Skip to content

OSS Find Source

Jump to bottom
Gabe Stocco edited this page Jun 4, 2021 · 1 revision

It's often useful to locate the source code to a given package. OSS Find Source works by searching through package metadata (obtained by querying an API or scraping relevant web pages) for GitHub URLs. It then outputs that list of URLs.

Currently, OSS Find Source is only aware of GitHub. Support for Bitbucket, GitLab, and other sources may be added in the future.

Usage information from --help

USAGE:
Find the source code repository for the given package:
  oss-find-source --format text [options] package-url...

  -f, --format         (Default: text) selct the output format(text|sarifv1|sarifv2)
  -o, --output-file    (Default: ) send the command output to a file instead of stdout
  -S, --single         (Default: false) Show only top possibility of the package source repositories. When using text
                       format the *only* output will be the URL or empty string if error or not found.
  --help               Display this help screen.
  --version            Display version information.

The package-url specifier is described at https://github.com/package-url/purl-spec:
  pkg:cargo/rand                The latest version of Rand (via crates.io)
  pkg:cocoapods/AFNetworking    The latest version of AFNetworking (via cocoapods.org)
  pkg:composer/Smarty/Smarty    The latest version of Smarty (via Composer/ Packagist)
  pkg:cpan/Apache-ACEProxy      The latest version of Apache::ACEProxy (via cpan.org)
  pkg:cran/[email protected]           Version 0.8.0 of ACNE (via cran.r-project.org)
  pkg:gem/rubytree@*            All versions of RubyTree (via rubygems.org)
  pkg:golang/sigs.k8s.io/yaml   The latest version of sigs.k8s.io/yaml (via proxy.golang.org)
  pkg:github/Microsoft/DevSkim  The latest release of DevSkim (via GitHub)
  pkg:hackage/a50@*             All versions of a50 (via hackage.haskell.org)
  pkg:maven/org.apdplat/deep-qa The latest version of org.apdplat.deep-qa (via repo1.maven.org)
  pkg:npm/express               The latest version of Express (via npm.org)
  pkg:nuget/Newtonsoft.JSON     The latest version of Newtonsoft.JSON (via nuget.org)
  pkg:pypi/[email protected]        Version 1.11.1 fo Django (via pypi.org)
  pkg:ubuntu/zerofree           The latest version of zerofree from Ubuntu (via packages.ubuntu.com)
  pkg:vsm/MLNET/07              The latest version of MLNET.07 (from marketplace.visualstudio.com)
  pkg:url/[email protected]?url=<URL>     The direct URL <URL>
Clone this wiki locally