Question about new release

[security-companion]

Hi,
I read that loki is not supported anymore and that you recommend using Thor Lite instead.

Nevertheless I would like to ask if it is possible to make a new release of loki so that the latest code changes can be used via an installer (I know that it however possible to make a git clone and use the latest code from there but for that you first need to have python installed).

The reason why I ask is that when running a scan with Thor Lite the html report says that Thor Lite is only allowed for non-commercial use.
So from my understanding the only one of your free scanners that can be used in a commercial environment is loki.

Greetings
security-companion

[Neo23x0]

"Commercial use not allowed" means that you're not allowed to sell it as a service. You can use it to scan your corporate environment or do other things except selling it as a service.

The problem is that I don't even have a build environment anymore to build LOKI. It would cost me 2 hours to set on up.
And I would also have to review the code changes and merge some pull requests, which costs even more hours of work. Maybe I'll have some time to do that in late December.
Which code change is important?

[security-companion]

Hi,
thank you very much for the clarification about the license.

I personally would be very interested in this change security-companion@9b9656b

Regarding building I made a pull request which introduces a github action for automatic building of the binaries and zipping inside of github. With this no local development environment is necessary any more #260
The lint-action is still failing in this pull request, the necessary change is already in #256 and #257

Greetings
security-companion

[Neo23x0]

I don't want the scanner to print a warning every time it skips a file for any reason.
We could talk about "notice" level messages, but skipping a file is expected behaviour. I don't want it to print "Warnings" when the scanner works as expected.

[security-companion]

Thanks for merging my pull request.
I had chosen info as this is also set for the other "Skipping file"-message (Skipping file due to fast scan mode)
We can also change the "Skipping file due to file size"-message from info to notice, see #262

[Neo23x0]

Oh, you say, you've chosen "Info", but I saw a "Warning" in the code of the PR. The commit message even says: "add warning if file is skipped because of file size"

security-companion@9b9656b#diff-6f22c54946bc6e83f9850b3cdef74f5040e6b8f0d6e5d46980b46cb0674dc00fR372

"Info" level would be best.

[security-companion]

Yes, originally it was warning but one day after the commit you reference I changed it in security-companion@191086b from warning to info. This is what then got merged into trunk in pull request https://github.com/Neo23x0/Loki/pull/239/files

Currently we have info in the main-branch, see https://github.com/security-companion/Loki/blob/88c8d3e710cbc35ad7f282c69d4f572bce4015a4/loki.py#L372