github.com/joey-fossa/fossa-cli@v0.7.34-0.20190708193710-569f1e8679f0/docs/integrations/buck.md (about) 1 # Buck 2 3 ## Support 4 5 [Buck](#https://github.com/facebook/buck) projects are supported in a limited fashion by leveraging the [archive uploader](#./archive.md). The following is required 6 7 - `buck` is required to be installed in order to find the transitive dependency graph. 8 - a `.buckconfig` file. 9 - A functioning Buck project that has been built. 10 11 ## Configuration 12 13 ### Automatic 14 15 Running `fossa init` can detect Buck projects two different ways: 16 1. If a `.buckconfig` file is found, FOSSA can be sure it is at the root of a [Buck cell](https://buckbuild.com/about/overview.html). 17 1. Search for user defined aliases in `.buckconfig`. 18 2. If none are found, run `buck targets //` to find all local targets at the root. 19 2. No `.buckconfig` file is found but a `BUCK` file is found denoting a [Buck package](https://buckbuild.com/about/overview.html). 20 1. FOSSA CLI runs `buck targets <directory>:` to find all local targets to the 21 22 ### Manual 23 24 Add a module with `type: buck`, `target` set to a valid [buck target](https://buckbuild.com/concept/build_target.html), and `dir` set to the current directory. 25 26 ```yaml 27 analyze: 28 modules: 29 - name: buckproject 30 type: buck 31 target: //programs:buck 32 dir: . 33 ``` 34 35 ## Analysis 36 37 Buck projects are uploaded with all of their source code broken into dependencies for license analysis by FOSSA. This project involves a few steps: 38 1. Determine the correct buck command to run by trying to execute `FOSSA_BUCK_CMD`, `./buckw`, and `buck`. 39 1. Run `buck audit input <target> --json` to retrieve a list of all dependencies. 40 1. Upload these dependencies and maintain references to their uploaded locator. 41 1. Create a dependency graph by recursively running `buck audit dependencies <target>` on each dependency and add it to the graph. 42 1. Upload the dependency graph to FOSSA which will match the dependency locators to the raw upload and analysis of each dependency.