Document the ClearlyDefined certifier #167
Conversation
✅ Deploy Preview for resonant-wisp-1a517a ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
This is a great start. Apart from the comments I left, there are two other things that I'd like to see:
- A link to the configuration guide, perhaps in the invocation section when talking about running automatically.
- A table of the supported command line arguments and what they mean. See PR Added OSV Certifier documentation for GUAC #165 for an example
guac-clearly-defined-certifier.md
Outdated
| @@ -0,0 +1,37 @@ | |||
| ## Documentation: GUAC Pull from ClearlyDefined | |||
There was a problem hiding this comment.
Let's make a few changes here. First, you don't need to say "documentation" in the header because it's on the docs site already. Second, you can replace this line with something like the below so that it will render in the CI build:
---
layout: page
title: ClearlyDefined certifier
permalink: /certifier-clearlydefined/
---
guac-clearly-defined-certifier.md
Outdated
|
|
||
| ### Overview | ||
|
|
||
| GUAC (Graph for Understanding Artifact Composition) integrates with **ClearlyDefined** to enhance supply chain transparency by retrieving accurate license data for software dependencies. This functionality helps organizations make informed decisions about software licenses when managing their dependencies. |
There was a problem hiding this comment.
Link to clearlydefined.io
guac-clearly-defined-certifier.md
Outdated
|
|
||
| This setup allows GUAC to remain flexible while keeping license data as accurate and complete as possible. | ||
|
|
||
| For further details and potential enhancements, such as batched query support, you can explore the [official GUAC documentation](https://docs.guac.sh) or related updates from the development team. |
There was a problem hiding this comment.
This site is the official docs. :-) Let's just remove this line.
| GUAC integrates ClearlyDefined queries either by: | ||
| - **Scheduled certifier execution**: Automatically runs at set intervals to keep data current. | ||
| - **On-demand during SBOM ingestion**: Queries ClearlyDefined in real-time during dependency ingestion, with the trade-off of slower processing. | ||
|
|
There was a problem hiding this comment.
There's a third option: running guacone certifier cd from the command line
|
guac-clearly-defined-certifier.md
Outdated
| 3. **Manual Command Line Execution** | ||
| - Users can directly invoke the certifier using: | ||
| ```bash | ||
| guacone certifier cd --input <path> --output <path> [options] |
There was a problem hiding this comment.
The --input and --output arguments here are not supported by the guacone certifier command
There was a problem hiding this comment.
Since I am not sure about alternatives as guacone certifier may have specific arguments for choosing between source types rather than directly setting files via --input and --output, I think I will remove the command and only keep the description.
There was a problem hiding this comment.
The help content I included in another thread should give you the guidance you need here.
guac-clearly-defined-certifier.md
Outdated
|
|
||
| --- | ||
|
|
||
| Below is a table of the supported **command-line arguments** for the **ClearlyDefined certifier**. These flags allow users to control input, output, and execution behavior. |
There was a problem hiding this comment.
Where did you get this list of arguments, because it does not match the output of guacone certifier cd --help?
There was a problem hiding this comment.
could you please provide the ouputs of guacone certifier cd --help.
I went through the blogs and code base of certifier but couldn't figure out a relevant change.
There was a problem hiding this comment.
bcotton@Bens-MacBook-Air ~/g/guac (main)> guacone certifier cd --help
runs the clearly defined certifier
Usage:
guacone certifier cd [flags]
Flags:
--certifier-batch-size int sets the batch size for pagination query for the certifier (default 60000)
--certifier-latency string sets artificial latency on the certifier. Defaults to empty string (not enabled) but can set m, h, s...etc
-h, --help help for cd
-l, --last-scan int hours since the last scan was run. If not set, run on all packages/sources (default 4)
Global Flags:
--add-license-on-ingest if enabled, the ingestor will query and ingest clearly defined for licenses. Warning: This will increase ingestion times
--add-vuln-on-ingest if enabled, the ingestor will query and ingest OSV for vulnerabilities. Warning: This will increase ingestion times
--csub-addr string address to connect to collect-sub service (default "localhost:2782")
--csub-tls enable tls connection to the server
--csub-tls-skip-verify skip verifying server certificate (for self-signed certificates for example)
--gql-addr string endpoint used to connect to graphQL server (default "http://localhost:8080/query")
--header-file string a text file containing HTTP headers to send to the GQL server, in RFC 822 format
-i, --interval string if polling set interval, m, h, s, etc. (default "5m")
-p, --poll sets the collector or certifier to polling mode
|
DONE 👍 |
Ritesh-Udgata
force-pushed
the
ClearlyDefined
branch
from
9396b33
to
86776ae
Compare
|
It shouldn't have. Prettier will wrap lines at 80 characters if you use |
Signed-off-by: Ritesh <udgataritesh2005@gmail.com> update document after feedback Signed-off-by: Ritesh <udgataritesh2005@gmail.com> removed command for manual command line execution Signed-off-by: Ritesh <udgataritesh2005@gmail.com> prettier Signed-off-by: Ritesh <udgataritesh2005@gmail.com>
Ritesh-Udgata
force-pushed
the
ClearlyDefined
branch
from
86776ae
to
ae055bb
Compare
|
Closes #131