Scans your project to determine what components you use
Перейти к файлу
Justin Perez 34bfd136ba
feat(pip): fetch roots in parallel (#703)
2023-08-08 15:19:49 -07:00
.devcontainer refactor: simplify devcontainer configuration (#345) 2022-11-02 11:48:09 -07:00
.github ci: enable simple pip detector (#704) 2023-08-08 15:04:07 -07:00
.vscode Allow opt-in go cli scanning (#12) 2021-12-17 12:19:02 -05:00
docs feat: disable detector experiments by default (#688) 2023-07-31 21:07:49 +00:00
src feat(pip): fetch roots in parallel (#703) 2023-08-08 15:19:49 -07:00
test Fix for Simple pip non-Standard Version issue (#701) 2023-08-08 13:20:11 -07:00
.dockerignore feat: add container image (#220) 2022-08-30 15:53:49 -07:00
.editorconfig Add types for `package-lock.json` versions (#482) 2023-03-16 10:01:49 -07:00
.git-blame-ignore-revs chore: re-encode git-blame-ignore-revs file to utf8 without bom (#678) 2023-07-27 18:00:47 +00:00
.gitattributes Initial commit 2021-11-19 06:07:50 -08:00
.gitignore Initial commit 2021-11-19 06:07:50 -08:00
CODE_OF_CONDUCT.md Initial commit 2021-11-19 06:07:50 -08:00
CONTRIBUTING.md Initial commit 2021-11-19 06:07:50 -08:00
ComponentDetection.sln feat: add container image (#220) 2022-08-30 15:53:49 -07:00
Directory.Build.props ci: remove `TargetLatestRuntimePatch` property (#310) 2022-10-19 15:50:18 +00:00
Directory.Build.targets fix: update MinVer prerelease tag (#462) 2023-03-07 12:05:21 -08:00
Directory.Packages.props chore(deps): update dependency moq to v4.20.1 (#698) 2023-08-08 08:47:45 -07:00
Dockerfile chore: bump container image to .NET 6 (#346) 2022-11-08 12:03:06 -08:00
LICENSE.txt Initial commit 2021-11-19 06:07:50 -08:00
README.md docs(readme): add community meeting info (#662) 2023-07-14 21:11:51 +00:00
SECURITY.md Initial commit 2021-11-19 06:07:50 -08:00
global.json chore(deps): update dependency dotnet-sdk to v6.0.412 (#650) 2023-07-12 08:14:02 -07:00
renovate.json chore: pin GitHub actions (#531) 2023-05-03 21:32:13 +00:00

README.md


Component Detection
Component Detection

Automatically detect the open-source libraries you use.

Nuget GitHub Workflow Status (with event) GitHub CodeQL Status OSSF-Scorecard Score GitHub

FeaturesGetting startedDownloadContributing

Component Detection (CD) is a package scanning tool that is intended to be used at build time. It produces a graph-based output of all detected components across a variety of package ecosystems.

Component Detection can also be used as a library to detect dependencies in your own applications.

screenshot

Features

Component Detection supports detecting libraries from the following ecosystem:

Ecosystem Scanning Graph Creation
CocoaPods
Go
Gradle (lockfiles only)
Linux (Debian, Alpine, Rhel, Centos, Fedora, Ubuntu) ✔ (via syft)
Maven
NPM (including Yarn, Pnpm)
NuGet (including Paket)
Pip (Python)
Poetry (Python, lockfiles only)
Ruby
Rust

For a complete feature overview refer to feature-overview.md

Getting Started

To clone and run this application, you'll need Git and .NET 6 installed on your computer. From your command line:

# Clone this repository
$ git clone https://github.com/microsoft/component-detection

# Go into the repository
$ cd component-detection 

# Run the app
$ dotnet run 

View the detector arguments for more information on how to use the tool.

Download

You can download the latest version of Component Detection for Windows, macOS and Linux.

Contributing

Using Codespaces

You can use GitHub Codespaces to run and develop Component Detection in the cloud. To do so, click the green "Code" button at the top of the repository and select "Open with Codespaces". This will open a new Codespace with the repository cloned and ready to go.

Using VS Code DevContainer

This is similar to Codespaces:

  1. Make sure you meet the requirements and follow the installation steps for DevContainers in VS Code
  2. git clone https://github.com/microsoft/component-detection
  3. Open this repo in VS Code
  4. A notification should popup to reopen the workspace in the container. If it doesn't, open the Command Palette and type Remote-Containers: Reopen in Container.

Community Meetings

Once a month, we host a community meeting that anyone is allowed to join and discuss the project. We typically cover the changes over the last month, the roadmap and issues, and any questions or concerns that the community has.

You can find the future and past meeting details in the Community Meeting Overview.

You can additionally find the details in the Discussions Tab.

Telemetry

By default, telemetry will output to your output file path and will be a JSON blob. No data is submitted to Microsoft.

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.