Define an approach to providing a public instance of ScanCode.io

[DennisClark]

Consider someone researching SCA tools who would like to get a quick-and-easy but meaningful look at ScanCode.io, especially if they want to try out some of the advanced features of the various pipelines, such as deploy-to-develop or container scanning or vulnerability detection or dependency identification. Yes there may of course be data privacy and security concerns in a publicly available server, but the purpose of this would simply be a demo, an opportunity to get acquainted with the ScanCode.io user experience.

What: a public ScanCode.io configured to integrate with public VulnerableCode and PurlDB servers, easily and quickly accessible by a new user. It would be completely refreshed on a routine basis.

What is the best way to implement this? What is the best way to grant access? Ideas and suggestions are welcome.

[DennisClark]

Question: should this public demo be configured with a sample license policy file? Probably yes, but it needs to be made clear in some manner that it is just that, a sample, and not a prescribed set of policies.

[AyanSinhaMahapatra]

This is a great idea, we should probably:

1. have some way to show in the projects homepage that a policy/settings file is set for the instance
2. have some way to view the instance wide policy/setting file, and some extra notes/comments on the file that this is a sample policy and not prescribed