orthw is a command-line utility designed to simplify and speed up common tasks performed when processing ORT
scan results. It supports a number of commands, which can be run in the terminal.
For example:
- To correct license findings in an open source dependency, you can run
orthw pc-create <package-id>, which generates a package configuration file. - To indicate that certain items are internal to the project (and so license findings should not be reported against them), you can generate scope excludes for your project's .ort.yml file with the command
orthw rc-generate-scope-excludesgenerates scope excludes.
orthw:
- Simplifies common ORT scan review tasks such as clearing found licenses.
- Offers easy to remember CLI commands (but should you forget, run
orthwwith no arguments to see a complete list). - Includes commands to format, sort, clean up and generate ORT config files such as .ort.yml and package configuration.
- Is pre-configured to work with the ort-config repository allowing you to re-use the work of other ORT users.
orthw requires the following tools to be installed on the system where you intend to run it:
The next step is to clone the repositories of ORT, ort-config, ScanCode and orthw.
Run the commands shown below in a dedicated directory such as ~/ort-project:
mkdir -p ~/ort-project && \
cd ~/ort-project && \
git clone https://github.com/oss-review-toolkit/ort.git && \
git clone https://github.com/oss-review-toolkit/ort-config.git && \
git clone https://github.com/oss-review-toolkit/orthw.git && \
git clone https://github.com/nexB/scancode-toolkit.gitFinally, create an exports directory which will be used to store exported license finding curations and path excludes.
mkdir -p ~/ort-project/exportsNavigate to the directory where you cloned the ORT repository and run its native build command:
cd ~/ort-project/ort && \
./gradlew installDist- Copy the
orthwconfig-templatefile from the orthw repository into your home directory.
cp ~/ort-project/orthw/orthwconfig-template ~/.orthwconfig-
Open
~/.orthwconfigin a text editor. -
Set
ort_home,orthw_home,configuration_homeandscancode_hometo the location of the ORT, orthw, ORT configuration and ScanCode repositories which you cloned in above Prerequisites, respectively.If you followed examples in the previous steps and used a
ort-projectdirectory then the contents ofconfig.ymlfile.The file is present in follow OS directories:
- Linux ~/.config/orthw
- Mac OS X ~/Library/Application Support/orthw
- Windows C:\Users\\Local\orthw\Config
and its minimal contents should be shown below:
configuration_home: ~/ort-project/ort-config
ort_home: ~/ort-project/ort
scancode_home: ~/ort-project/scancode-toolkit
exports_home: ~/ort-project/exports
orthw_home: ~/ort-project/orthw
Verify that orthw works by running orthw in a new terminal window: orthw should print the full list of available commands and no error messages.
Follow the Getting Started guide to learn how to use orthw to:
- Initializing a local directory with an ORT scan result
- Generating a Web App report to see scan results in a web browser
- Marking files, directories or package manager scopes in your project as not included in released artifacts
- Checking your project dependencies for security advisories
- Correcting missing or incorrect package metadata
- Marking files or directories in the sources of a dependency as not included in released artifacts
- Correcting a detected license found in package source code
- Listing the licenses found in the sources of a package
- Listing licenses flagged with a policy violation
- Conclude the license for a package
PYTHONPATH=$PWD/src export PYTHONPATH pip install poetry python -m poetry poetry install python -m orthw
poetry up -> update deps
To check your path is correctly configured
python -c "import sys; print('\n'.join(sys.path))"
python -m orthw package-config create Maven:org.eclipse.platform:org.eclipse.osgi:3.18.200
pip install ptpython
pip install pre-commit poetry self update pre-commit run --all
All contributions are welcome. If you are interested in contributing, please read our contributing guide. To get quick answers to any of your questions we recommend that you join our Slack community.
Copyright (C) 2018-2024 The ORTHW Project Authors.
See the LICENSE file in the root of this project for license details.
OSS Review Toolkit (ORT) is a Linux Foundation project and part of ACT.