From 03eeecdbc9ec95f0f41dfd4e67bb7e0a4c6aa3e5 Mon Sep 17 00:00:00 2001 From: Martin Nonnenmacher Date: Sun, 25 Feb 2024 14:27:25 +0100 Subject: [PATCH 1/4] style: Ignore Markdown files in build directories Signed-off-by: Martin Nonnenmacher --- .markdownlint-cli2.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.markdownlint-cli2.yaml b/.markdownlint-cli2.yaml index 090d660d718fe..13e6cd037b493 100644 --- a/.markdownlint-cli2.yaml +++ b/.markdownlint-cli2.yaml @@ -4,6 +4,7 @@ globs: - "**/*.md" ignores: + - "**/build/**" - "**/node_modules/**" - "**/projects/external/**" - "**/multi-kotlin-project/**" From b0c38726b5a1034a07b4fc3c85da3ee8df872073 Mon Sep 17 00:00:00 2001 From: Martin Nonnenmacher Date: Sun, 25 Feb 2024 14:28:59 +0100 Subject: [PATCH 2/4] style: Disable line length limit for Markdown files This allows to use the one sentence per line formatting to avoid that changing one sentence requires reformatting a whole paragraph. Signed-off-by: Martin Nonnenmacher --- .markdownlint.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.markdownlint.yaml b/.markdownlint.yaml index c8177bba05ac0..63e15c465f3a6 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -6,10 +6,7 @@ MD004: style: asterisk # line-length -MD013: - code_blocks: false - line_length: 120 - tables: false +MD013: false # no-duplicate-heading MD024: false # GitHub has no issues with anchors for headings with the same content. From 4cbd7565b93c425dbd616d17b05bfd890f0e8a46 Mon Sep 17 00:00:00 2001 From: Martin Nonnenmacher Date: Sun, 25 Feb 2024 15:43:57 +0100 Subject: [PATCH 3/4] style(README): Reformat to one sentence per line Signed-off-by: Martin Nonnenmacher --- README.md | 78 +++++++++++++++++++------------------------------------ 1 file changed, 27 insertions(+), 51 deletions(-) diff --git a/README.md b/README.md index 52a46654a267c..4226089efbec4 100644 --- a/README.md +++ b/README.md @@ -31,38 +31,25 @@ # Introduction -The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit which you can use to manage your -(open source) software dependencies in a strategic, safe and efficient manner. +The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit which you can use to manage your (open source) software dependencies in a strategic, safe and efficient manner. You can use it to: * Generate CycloneDX, SPDX SBOMs, or custom FOSS attribution documentation for your software project -* Automate your FOSS policy using risk-based Policy as Code to do licensing, security vulnerability, InnerSource -and engineering standards checks for your software project and its dependencies -* Create a source code archive for your software project and its dependencies to comply with certain licenses or have -your own copy as nothing on the internet is forever +* Automate your FOSS policy using risk-based Policy as Code to do licensing, security vulnerability, InnerSource and engineering standards checks for your software project and its dependencies +* Create a source code archive for your software project and its dependencies to comply with certain licenses or have your own copy as nothing on the internet is forever * Correct package metadata or licensing findings yourself, using InnerSource or with the help of the FOSS community -ORT can be used as library (for programmatic use), via a command line interface (for scripted use), or via its CI -integrations. It consists of the following tools which can be combined into a *highly customizable* pipeline: - -* [*Analyzer*](https://oss-review-toolkit.org/ort/docs/tools/analyzer) - determines the dependencies of projects and - their metadata, abstracting which package managers or build systems are actually being used. -* [*Downloader*](https://oss-review-toolkit.org/ort/docs/tools/downloader) - fetches all source code of the projects and - their dependencies, abstracting which Version Control System (VCS) or other means are used to retrieve the source - code. -* [*Scanner*](https://oss-review-toolkit.org/ort/docs/tools/scanner) - uses configured source code scanners to detect - license / copyright findings, abstracting the type of scanner. -* [*Advisor*](https://oss-review-toolkit.org/ort/docs/tools/advisor) - retrieves security advisories for used - dependencies from configured vulnerability data services. -* [*Evaluator*](https://oss-review-toolkit.org/ort/docs/tools/evaluator) - evaluates custom policy rules along with - custom license classifications against the data gathered in preceding stages and returns a list of policy violations, - e.g. to flag license findings. -* [*Reporter*](https://oss-review-toolkit.org/ort/docs/tools/reporter) - presents results in various formats such as - visual reports, Open Source notices or Bill-Of-Materials (BOMs) to easily identify dependencies, licenses, copyrights - or policy rule violations. -* *Notifier* - sends result notifications via different channels (like [emails](./examples/example.notifications.kts) - and / or JIRA tickets). +ORT can be used as library (for programmatic use), via a command line interface (for scripted use), or via its CI integrations. +It consists of the following tools which can be combined into a *highly customizable* pipeline: + +* [*Analyzer*](https://oss-review-toolkit.org/ort/docs/tools/analyzer) - determines the dependencies of projects and their metadata, abstracting which package managers or build systems are actually being used. +* [*Downloader*](https://oss-review-toolkit.org/ort/docs/tools/downloader) - fetches all source code of the projects and their dependencies, abstracting which Version Control System (VCS) or other means are used to retrieve the source code. +* [*Scanner*](https://oss-review-toolkit.org/ort/docs/tools/scanner) - uses configured source code scanners to detect license / copyright findings, abstracting the type of scanner. +* [*Advisor*](https://oss-review-toolkit.org/ort/docs/tools/advisor) - retrieves security advisories for used dependencies from configured vulnerability data services. +* [*Evaluator*](https://oss-review-toolkit.org/ort/docs/tools/evaluator) - evaluates custom policy rules along with custom license classifications against the data gathered in preceding stages and returns a list of policy violations, e.g. to flag license findings. +* [*Reporter*](https://oss-review-toolkit.org/ort/docs/tools/reporter) - presents results in various formats such as visual reports, Open Source notices or Bill-Of-Materials (BOMs) to easily identify dependencies, licenses, copyrights or policy rule violations. +* *Notifier* - sends result notifications via different channels (like [emails](./examples/example.notifications.kts) and / or JIRA tickets). Also see the [list of related tools](https://oss-review-toolkit.org/ort/docs/related-tools) that help with running ORT. @@ -74,13 +61,10 @@ For detailed information see the documentation on the [ORT Website](https://oss- ## System requirements -ORT is being continuously used on Linux, Windows and macOS by the -[core development team](https://github.com/orgs/oss-review-toolkit/people), so these operating systems are -considered to be well-supported. +ORT is being continuously used on Linux, Windows and macOS by the [core development team](https://github.com/orgs/oss-review-toolkit/people), so these operating systems are considered to be well-supported. -To run the ORT binaries (also see [Installation from binaries](#from-binaries)) at least Java 11 is required. Memory and -CPU requirements vary depending on the size and type of project(s) to analyze / scan, but the general recommendation is -to configure Java with 8 GiB of memory and to use a CPU with at least 4 cores. +To run the ORT binaries (also see [Installation from binaries](#from-binaries)) at least Java 11 is required. +Memory and CPU requirements vary depending on the size and type of project(s) to analyze / scan, but the general recommendation is to configure Java with 8 GiB of memory and to use a CPU with at least 4 cores. ```shell # This will give the Java Virtual Machine 8GB Memory. @@ -88,14 +72,12 @@ export JAVA_OPTS="$JAVA_OPTS -Xmx8g" ``` If ORT requires external tools in order to analyze a project, these tools are listed by the `ort requirements` command. -If a package manager is not list listed there, support for it is integrated directly into ORT and does not require any -external tools to be installed. +If a package manager is not list listed there, support for it is integrated directly into ORT and does not require any external tools to be installed. ## From binaries -Preliminary binary artifacts for ORT are currently available via -[JitPack](https://jitpack.io/#oss-review-toolkit/ort). Please note that due to limitations with the JitPack build -environment, the reporter is not able to create the Web App report. +Preliminary binary artifacts for ORT are currently available via [JitPack](https://jitpack.io/#oss-review-toolkit/ort). +Please note that due to limitations with the JitPack build environment, the reporter is not able to create the Web App report. ## From sources @@ -117,11 +99,10 @@ git submodule update --init --recursive Install the following basic prerequisites: * Docker 18.09 or later (and ensure its daemon is running). -* Enable [BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds) for - Docker. +* Enable [BuildKit](https://docs.docker.com/develop/develop-images/build_enhancements/#to-enable-buildkit-builds) for Docker. -Change into the directory with ORT's source code and run `docker build -t ort .`. Alternatively, use the script at -`scripts/docker_build.sh` which also sets the ORT version from the Git revision. +Change into the directory with ORT's source code and run `docker build -t ort .`. +Alternatively, use the script at `scripts/docker_build.sh` which also sets the ORT version from the Git revision. ### Build natively @@ -129,8 +110,7 @@ Install these additional prerequisites: * Java Development Kit (JDK) version 11 or later; also remember to set the `JAVA_HOME` environment variable accordingly. -Change into the directory with ORT's source code and run `./gradlew installDist` (on the first run this will bootstrap -Gradle and download all required dependencies). +Change into the directory with ORT's source code and run `./gradlew installDist` (on the first run this will bootstrap Gradle and download all required dependencies). ## Basic usage @@ -156,15 +136,12 @@ Depending on how ORT was installed, it can be run in the following ways: ./gradlew cli:run --args="--help" ``` - Note that in this case the working directory used by ORT is that of the `cli` project, not the directory `gradlew` is - located in (see https://github.com/gradle/gradle/issues/6074). + Note that in this case the working directory used by ORT is that of the `cli` project, not the directory `gradlew` is located in (see https://github.com/gradle/gradle/issues/6074). # Want to Help or have Questions? -All contributions are welcome. If you are interested in contributing, please read our -[contributing guide](https://github.com/oss-review-toolkit/.github/blob/main/CONTRIBUTING.md), and to get quick answers -to any of your questions we recommend you -[join our Slack community][2]. +All contributions are welcome. +If you are interested in contributing, please read our [contributing guide](https://github.com/oss-review-toolkit/.github/blob/main/CONTRIBUTING.md), and to get quick answers to any of your questions we recommend you [join our Slack community][2]. # License @@ -172,5 +149,4 @@ Copyright (C) 2017-2023 [The ORT Project Authors](./NOTICE). See the [LICENSE](./LICENSE) file in the root of this project for license details. -OSS Review Toolkit (ORT) is a [Linux Foundation project](https://www.linuxfoundation.org) and part of -[ACT](https://automatecompliance.org/). +OSS Review Toolkit (ORT) is a [Linux Foundation project](https://www.linuxfoundation.org) and part of [ACT](https://automatecompliance.org/). From 280029da0e2e2250ff86c649d4f940e25ac16bab Mon Sep 17 00:00:00 2001 From: Martin Nonnenmacher Date: Sun, 25 Feb 2024 16:01:32 +0100 Subject: [PATCH 4/4] docs(README): Minor wording and punctuation improvements Signed-off-by: Martin Nonnenmacher --- README.md | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 4226089efbec4..cb30a92511e97 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ # Introduction -The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit which you can use to manage your (open source) software dependencies in a strategic, safe and efficient manner. +The OSS Review Toolkit (ORT) is a FOSS policy automation and orchestration toolkit that you can use to manage your (open source) software dependencies in a strategic, safe and efficient manner. You can use it to: @@ -40,22 +40,29 @@ You can use it to: * Create a source code archive for your software project and its dependencies to comply with certain licenses or have your own copy as nothing on the internet is forever * Correct package metadata or licensing findings yourself, using InnerSource or with the help of the FOSS community -ORT can be used as library (for programmatic use), via a command line interface (for scripted use), or via its CI integrations. +ORT can be used as a library (for programmatic use), via a command line interface (for scripted use), or via its CI integrations. It consists of the following tools which can be combined into a *highly customizable* pipeline: -* [*Analyzer*](https://oss-review-toolkit.org/ort/docs/tools/analyzer) - determines the dependencies of projects and their metadata, abstracting which package managers or build systems are actually being used. -* [*Downloader*](https://oss-review-toolkit.org/ort/docs/tools/downloader) - fetches all source code of the projects and their dependencies, abstracting which Version Control System (VCS) or other means are used to retrieve the source code. -* [*Scanner*](https://oss-review-toolkit.org/ort/docs/tools/scanner) - uses configured source code scanners to detect license / copyright findings, abstracting the type of scanner. -* [*Advisor*](https://oss-review-toolkit.org/ort/docs/tools/advisor) - retrieves security advisories for used dependencies from configured vulnerability data services. -* [*Evaluator*](https://oss-review-toolkit.org/ort/docs/tools/evaluator) - evaluates custom policy rules along with custom license classifications against the data gathered in preceding stages and returns a list of policy violations, e.g. to flag license findings. -* [*Reporter*](https://oss-review-toolkit.org/ort/docs/tools/reporter) - presents results in various formats such as visual reports, Open Source notices or Bill-Of-Materials (BOMs) to easily identify dependencies, licenses, copyrights or policy rule violations. -* *Notifier* - sends result notifications via different channels (like [emails](./examples/example.notifications.kts) and / or JIRA tickets). +* [*Analyzer*](https://oss-review-toolkit.org/ort/docs/tools/analyzer): + Determines the dependencies of projects and their metadata, abstracting which package managers or build systems are actually being used. +* [*Downloader*](https://oss-review-toolkit.org/ort/docs/tools/downloader): + Fetches all source code of the projects and their dependencies, abstracting which Version Control System (VCS) or other means are used to retrieve the source code. +* [*Scanner*](https://oss-review-toolkit.org/ort/docs/tools/scanner): + Uses configured source code scanners to detect license / copyright findings, abstracting the type of scanner. +* [*Advisor*](https://oss-review-toolkit.org/ort/docs/tools/advisor): + Retrieves security advisories for used dependencies from configured vulnerability data services. +* [*Evaluator*](https://oss-review-toolkit.org/ort/docs/tools/evaluator): + Evaluates custom policy rules along with custom license classifications against the data gathered in preceding stages and returns a list of policy violations, e.g. to flag license findings. +* [*Reporter*](https://oss-review-toolkit.org/ort/docs/tools/reporter): + Presents results in various formats such as visual reports, Open Source notices or Bill-Of-Materials (BOMs) to easily identify dependencies, licenses, copyrights or policy rule violations. +* *Notifier*: + Sends result notifications via different channels (like [emails](./examples/example.notifications.kts) and / or JIRA tickets). Also see the [list of related tools](https://oss-review-toolkit.org/ort/docs/related-tools) that help with running ORT. ## Documentation -For detailed information see the documentation on the [ORT Website](https://oss-review-toolkit.org/ort/). +For detailed information, see the documentation on the [ORT Website](https://oss-review-toolkit.org/ort/). # Installation @@ -71,7 +78,7 @@ Memory and CPU requirements vary depending on the size and type of project(s) to export JAVA_OPTS="$JAVA_OPTS -Xmx8g" ``` -If ORT requires external tools in order to analyze a project, these tools are listed by the `ort requirements` command. +If ORT requires external tools to analyze a project, these tools are listed by the `ort requirements` command. If a package manager is not list listed there, support for it is integrated directly into ORT and does not require any external tools to be installed. ## From binaries @@ -141,7 +148,8 @@ Depending on how ORT was installed, it can be run in the following ways: # Want to Help or have Questions? All contributions are welcome. -If you are interested in contributing, please read our [contributing guide](https://github.com/oss-review-toolkit/.github/blob/main/CONTRIBUTING.md), and to get quick answers to any of your questions we recommend you [join our Slack community][2]. +If you are interested in contributing, please read our [contributing guide](https://github.com/oss-review-toolkit/.github/blob/main/CONTRIBUTING.md). +To get quick answers to any of your questions, we recommend you [join our Slack community][2]. # License