-
Notifications
You must be signed in to change notification settings - Fork 0
Home
For development, please see the README.md file of the project first. Please check also the pages on the right widget of pages. Not every page there has a link on this page!
Name | URL | Remarks |
---|---|---|
Main home page | https://www.eclipse.org/sw360/ | main home page with general info |
Project @ Github | https://github.com/eclipse/sw360 | where the music plays |
Developer mailing list | [email protected] | for developers, discussion about developing |
Slack Channel | https://sw360chat.slack.com/ | the main chat spot, everybody is welcome |
Slack Channel Invitation Link | Sharable join link to join | that should bring you in |
sw360 developer meeting | Meeting Info | Everyone is welcome! |
Please start every page with a prefix
- User: topics suitable for admins and end users
- Deploy: All things about deployment
- Dev: All topics for developers
- Test: Also a topic for developers, but also around testing
For using the sw360 as a user, please see the following basic workflows:
- Basic workflows for creating a component, release and projects.
- Workflow how FOSSology and sw360 play together.
- How to search in sw360
- Use case description importing projects, releases with licenses BDP Import
- Use case description how to manage vulnerabilities in your project
- User documentation how to use the cve-search server
- User documentation how to check vulnerabilities for your projects
- Documentation about the handling of vulnerabilities
- Find information about the role and access model
- If you are interested in the concept about moderation requests, read the documentation here.
- Explaining enumerations used in SW360
For the deployment of the SW360, it is about deploying a Liferay server application. Please understand, that apart from trying sw360 for a short while, for deployments of SW360 in your organisation you will need knowledge about how to deploy Java server applications. Regardless of the deployment approach the following main elements need to be considered:
- A Liferay Community Edition bundeled with Tomcat.
- Install CouchDB (this is where SW360 stores all the source code, SPDX files and metadata), depending on your platform, there are a number of ways to use CouchDB. Currently, we tested with CouchDB 2.1.2, other versions of CouchDB may work as well.
- For productive deployments, you do not want to go with the (Hypersonic) DB bundled with Tomcat, but install some normal DB server. We use PostgreSQL. The relation DB server is used by Liferay and should be thus compatible to it.
- For searches, consider CouchDB Lucene CouchDb Lucene.
- There is a number of additional "prerequisites" for SW360, more detailed in the Vagrant deployment setup.
In order to install sw360, you can choose between the following ways:
- Use the Vagrant-based installation. Please refer to the sw360 vagrant project and the included Readme file. Basic prerequisites are
- VirtualBox
- Vagrant and some vagrant plugins
- Presumeably a git client
- You could install the sw360portal project natively on the machine. This will require more work in order to install the prerequisites. The above mentioned vagrant project documents very precisely what to do in order to install the sw360portal.
- Checkout the docker suite sw360chores and generate a pre-built container where you can deploy the
*.war
files of sw360portal (both frontend and backend). Important this is work in progress now and likely not working out of the box.
-
The most experienced confusion is about the Liferay setup user: the setup user cannot be used to work with the sw360 because the setup user is missing an organisation assignment. For every user an organisation assignment is required for sw360 to work properly. Unfortunately, you cannot assign a liferay setup user to an organisation. So you do need to import users or create users with organisation.
-
Currently, you need Java 11, we test it with OpenJDK. Newer or older versions may work, but currently, reports tell that for example Java 8 does not work.
-
Thrift: for compiling the software you need to install Apache Thrift (a command line tool). We test with version 0.13.
- Comprehensive blog post on SW360 Installation in Japanese
- Install sw360 using Vagrant and Puppet: Please have a look at the sw360vagrant project itself how to go ahead with the installation.
- Initial Setup of Liferay 6.2 and sw360: From the beginning until sw360 version 4
- Initial Setup of Liferay 7.2 and sw360: From sw360 version 5 onwards and until sw360 version 10
- Initial Setup of Liferay 7.3 and sw360: From sw360 version 11 onwards
- Install sw360 manually with Liferay 7.2: From sw360 version 5 onwards and until sw360 version 10
- Install sw360 manually with Liferay 7.3: From sw360 version 11 onwards
- Generate Documentation (sw360docs) into Artefacts: From sw360 version 13.5 onwards
- Setting CVE Search: Get vulnerability information from an external provider of Common Vulnerability Enumeration (CVE) data.
- Migrate from Liferay 6.2 and sw360 4 to Liferay 7.2 and sw360 5
- Migrate from Liferay 7.2 and sw360 10 to Liferay 7.3 and sw360 11
- Install sw360 on Windows using vagrant. some particular notes for the Windows platform.
- Install sw360 with Docker
- More Install Information using Docker with sw360chores : Please have a look at the sw360chores project itself how to go ahead with the installation. Note that currently (Sept 2020) the docker setup is currently wip and thus does not work out of the box.
- Deployment Authorization Concept
- Properties explained
- Setup of connection with Fossology
- Deployment Requirements
- Secure Deployment Notes
After installing sw360 more topics may include:
- Special Coverage of Country Codes, when countries are displayed, then it uses country codes in the DB
- How to export data and import it to a new instance
- How to migrate an existing sw360portal to a new instance
- Using costco to modify the couchdb database
The sw360 is Java-based application consisting of two main parts:
- A Liferay/based front end application that allows users to work with sw360
- A Java-based servlet infrastructure Thrift interfaces that allows the Liferay part and other applications to manage and store data
- In the backend, couchdb is used for storing project, component, release and license information as well as attachments.
Please report issues to the issue tracker, but please keep also in mind that someone else has to read them! Issues should include:
- What you intended to do?
- What did you observe?
- Why do you think it is wrong?
- Screenshots of what you have observed presumably gone wrong or link to pages were another person can follow
- Version where you have observed this.
- Common written English and use of line breaks!!! Use the preview function!
Please refer to the following pages for writing issues:
- https://issues.apache.org/bugwritinghelp.html
- https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines
- https://www.joelonsoftware.com/2000/11/08/painless-bug-tracking/
As basic introduction, the dev ops works as following:
- We are issue-based, please do not hesitate to create issues - also for questions (and set the issue tag)
- The issues are organised by milestones which do not represent releases anymore. Milestone are meant to be useful packages of work done
- Contributions are made through pull requests
- We do conversations directly on issues and pull requests
More topics regarding "how" to develop:
- Definition of done and code style
- Creating a sw360 release
- Brief notes on the jgiven testing
- For help with problems, you might want to check that
sw360 is a server application using Java servlets. It did some faint steps towards micro services (ie. one maintaining licenses, another for vulnerabilities), the front end is a portlet applications using good old JSPs.
- How to write a new portlet
- Adding a new backend service
- Changing the data model
- REST API overview
- Migrating to Javascript modules
- Filtering in portlets
- The FOSSology integration
- How moderation requests work
- Roles and access rights
- Attachment Types Description
- Our ideas of Google-Summer-of-Code 2019
- How Friendly URLs work with the Liferay Portlets
Generally, all modules have unit tests and these are executed (including deployment of couchdb) at CI times. In addtion, to test the front end, there are defined integration test cases for a manual check, if the sw360 is working properly in general: