Perl
Analyze Perl projects with FOSSA via CPAN, through Quick Import or the FOSSA CLI.
Overview
FOSSA supports Perl projects through CPAN. You can analyze a project two ways: Quick Import in the web app, or the FOSSA CLI.
Tool support
| Tool | Quick Import (app.fossa.com) | CLI (fossa-cli) |
|---|---|---|
| perl / cpan | cpanfile, Makefile.PL, Build.PL, (MY)META.(yml/json) | (MY)META.(yml/json) |
How Quick Import works
When Perl code is imported through the web app, FOSSA seeks and analyzes the following files for license and dependency information:
cpanfileMakefile.PLBuild.PL(MY)META.(yml/json)
Along with parsing these files, FOSSA runs the cpanm command line tool to discover dependencies brought in dynamically by CPAN. Once dependencies are found, they are resolved against the CPAN ElasticSearch index.
Note
FOSSA's Repository Scanning infrastructure currently uses Perl v5.18.2.
Analyzing with the CLI
Install the latest release of fossa-cli:
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bashThen run fossa analyze from your repository's root directory to analyze your Perl project.
Analysis strategies
| Strategy | Direct Deps | Transitive Deps | Edges | Classifies Dev Dependencies | Container Scanning |
|---|---|---|---|---|---|
*META.{yml, json} | ✅ | ✅ | ❌ | ✅ | ✅ |
Project discovery. FOSSA finds a file named MYMETA.json, MYMETA.yml, META.json, or META.yml.
Analysis: FOSSA parses the discovered MYMETA.{yml, json} or META.{yml, json} file to identify dependencies.
Note
- Only dependencies required for
runtimeare reported. - Reported analysis does not include edges.
To restrict a scan to Perl only, specify the analysis target explicitly in a .fossa.yml file:
# .fossa.yml version: 3targets: only: - type: perlPackage data
FOSSA supports any packages available in the CPAN master registry. Declared licenses in (MY)META.(yml/json) files are recognized, as well as any licenses picked up in a full package-wide code audit.