/fossology/message/3341 Mute This Topic: https://lists.fossology.org/mt/72670290/21656 Group Owner: fossology+ow...@lists.fossology.org Unsubscribe: https://lists.fossology.org/g/fossology/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
