pyc2pa
scancode-toolkit
Our great sponsors
| pyc2pa | scancode-toolkit | |
|---|---|---|
| 2 | 4 | |
| 31 | 1,972 | |
| - | 2.6% | |
| 1.8 | 9.6 | |
| almost 2 years ago | 8 days ago | |
| Python | Python | |
| GNU General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pyc2pa
-
PyC2PA (our Python Implementation of Content Authenticity Initiative based on C2PA Spec
pyc2pa GitHub: https://github.com/numbersprotocol/pyc2pa
- Implementation of Content Auth Initiative Following C2PA Specs
scancode-toolkit
- ScanCode: Scan license and packages, dependencies and origin information
-
User beware: Modified AGPLv3 removes freedoms, adds legal headaches
Hey, pabs3! Actually this is not using a rolling checksum for detection but rather a combo of language model, checksums, automatons, bitvectors, inverted indexes and multiple sequences alignment (e.g. a specialized diff). I put some docs there to explain the approach at ahttps://github.com/nexB/scancode-toolkit/blob/develop/src/li...
-
I've just started using python at work, is there anything I need to be careful about?
If you're concerned about licensing in your dependencies, use a license scanner like scancode toolkit. Similar scanners are available in products like JFrog Artifactory or GitLab (paid versions)
What are some alternatives?
parler-py-api - UNOFFICIAL Python API to interface with Parler.com
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
lpub3d - An LDraw™ editor for LEGO® style digital building instructions.
ort - A suite of tools to automate software compliance checks.
DFSpot-Deepfake-Recognition - Determine whether a given video sequence has been manipulated or synthetically generated
cyclonedx-gradle-plugin - Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
connaisseur - An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
fossology - FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Neo4j - Graphs for Everyone
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
gpl-history
tern - Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.