-
assigned issue to
Robert Reiz
Whitelisting components for composer
Issue #253
resolved
Regardless what I enter in the whitelist, this has no effect. I expect, that if I enter a package, which is only available via private satis, the component will not show up as UNKNOWN in the summary page.
Comments (9)
-
-
Hi @stefankleff. I guess it's jut a usability issue, because the license whitelist and component whitelist is heavily covered by unit tests. The component whitelist only makes sense together with a license whitelist. With the component whitelist you can whitelist components which would normally violate your license whitelist. It's not enough to create such a list, you have to assign them actively to your project, in the settings tab. If you mark a license whitelist as "default" it will be attached automatically to projects you create new, but not to old ones. If you post a link here to your organisation I can take a look to your setup and help you out.
-
reporter
Hi @reiz. My organization is WiB. I already included some components in the whitelist and have it assigned to the projects. I've you could have a look, this would be very helpful.
-
- changed status to resolved
Hi @stefankleff_wib. I just double checked your organisation and saw that the license whitelist and component whitelist was not attached to all projects. I just assigned them to all of your projects. Beside that I put "php:project-a" on the component whitelist, that will whitelist all components which are starting "project-a". Now in the license tab here for example: https://www.versioneye.com/user/projects/5795d641dfecc80040df02d3#tab-licenses you will see that everything is green. Anyway some components licenses are marked with "N/A". That means VersionEye has no information about that component at all. If a license is marked with "UNKNOWN" that means VersionEye nows the component in general but doesn't has a license information for it.
Is that Spryker repository somehow accessible from outside? Can we crawl it easily?
If you have a lot of closed source components in private Satis, Maven or whatever repositories than VersionEye Enterprise makes sense for you. With VersionEye Enterprise you can crawl your internal repositories as well so that there are no UNKNOWN or N/A dependencies anymore. And you can connect your instance with your private Git server, LDAP, SMTP and so on. Let me know if you are interested in that.
-
reporter
Thank you! As already mentioned in Twitter & Github, the Composer Toran repo is public available at https://code.spryker.com/repo/private/packages.json I already had a look at VersionEye Enterprise, but the overall server cost is too much for our use case. I would really like to switch to the freelancer package as soon as the spryker repo is included in your crawling.
-
Ah that was that one. Sorry. To many threads in my mind :-) will work on that.
-
Hey @stefankleff_wib, we just added the Spryker repo to our crawlers. See here for example: https://www.versioneye.com/php/spryker:cms/2.2.0. The crawler just walked through the very first time and there is still some background processing going on to sort out the newest versions but that should be done in the next couple hours. If your project was not updated yet you have to hit the "Re Parse" button on your project page. Let me know if you have questions to this.
-
reporter
Awesome! Thank you! Another minor thing: It would be great to make https://www.versioneye.com/search?q=spryker sortable by name or last release
-
@stefankleff_wib The search is done by ElasticSearch and it is tuned for reference count. Means components with many references from other components are rated higher. Here is the code for that: https://github.com/versioneye/versioneye-core/blob/master/lib/versioneye/services_ext/es_product.rb#L4. Feel free to improve and send a pull request ;-)
- Log in to comment
