Named Contributing Developer or NCD means anyone committing code during the past ninety (90) days to the Projects to be scanned by the licenses product, or the most recent person to make changes to the project code if no code commits have been made in the past ninety (90) days.
You will need a GitHub API Access Token, which you can create using the following instructions:
- Open GitHub Settings
- Log in to GitHub.
- Click your profile picture in the top‑right corner.
- Select Settings.
- Navigate to Developer Settings
- In the left sidebar, click Developer settings.
- Create a Fine‑Grained Token
- Select Personal access tokens.
- Click Fine‑grained tokens.
- Click Generate new token (fine‑grained).
- Configure Token Details
- Repository Access: Choose the specific repository or organization the token should access.
- Permissions: Under Repository permissions, select the required access (e.g., Contents: Read and Write).
- Expiration: Choose an expiration date (recommended for security).
- Generate and Copy the Token
- Click Generate token. Copy the token immediately - you will not be able to view it again.
- Set the
GITHUB_TOKENenvironment variable to this value, for example:
$Env:GITHUB_TOKEN="__YOUR_GITHUB_ACCESS_TOKEN__"export GITHUB_TOKEN="__YOUR_GITHUB_ACCESS_TOKEN__"Create the configuration file using the following command:
fcli license ncd-report create-config -c GitHub-NcdReportConfig.yml -yOpen the file GitHub-NcdReportConfig.yml and specify the organizations and repositories that you want to include. See the example examples/GitHub/GitHub-NcdReportConfig.yml that filters on repositories with GitHub topics fortify-integration.
Generate the report using the following command:
fcli license ncd-report create -c GitHub-NcdReportConfig.yml -d github-ncd-report -yA number of files will be created in the github-ncd-report directory - the summary contributors.csv should be used for license calculations.
You will need a GitLab API Access Token, which you can create using the following instructions:
-
Open GitLab User Settings
- Log in to your GitLab instance.
- Click your avatar in the upper-right corner.
- Select Edit profile.
-
Navigate to Access Tokens -In the left sidebar, select Personal access tokens (or Access Tokens, depending on GitLab version).
-
Create a New Token
- Click Add new token.
- Enter a Token name.
- (Optional) Enter a description for the token.
- Set an Expiration date (tokens default to max 365 days unless configured otherwise).
-
Select Token Scopes -Choose the scopes (permissions) required for your use case. Examples include:
api: Full API accessread_user: Read user profileread_repository: Read repository contentswrite_repository: Write/push access
-
Generate and Save the Token
- Click Create personal access token.
- Copy and store the token securely—it will not be shown again after leaving the page.
-
Set the
GITLAB_TOKENenvironment variable to this value, for example:
$Env:GITHUB_TOKEN="__YOUR_GITLAB_ACCESS_TOKEN__"export GITHUB_TOKEN="__YOUR_GITLAB_ACCESS_TOKEN__"Create the configuration file using the following command:
fcli license ncd-report create-config -c GitLab-NcdReportConfig.yml -yOpen the file GitLab-NcdReportConfig.yml and specify the organizations and repositories that you want to include. See the example examples/GitLab/GitLab-NcdReportConfig.yml that filters on repositories with GitLab project topics vulnerable-sample-app.
Generate the report using the following command:
fcli license ncd-report create -c GitLab-NcdReportConfig.yml -d gitlab-ncd-report -yA number of files will be created in the gitlab-ncd-report directory - the summary contributors.csv should be used for license calculations.
You will need an Azure DevOps API Access Token, which you can create using the following instructions:
- Open User Settings
- Sign in to your Azure DevOps organization at:
https://dev.azure.com/{your_organization}. - In the upper-right corner, select your User settings menu.
- Click Personal access tokens.
- Sign in to your Azure DevOps organization at:
- Create a New Token
- Select + New Token.
- Enter a name for your token.
- Select the organization where the token will be used.
- Set an expiration date (Azure DevOps enforces expiration; defaults vary).
- Choose Scopes (Permissions)
- Select only the scopes required for your task (principle of least privilege). Examples include:
- Code – Read / Write / Manage
- Work Items – Read / Write / Manage
- Build – Read / Execute / Manage
- Release – Read / Execute / Manage
- Agent Pools – Read / Manage
- Packaging – Read / Write / Manage
- Select only the scopes required for your task (principle of least privilege). Examples include:
- Set the
AZURE_DEVOPS_TOKENenvironment variable to this value, for example:
$Env:AZURE_DEVOPS_TOKEN="__YOUR_AZURE_DEVOPS_ACCESS_TOKEN__"export AZURE_DEVOPS_TOKEN="__YOUR_AZURE_DEVOPS_ACCESS_TOKEN__"Create the configuration file using the following command:
fcli license ncd-report create-config -c ADO-NcdReportConfig.yml -yOpen the file ADO-NcdReportConfig.yml and specify the organizations and repositories that you want to include. See the example examples/ADO/ADO-NcdReportConfig.yml that filters on repositories with the keyword fortify in their description (Note: Azure Devops does not have a similar concept to GitHub/GitLab topics).
Generate the report using the following command:
fcli license ncd-report create -c ADO-NcdReportConfig.yml -d ado-ncd-report -yA number of files will be created in the ado-ncd-report directory - the summary contributors.csv should be used for license calculations.