Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update strategies doc #1485

Merged
merged 2 commits into from
Nov 27, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 46 additions & 37 deletions docs/references/strategies/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -145,40 +145,49 @@ Invoke strict analysis with the `--strict` flag when running `fossa analyze`.

### Strategies by type

> If the FOSSA CLI is forced to utilize a fallback strategy, meaning it did not detect ideal results, a warning is emitted in the scan summary after running `fossa analyze`.

| Language/Package Manager | Dynamic | Static | Detect Vendored Code | Primary Strategy |
|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------|-----------|----------------------|------------------|
| [C#](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/dotnet) | ✅ | ✅ | ❌ | Dynamic |
| [C](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/c-cpp/c-cpp.md) | :warning: | :warning: | ✅ | None |
| [C++](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/c-cpp/c-cpp.md) | :warning: | :warning: | ✅ | None |
| [Clojure (leiningen)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/clojure/clojure.md) | ✅ | ❌ | ❌ | Dynamic |
| [Dart (pub)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/dart/dart.md) | ✅ | ✅ | ❌ | Dynamic |
| [Elixer (mix)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/elixir/elixir.md) | ✅ | ❌ | ❌ | Dynamic |
| [Erlang (rebar3)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/erlang/erlang.md) | ✅ | ❌ | ❌ | Dynamic |
| [Fortran](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/fortran/fortran.md) | ❌ | ✅ | ❌ | Static |
| [Go (dep)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/godep.md) | ❌ | ✅ | ❌ | Static |
| [Go (glide)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/glide.md) | ❌ | ✅ | ❌ | Static |
| [Go (gomodules)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/gomodules.md) | ✅ | ✅ | ❌ | Dynamic |
| [Gradle](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/gradle/gradle.md) | ✅ | ❌ | ❌ | Dynamic |
| [Haskell (cabal)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/haskell/cabal.md) | ✅ | ❌ | ❌ | Dynamic |
| [Haskell (stack)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/haskell/stack.md) | ✅ | ❌ | ❌ | Dynamic |
| [iOS (carthage)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/carthage.md) | ❌ | ✅ | ❌ | Static |
| [iOS (cocoapods)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/cocoapods.md) | ❌ | ✅ | ❌ | Static |
| [iOS (swift)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/swift.md) | ❌ | ✅ | ❌ | Static |
| [Maven](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/maven/maven.md) | ✅ | ✅ | ❌ | Dynamic |
| [NodeJS (NPM/Yarn/pnpm)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/nodejs/nodejs.md) | ❌ | ✅ | ❌ | Static |
| [Perl](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/perl/perl.md) | ❌ | ✅ | ❌ | Static |
| [PHP (Composer)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/php/composer.md) | ❌ | ✅ | ❌ | Static |
| [Python (Conda)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/conda.md) | ✅ | ✅ | ❌ | Dynamic |
| [Python (Pipenv)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/pipenv.md) | ✅ | ✅ | ❌ | Dynamic |
| [Python (Poetry)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/poetry.md) | ❌ | ✅ | ❌ | Static |
| [Python (Pdm)](./languages/python/pdm.md) | ❌ | ✅ | ❌ | Static |
| [Python (setup.py/requirements.txt)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/setuptools.md) | ✅ | ✅ | ❌ | Dynamic |
| [R (renv)](./languages/r/renv.md) | ❌ | ✅ | ❌ | Static |
| [Ruby (bundler)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/ruby/ruby.md) | ✅ | ✅ | ❌ | Static |
| [Rust (cargo)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/rust/rust.md) | ✅ | ❌ | ❌ | Dynamic |
| [Scala (sbt)](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/scala) | ✅ | ❌ | ❌ | Dynamic |

:warning:: Note that these strategies support _static_ and _dynamic_ detection differently than other strategies, and are not run by default.
Please make sure to check their linked documentation in the table above for more details.
> [!NOTE]
> Dynamic strategies require a working build environment for analysis.
>
> If a given package manager has a dynamic strategy with a static fallback, that means the static fallback provides worse results,
> so it is only used when the dynamic strategy fails. If the package manager only has static strategies, that means dynamic analysis
> is not required for ideal results.

> [!TIP]
> If FOSSA CLI is forced to utilize a fallback strategy, meaning it did not detect ideal results,
> a warning is emitted in the scan summary after running `fossa analyze`.

> [!WARNING]
> "Custom" strategies work very differently than the standard package manager based analysis; read their docs for more details.

| Language/Package Manager | Kind of analysis | Detect Vendored Code |
|-------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|----------------------|
| [C#](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/dotnet) | Static | ❌ |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Question] Is Nuget always what's used for C#? I don't need this resolved for approval but it feels like the package manager or NuGet is the right thing to put here vs. the language.

Copy link
Member Author

@jssblck jssblck Nov 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's a little strange. first: no, nuget isn't the only package manager for C# or .NET generally. But inside FOSSA CLI we group all the tactics for .NET under the Nuget module, e.g. Strategy.NuGet.Paket.

i do think it probably makes more sense to refer to the package manager in this table like we do for other languages, but i didn't make that change here to minimize change/confusion.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've gone ahead and updated these to match the other package managers in the table: C# was the only odd one out.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that looks good, thanks!

| [C](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/c-cpp/c-cpp.md) | Custom | ✅ |
| [C++](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/c-cpp/c-cpp.md) | Custom | ✅ |
| [Clojure (leiningen)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/clojure/clojure.md) | Dynamic | ❌ |
| [Dart (pub)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/dart/dart.md) | Dynamic with static fallback | ❌ |
| [Elixer (mix)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/elixir/elixir.md) | Dynamic | ❌ |
| [Erlang (rebar3)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/erlang/erlang.md) | Dynamic | ❌ |
| [Fortran](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/fortran/fortran.md) | Static | ❌ |
| [Go (dep)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/godep.md) | Static | ❌ |
| [Go (glide)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/glide.md) | Static | ❌ |
| [Go (gomodules)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/golang/gomodules.md) | Dynamic with static fallback | ❌ |
| [Gradle](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/gradle/gradle.md) | Dynamic | ❌ |
| [Haskell (cabal)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/haskell/cabal.md) | Dynamic | ❌ |
| [Haskell (stack)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/haskell/stack.md) | Dynamic | ❌ |
| [iOS (carthage)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/carthage.md) | Static | ❌ |
| [iOS (cocoapods)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/cocoapods.md) | Static | ❌ |
| [iOS (swift)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/platforms/ios/swift.md) | Static | ❌ |
| [Maven](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/maven/maven.md) | Dynamic with static fallback | ❌ |
| [NodeJS (NPM/Yarn/pnpm)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/nodejs/nodejs.md) | Static | ❌ |
| [Perl](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/perl/perl.md) | Static | ❌ |
| [PHP (Composer)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/php/composer.md) | Static | ❌ |
| [Python (Conda)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/conda.md) | Dynamic with static fallback | ❌ |
| [Python (Pipenv)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/pipenv.md) | Dynamic with static fallback | ❌ |
| [Python (Poetry)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/poetry.md) | Static | ❌ |
| [Python (Pdm)](./languages/python/pdm.md) | Static | ❌ |
| [Python (setup.py/requirements.txt)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/python/setuptools.md) | Dynamic with static fallback | ❌ |
| [R (renv)](./languages/r/renv.md) | Static | ❌ |
| [Ruby (bundler)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/ruby/ruby.md) | Dynamic with static fallback | ❌ |
| [Rust (cargo)](https://github.com/fossas/fossa-cli/blob/master/docs/references/strategies/languages/rust/rust.md) | Dynamic | ❌ |
| [Scala (sbt)](https://github.com/fossas/fossa-cli/tree/master/docs/references/strategies/languages/scala) | Dynamic | ❌ |
Loading