{"id":36823556,"url":"https://github.com/scanoss/auditcmd","last_synced_at":"2026-01-12T14:02:35.337Z","repository":{"id":310405341,"uuid":"1038144913","full_name":"scanoss/auditcmd","owner":"scanoss","description":"A command-line auditing tool for reviewing SCANOSS Open Source scanning results JSON file","archived":false,"fork":false,"pushed_at":"2025-11-07T06:21:49.000Z","size":8496,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-07T07:20:02.742Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/scanoss.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit.go","citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-14T17:35:41.000Z","updated_at":"2025-11-07T06:21:52.000Z","dependencies_parsed_at":"2025-08-17T23:23:39.276Z","dependency_job_id":"676630c2-1b46-4cf4-82bc-ae93ac309c64","html_url":"https://github.com/scanoss/auditcmd","commit_stats":null,"previous_names":["scanoss/auditcmd"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/scanoss/auditcmd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fauditcmd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fauditcmd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fauditcmd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fauditcmd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/scanoss","download_url":"https://codeload.github.com/scanoss/auditcmd/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/scanoss%2Fauditcmd/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28340225,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T12:22:26.515Z","status":"ssl_error","status_checked_at":"2026-01-12T12:22:10.856Z","response_time":98,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-12T14:02:35.004Z","updated_at":"2026-01-12T14:02:35.296Z","avatar_url":"https://github.com/scanoss.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AuditCmd\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Go Report Card](https://goreportcard.com/badge/github.com/scanoss/auditcmd)](https://goreportcard.com/report/github.com/scanoss/auditcmd)\n\nA command-line auditing tool for reviewing SCANOSS Open Source scanning results with a console UI built using gocui.\n\n\u003e **Note**: This is a console-based TUI application that requires a proper terminal environment to run.\n\n## Features\n\n### Core Functionality\n- **Directory Tree Navigation**: Browse through directory structure with collapsible directories\n- **PURL Ranking View**: Switch to component-centric view showing PURLs ranked by file count\n- **Dual View Toggle**: Press [P] for PURL view or [D] for Directory view\n- **Resizable Panes**: Use Left/Right arrow keys to adjust pane sizes\n- **File Filtering**: Only displays files with actual Open Source matches (`id = \"file\"` or `id = \"snippet\"`)\n- **Visual File Status**: Files show ✓ (identified), ✗ (ignored), or no symbol (unprocessed)\n- **Smart Hide/Show Toggle**: Press [T] to toggle visibility of audited files (works in both Directory and PURL modes)\n\n### Data Export \u0026 Persistence\n- **CSV Export**: Press [E] to export audit results to CSV with comprehensive file information\n- **Configuration Persistence**: All settings (API key, pane width, audited filter state) saved to `~/.auditcmd`\n- **Auto-restore Settings**: Application remembers your preferences across sessions\n\n### API Integration \u0026 Content Viewing  \n- **Secure API Integration**: Automatic API key management with secure storage and SCANOSS API authentication\n- **File Content Viewer**: Display file contents fetched from SCANOSS API with line highlighting for snippet matches\n- **Direct Audit Actions**: Press [A]ccept or [I]gnore to make instant audit decisions with optional comments\n\n### User Experience\n- **Progress Tracking**: Real-time progress bar showing audit completion percentage across all files\n- **Comprehensive Status Display**: Shows file/directory statistics, audit counts, and API status\n- **Full Keyboard Navigation**: Efficient keyboard-only interface with context-sensitive help\n\n## Usage\n\n```bash\n./auditcmd \u003cscanoss-result.json\u003e\n./auditcmd --reset-api-key      # Remove stored API key\n./auditcmd --api-key-status     # Check API key configuration\n```\n\nWhere `\u003cscanoss-result.json\u003e` is the JSON file containing SCANOSS scan results.\n\n## API Key Management\n\nThe application requires a SCANOSS API key to fetch file contents. On first run:\n\n1. **Initial Setup**: You'll be prompted to enter your SCANOSS API key or skip\n2. **Skip Option**: Enter 'skip' to run in limited mode without file content viewing\n3. **Secure Storage**: API key is saved to `~/.auditcmd` with secure file permissions (600)\n4. **Automatic Loading**: Subsequent runs will automatically use the stored API key\n5. **Status Check**: Use `./auditcmd --api-key-status` to check if an API key is configured\n6. **Reset Option**: Use `./auditcmd --reset-api-key` to remove and reset your stored API key\n\n### Limited Mode (No API Key)\nWhen running without an API key, you can still:\n- ✅ Navigate directory tree and file lists\n- ✅ View file metadata (PURL, licenses, match type)\n- ✅ Make audit decisions (IDENTIFY/IGNORE with assessments)\n- ✅ Save audit results to JSON\n- ❌ View actual file contents\n- ❌ See highlighted snippet matches\n\nThe API key is sent with requests using the `X-API-Key` header as required by the SCANOSS API.\n\n## Interface Layout\n\nThe application is divided into four main sections:\n\n### Status Panel (Top, 2 lines)\n- **Line 1**: File/Directory info, component PURL, licenses \n- **Line 2**: Audit statistics (Pending, Identified, Ignored), Audited filter status, API key status\n- Shows comprehensive audit progress and current filter state\n- Works independently in both Directory and PURL view modes\n\n### Left Panel (Resizable - Dual View)\n**Directory View (Default)**:\n- Collapsible directory structure (directories only, no files shown in tree)\n- **Dynamic Count**: Shows file count based on current filter state (e.g., \"src (23)\" or \"src (5)\" when hiding audited)\n- Navigate with Up/Down arrow keys, Enter to expand/collapse\n- Only shows directories containing files with valid Open Source matches\n\n**PURL View (Press [P] to switch)**:\n- Component-centric view showing Package URLs ranked by file count\n- **Ranked by Impact**: PURLs with most files appear first \n- **Dynamic Count**: Shows count based on filter (e.g., \"pkg:npm/react@18.2.0 (45)\" or \"(12)\" when hiding audited)\n- Navigate with Up/Down arrow keys to select PURL\n\n### Right Panel (Resizable - Files/Content)\n**List Mode**: Shows files from selected directory or PURL\n- **Clean Display**: File paths only (no clutter)\n- **Visual Status**: Files show ✓ (identified), ✗ (ignored), or no symbol (unprocessed)\n- Navigate with Up/Down arrow keys\n- **Smart Filtering**: [T] key toggles audited files in both Directory and PURL modes\n\n**Content Mode**: Shows actual file source code\n- **Syntax Highlighting**: Line numbers and highlighted snippet matches\n- **ESC key**: Return to file list\n- **[A]ccept/[I]gnore**: Make audit decisions while viewing content\n\n### Export \u0026 Configuration\n- **[E] CSV Export**: Export comprehensive audit results to CSV file  \n- **Auto-naming**: Defaults to input filename with .csv extension\n- **Overwrite Confirmation**: Shows file existence warning before export\n- **Persistent Settings**: All preferences saved automatically to `~/.auditcmd`\n\n## Keyboard Controls\n\n### Navigation\n- **Tab**: Switch between left panel (Directories/PURLs) and Files panel\n- **Up/Down**: Navigate in the active panel (directory tree, PURL list, or file list)\n- **Left/Right**: \n  - In Directories panel: Collapse/expand directories\n  - In Files panel: Resize panels (make left panel smaller/larger)\n- **Enter**: \n  - In Directories: Expand/collapse directory\n  - In Files List: View file content\n- **ESC**: Return from file content view to file list\n\n### View Controls\n- **[P]**: Switch to PURL ranking view (component-centric)\n- **[D]**: Switch to Directory tree view (file system structure)\n- **[T]**: Toggle audited files visibility (works in both Directory and PURL modes)\n\n### Audit Actions\n- **[A]**: Accept/Identify current file as valid Open Source match with optional comment\n- **[I]**: Ignore current file as false positive with optional comment\n\n### Export \u0026 System\n- **[E]**: Export audit results to CSV file\n- **[Q]** or **Ctrl+C**: Quit application\n\n### Content Viewing (when viewing file content)\n- **Space**: Page down\n- **Shift+Space**: Page up  \n- **Shift+Up/Down**: Page up/down\n- **Page Up/Page Down**: Page navigation\n\n## Dual View System\n\nThe application offers two complementary ways to navigate your scan results:\n\n### Directory View (Default)\n- **File System Structure**: Traditional directory tree showing how files are organized\n- **Directory Focus**: Navigate by folder structure to understand codebase organization  \n- **Collapsible Tree**: Expand/collapse directories to focus on specific areas\n- **Best For**: Understanding file organization, working through directories systematically\n\n### PURL View ([P] to switch)\n- **Component Focus**: Shows Package URLs (PURLs) ranked by number of matching files\n- **Impact-Based**: Most prevalent components appear first\n- **Dependency Analysis**: Quickly identify which components affect the most files\n- **Best For**: Understanding component dependencies, focusing on high-impact packages\n\nBoth views show dynamic file counts that update based on the audited filter state, and file navigation works identically in both modes.\n\n## Audit Process\n\n1. Navigate to a file using either directory tree, PURL ranking, or file list\n2. Press **[A]** to accept the match or **[I]** to ignore it\n3. A compact modal appears with:\n   - Line 1: \"Comment (Optional)\" label\n   - Lines 2-3: Text entry area for optional assessment comment\n   - Line 4: \"ENTER: Accept/Ignore  ESC: Cancel\"\n4. Type your optional comment (or leave blank)\n5. Press **Enter** to save the decision or **ESC** to cancel\n\nAudit decisions are saved directly to the original JSON file in an `audit` array for each file match.\n\n## CSV Export\n\nThe application provides comprehensive CSV export functionality:\n\n### Export Process\n1. Press **[E]** from any view (Directory or PURL mode)\n2. Review the export dialog showing:\n   - Target filename (automatically generated from input JSON)\n   - Overwrite warning if file exists\n3. Press **Enter** to export or **ESC** to cancel\n4. Export completes silently and returns to main interface\n\n### CSV Format\nThe exported CSV includes the following columns:\n- **File Path**: Full path to each file in the scan results\n- **Match Type**: \"file\", \"snippet\", or \"no-match\" for files without valid matches\n- **PURL**: Package URL(s) - concatenated with \"; \" separator for multiple PURLs\n- **License**: License name(s) - concatenated with \"; \" separator for multiple licenses  \n- **Status**: \"Pending\", \"Accepted\" (identified), or \"Ignored\"\n- **Comment**: Auditor assessment/comment if provided\n\n### Export Features\n- **Comprehensive**: Exports ALL files from scan data, including those without matches\n- **Current State**: Reflects all audit decisions made during the session\n- **Auto-naming**: Uses input JSON filename with `.csv` extension (e.g., `scan-results.json` → `scan-results.csv`)\n- **Overwrite**: Silently overwrites existing files after confirmation\n\n## Data Structure\n\nThe tool expects SCANOSS JSON format with the following key fields:\n- `id`: \"file\", \"snippet\", or \"none\"\n- `file`: File path\n- `file_url`: URL to fetch file content\n- `oss_lines`: Line ranges for snippet matches\n- `purl`: Package URL identifiers\n- `licenses`: License information\n- `audit`: Array of audit decisions (added by this tool)\n\n## Configuration\n\nThe application automatically manages configuration in `~/.auditcmd`:\n\n### Stored Settings\n- **API Key**: SCANOSS API key for content fetching (secure 600 permissions)\n- **Pane Width**: Left panel width ratio (0.2 to 0.8)\n- **Audited Filter**: Hide/show audited files state (true/false)\n\n### Configuration Format\n```ini\n# AuditCmd Configuration\n# This file stores settings for the AuditCmd application\n\napi_key=your_scanoss_api_key_here\npane_width=0.50\nhide_identified=false\n```\n\n### Management Commands\n- **Status Check**: `./auditcmd --api-key-status`\n- **Reset API Key**: `./auditcmd --reset-api-key`\n- **Auto-save**: All UI changes (pane resize, filter toggle) save automatically\n\n## Building\n\n```bash\ngo mod tidy\ngo build\n```\n\n## Dependencies\n\n- github.com/awesome-gocui/gocui: Console UI framework\n- golang.org/x/term: Terminal functionality for secure API key input\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.\n\n## Support\n\nFor questions, issues, or feature requests, please visit the [SCANOSS website](https://www.scanoss.com) or open an issue in this repository.\n\n## File Structure\n\n- `main.go`: Application entry point, core logic, and dual-view management\n- `models.go`: Data structures for SCANOSS JSON format and PURL ranking\n- `tree.go`: Directory tree and PURL ranking navigation with dynamic counting\n- `filelist.go`: File listing and content viewing for both view modes\n- `status.go`: Status panel implementation with comprehensive audit statistics\n- `audit.go`: Audit decision functionality and dialog management\n- `export.go`: CSV export functionality with comprehensive file reporting\n- `apikey.go`: Configuration management, API key storage, and settings persistence\n- `progress.go`: Progress tracking and completion percentage calculations","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fauditcmd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fscanoss%2Fauditcmd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fscanoss%2Fauditcmd/lists"}