-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document the ClearlyDefined certifier #167
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Ritesh <[email protected]>
✅ Deploy Preview for resonant-wisp-1a517a ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a great start. Apart from the comments I left, there are two other things that I'd like to see:
- A link to the configuration guide, perhaps in the invocation section when talking about running automatically.
- A table of the supported command line arguments and what they mean. See PR Added OSV Certifier documentation for GUAC #165 for an example
guac-clearly-defined-certifier.md
Outdated
@@ -0,0 +1,37 @@ | |||
## Documentation: GUAC Pull from ClearlyDefined |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's make a few changes here. First, you don't need to say "documentation" in the header because it's on the docs site already. Second, you can replace this line with something like the below so that it will render in the CI build:
---
layout: page
title: ClearlyDefined certifier
permalink: /certifier-clearlydefined/
---
guac-clearly-defined-certifier.md
Outdated
|
||
### Overview | ||
|
||
GUAC (Graph for Understanding Artifact Composition) integrates with **ClearlyDefined** to enhance supply chain transparency by retrieving accurate license data for software dependencies. This functionality helps organizations make informed decisions about software licenses when managing their dependencies. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Link to clearlydefined.io
guac-clearly-defined-certifier.md
Outdated
|
||
This setup allows GUAC to remain flexible while keeping license data as accurate and complete as possible. | ||
|
||
For further details and potential enhancements, such as batched query support, you can explore the [official GUAC documentation](https://docs.guac.sh) or related updates from the development team. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This site is the official docs. :-) Let's just remove this line.
GUAC integrates ClearlyDefined queries either by: | ||
- **Scheduled certifier execution**: Automatically runs at set intervals to keep data current. | ||
- **On-demand during SBOM ingestion**: Queries ClearlyDefined in real-time during dependency ingestion, with the trade-off of slower processing. | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a third option: running guacone certifier cd
from the command line
Signed-off-by: Ritesh <[email protected]>
|
guac-clearly-defined-certifier.md
Outdated
3. **Manual Command Line Execution** | ||
- Users can directly invoke the certifier using: | ||
```bash | ||
guacone certifier cd --input <path> --output <path> [options] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The --input
and --output
arguments here are not supported by the guacone certifier
command
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since I am not sure about alternatives as guacone certifier may have specific arguments for choosing between source types rather than directly setting files via --input and --output, I think I will remove the command and only keep the description.
|
||
--- | ||
|
||
Below is a table of the supported **command-line arguments** for the **ClearlyDefined certifier**. These flags allow users to control input, output, and execution behavior. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where did you get this list of arguments, because it does not match the output of guacone certifier cd --help
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you please provide the ouputs of guacone certifier cd --help.
I went through the blogs and code base of certifier but couldn't figure out a relevant change.
Signed-off-by: Ritesh <[email protected]>
Closes #131