A simple wrapper for the Fossology REST API.
See the OpenAPI specification used to implement this library.
Current release is compatible with Fossology version 4.4.0 - API version 1.6.1 (not all endpoints are supported)
See release notes for all details.
If you miss an API Endpoint, please open a new issue or contribute a pull request.
API v2 is partially supported too, however the specification is not stable yet and not all endpoints are supported.
See fossology-python on Github Pages.
This project is available as Python package on PyPi.org.
Install fossology and required dependencies:
pip install fossology requests
Get a REST API token either from the Fossology server under ``User->Edit user account`` or generate a token using the method available in this library:
from fossology import fossology_token from fossology.enum import TokenScope FOSSOLOGY_SERVER = "https://fossology.example.com/repo" # Note the absence of the trailing slash, otherwise the token generation will fail FOSSOLOGY_USER = "fossy" FOSSOLOGY_PASSWORD = "fossy" TOKEN_NAME = "fossy_token" # By default version v1 of the token generation API will be used token = fossology_token( FOSSOLOGY_SERVER, FOSSOLOGY_USER, FOSSOLOGY_PASSWORD, TOKEN_NAME, TokenScope.WRITE version="v1" )
Start using the API:
from fossology import Fossology # By default version v1 of the API will be used foss = Fossology(FOSSOLOGY_SERVER, token, FOSSOLOGY_USER, version="v1") print(f"Logged in as user {foss.user.name}")
Fossology Python also offers a command line interface to simplify interactions with your Fossology server.
To get a list of available commands, run:
$ foss_cli --help Usage: foss_cli [OPTIONS] COMMAND [ARGS]...
Generate a configuration file:
$ foss_cli config Enter the URL to your Fossology server: e.g. http://fossology/repo Fossology URL: http://fossology/repo Enter Username and Password: e.g. fossy/fossy (in the default environment) Username: fossy Password: Enter a scope for your Fossology token: either 'read' or 'write' Token scope: write
This will get a token from Fossology server and store it within the local
.foss_cli.inifile.On subsequent foss_cli calls those values will be reused.
Re-run the config command to create a new token once it expired.
Verbosity of all foss_cli commands could be increased using the
-vverbosity option:$ foss_cli -vv [COMMAND]
This runs the given command with verbosity level 2 (all debug statements will be logged).
A log file in directory
.foss_cli_resultsnamed.foss_cli.logwill be created.To create a group:
$ foss_cli -vv create_group FossGroup
To create a a folder:
$ foss_cli -vv create_folder FossFolder \ --folder_group FossGroup \ --folder_description "Description of FossFolder"To upload a file:
$ foss_cli -vv upload_file tests/files/zlib_1.2.11.dfsg-0ubuntu2.debian.tar.xz \ --folder_name FossFolder --access_level publicTo upload a source package to the server and initialize a scan workflow including report generation:
$ foss_cli -vv start_workflow --help Usage: foss_cli start_workflow [OPTIONS] FILE_NAME The foss_cli start_workflow command. Options: --folder_name TEXT The name of the folder to upload to. --file_description TEXT The description of the upload. --dry_run / --no_dry_run Do not upload but show what would be done. Use -vv to see output. --reuse_newest_upload / --no_reuse_newest_upload Reuse newest upload if available. --reuse_newest_job / --no_reuse_newest_job Reuse newest scheduled job for the upload if available. --report_format TEXT The name of the reportformat. [dep5, spdx2,spdxtv,readmeoss,unifiedreport, clixml,spdx3json,spdx3rdf,spdx3jsonld] --access_level TEXT The access level of the upload.[private,protected,public] --help Show this message and exit.
- All contributions in form of bug reports, feature requests or merge requests!
- Use proper docstrings to document functions and classes
- Extend the testsuite poetry run pytest with the new functions/classes
- The documentation website can automatically be generated by the Sphinx autodoc extension
HINT
To avoid running the whole testsuite during development of a new branch with changing only touching the code related to the CLI, name your branchfeat/cli-{something}and only thetest_foss_cli_*will run in the pull request context.
AI-Assisted Contributions
AI coding agents are active in this repository. If you are an AI agent or using AI-assisted tooling, please follow these guidelines:
- Do not pollute the issue tracker with lengthy explanations for simple fixes or API extensions. The issue tracker is reserved for discussing significant design decisions and feature proposals.
- Keep pull requests concise. The maintainers do not need a full report of every change — the code speaks for itself. Minimize verbose descriptions and auto-generated summaries.
- All new extensions must include test cases. Every new feature or API extension must be properly covered by tests that provide confidence in the patch. Pull requests without adequate test coverage will not be accepted.
You can build the PyPi package using poetry:
poetry build
Build documentation:
The static site is generated automatically by GitHub Actions on every merge to main branch and pushed to gh-pages branch. The action uses JamesIves/github-pages-deploy-action to deploy the static pages.
To build it locally
poetry run sphinx-build -b html docs-source docs/
Cleanup builds:
rm -r dist/ docs/
Each new release gets a new tag with important information about the changes added to the new release:
git tag -a vx.x.x -m "New major/minor/patch release x.x.x"
git push origin vx.x.xAdd required information in the corresponding release in the Github project.
Publish the newest release to PyPi (visit https://pypi.org/manage/account/#api-tokens to get the token):
poetry publish --build --username __token__ --password $PYPI_TOKENThe testsuite available in this project expects a running Fossology instance under the hostname fossology with the default admin user "fossy".
Use the latest Fossology container from Docker hub:
docker pull fossology/fossology tar xJf tests/files/base-files_11.tar.xz -C /tmp docker run --mount src="/tmp",dst=/tmp,type=bind --name fossology -p 80:80 fossology/fossologyStart the complete test suite or a specific test case (and generate coverage report):
poetry run coverage run --source=fossology -m pytest poetry run coverage report -m poetry run coverage html