Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the ClearlyDefined certifier #167

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

Ritesh-Udgata
Copy link

Closes #131

Copy link

netlify bot commented Oct 30, 2024

Deploy Preview for resonant-wisp-1a517a ready!

Name Link
🔨 Latest commit 9396b33
🔍 Latest deploy log https://app.netlify.com/sites/resonant-wisp-1a517a/deploys/67232f6103bca40008d30c4c
😎 Deploy Preview https://deploy-preview-167--resonant-wisp-1a517a.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

Copy link
Collaborator

@funnelfiasco funnelfiasco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great start. Apart from the comments I left, there are two other things that I'd like to see:

  1. A link to the configuration guide, perhaps in the invocation section when talking about running automatically.
  2. A table of the supported command line arguments and what they mean. See PR Added OSV Certifier documentation for GUAC #165 for an example

@@ -0,0 +1,37 @@
## Documentation: GUAC Pull from ClearlyDefined
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make a few changes here. First, you don't need to say "documentation" in the header because it's on the docs site already. Second, you can replace this line with something like the below so that it will render in the CI build:

---
layout: page
title: ClearlyDefined certifier
permalink: /certifier-clearlydefined/
---


### Overview

GUAC (Graph for Understanding Artifact Composition) integrates with **ClearlyDefined** to enhance supply chain transparency by retrieving accurate license data for software dependencies. This functionality helps organizations make informed decisions about software licenses when managing their dependencies.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Link to clearlydefined.io


This setup allows GUAC to remain flexible while keeping license data as accurate and complete as possible.

For further details and potential enhancements, such as batched query support, you can explore the [official GUAC documentation](https://docs.guac.sh) or related updates from the development team.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This site is the official docs. :-) Let's just remove this line.

GUAC integrates ClearlyDefined queries either by:
- **Scheduled certifier execution**: Automatically runs at set intervals to keep data current.
- **On-demand during SBOM ingestion**: Queries ClearlyDefined in real-time during dependency ingestion, with the trade-off of slower processing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a third option: running guacone certifier cd from the command line

@Ritesh-Udgata
Copy link
Author

  1. Added link to configuration guide
  2. Added table of supported command line argument.
  3. Changed Title
  4. Link to clearlydefined.io
  5. Removed official doc link
  6. Added third option to integrate ClearlyDefined into Guac
  7. Formatted document using Prettier
  8. committed along with signoff and gpg-sign

3. **Manual Command Line Execution**
- Users can directly invoke the certifier using:
```bash
guacone certifier cd --input <path> --output <path> [options]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The --input and --output arguments here are not supported by the guacone certifier command

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since I am not sure about alternatives as guacone certifier may have specific arguments for choosing between source types rather than directly setting files via --input and --output, I think I will remove the command and only keep the description.


---

Below is a table of the supported **command-line arguments** for the **ClearlyDefined certifier**. These flags allow users to control input, output, and execution behavior.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where did you get this list of arguments, because it does not match the output of guacone certifier cd --help?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you please provide the ouputs of guacone certifier cd --help.
I went through the blogs and code base of certifier but couldn't figure out a relevant change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Document the ClearlyDefined certifier
2 participants