Use the Agent with an SCM Other than Git

SourceClear Software Composition Analysis

You can use the SourceClear agent to scan a repository that uses a source code management (SCM) system other than Git.

The SourceClear agent normally interacts with a Git repository to learn the branch, commit, working directory state, and similar attributes to make the scan reports the most meaningful to the reader. However, not every organization uses Git and thus the agent needs a mechanism through which the scan data can be associated with the underlying source control metadata.
Note: Using an SCM other than Git requires a paid SourceClear subscription.

Communicating SCM Metadata to the Agent

The SourceClear agent accepts SCM metadata from the caller through the following environment variables.

Environment Variable What It Controls
SRCCLR_SCM_URI The URI you use to connect to the SCM system. For example: or
Note: This value is the default name of the project in SourceClear after you complete your first scan.
SRCCLR_SCM_REF Any meaningful name of the current working directory's state, such as a branch, a tag, or a similar concept in your SCM.
SRCCLR_SCM_REF_TYPE Optional. The type of reference described in the SRCCLR_SCM_REF variable, which can be one of the following case-insensitive strings: branch, tag, or commit. The default value is commit.
SRCCLR_SCM_REV The revision of the current working directory's state, which, for example, might be a Subversion change number or a Mercurial revision identifier.
SRCCLR_SCM_SUB_PATH Optional. Only meaningful if the project is located in a subdirectory down from the root of the SCM repository (as one might find with a multi-project Mercurial repository). Users of Subversion and similar "directory addressable" source control systems will do better by specifying the full path to the project root as the SRCCLR_SCM_URI.


Check out the source as you normally would and change to the working directory.
$ svn checkout properties-mvn
$ cd properties-mvn
To gather the information, use the source control tool to inspect its status.
$ svn info
Path: .
Working Copy Root Path: /Users/mdaniel/.tmp/properties-mvn
Relative URL: ^/
Repository Root:
Repository UUID: a38e15f5-c4e9-4b0a-8018-68579ae2876f
Revision: 10
Node Kind: directory
Schedule: normal
Last Changed Author: ayanul
Last Changed Rev: 10
Last Changed Date: 2010-09-29 04:28:27 -0700 (Wed, 29 Sep 2010)
Now you can capture the relevant pieces of metadata in environment variables and invoke the srcclr scan command to begin scanning.
$ export SRCCLR_SCM_URI=
$ export SRCCLR_SCM_REF=trunk
$ export SRCCLR_SCM_REF_TYPE=branch
$ export SRCCLR_SCM_REV=10
$ srcclr scan

The results print a summary to the terminal and provide a hyperlink to the full details on the SourceClear website.