From b3d23a45ab51d64820f41ab5d64ad9cb9f03d1ed Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Thu, 4 Jul 2019 10:17:49 +0200
Subject: [PATCH 1/5] Add auto-generated fossa-cli config file

Generated by running `fossa init`.

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .fossa.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100755 .fossa.yml

diff --git a/.fossa.yml b/.fossa.yml
new file mode 100755
index 00000000..5b391de4
--- /dev/null
+++ b/.fossa.yml
@@ -0,0 +1,14 @@
+# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
+# Visit https://fossa.com to learn more
+
+version: 2
+cli:
+  server: https://app.fossa.com
+  fetcher: custom
+  project: git@github.com:theupdateframework/tuf.git
+analyze:
+  modules:
+  - name: .
+    type: pip
+    target: .
+    path: .

From 8ec4a05d8d1895b2e7119a3c152ae4b0cd76c719 Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Thu, 4 Jul 2019 10:18:49 +0200
Subject: [PATCH 2/5] Add pip analysis strategy to fossa config file

For fossa Python project configruation see:
https://github.com/fossas/fossa-cli/blob/master/docs/integrations/python.md

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .fossa.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.fossa.yml b/.fossa.yml
index 5b391de4..ac1803ab 100755
--- a/.fossa.yml
+++ b/.fossa.yml
@@ -5,10 +5,12 @@ version: 2
 cli:
   server: https://app.fossa.com
   fetcher: custom
-  project: git@github.com:theupdateframework/tuf.git
+  project: github.com/theupdateframework/tuf
 analyze:
   modules:
-  - name: .
+  - name: tuf
     type: pip
     target: .
     path: .
+    options:
+      strategy: pip
\ No newline at end of file

From 4907e2e2c705636b45925bb3d85e2b8367a71041 Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Thu, 4 Jul 2019 10:28:00 +0200
Subject: [PATCH 3/5] Add fossa to travis config

Note that we can't keep the FOSSA_API_TOKEN secret (e.g. via
Travis encrypted or repository setting environment variables),
because those are not available for PRs from forked repository.
Therefor we use a non-confidential push only API token.

For details see https://docs.fossa.com/docs/travisci and
https://docs.fossa.com/docs/api-reference#section-push-only-api-token

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .travis.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.travis.yml b/.travis.yml
index 9649873b..9b0ad070 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,6 +2,12 @@ dist: xenial
 language: python
 cache: pip
 
+
+env:
+  global:
+    # NOTE: Public push only token (can't be used to read or edit project info)
+    - FOSSA_API_KEY=cbc317812661645ea400ab9ee6c7616a
+
 matrix:
   include:
     - python: "2.7"
@@ -16,8 +22,12 @@ matrix:
 install:
   - pip install tox coveralls
 
+before_script:
+  - "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | sudo bash"
+
 script:
   - tox
+  - fossa
 
 after_success:
   # Workaround to get coverage reports with relative paths.

From e78b98913e24bb16b5bc8fd9eda4505b240fb84b Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Thu, 4 Jul 2019 10:34:19 +0200
Subject: [PATCH 4/5] Update fossa badge in README

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f7a9eadd..122536a1 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 [![Coveralls](https://coveralls.io/repos/theupdateframework/tuf/badge.svg?branch=develop)](https://coveralls.io/r/theupdateframework/tuf?branch=develop)
 [![PyUp](https://pyup.io/repos/github/theupdateframework/tuf/shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/)
 [![Python 3](https://pyup.io/repos/github/theupdateframework/tuf/python-3-shield.svg)](https://pyup.io/repos/github/theupdateframework/tuf/)
-[![FOSSA](https://app.fossa.io/api/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield)
+[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf.svg?type=shield)](https://app.fossa.com/projects/custom%2B162%2Fgithub.com%2Ftheupdateframework%2Ftuf?ref=badge_shield)
 [![CII](https://bestpractices.coreinfrastructure.org/projects/1351/badge)](https://bestpractices.coreinfrastructure.org/projects/1351)
 
 ----------------------------

From 1c750ff125f4d879d63395e0a20ef09f5a56fe9d Mon Sep 17 00:00:00 2001
From: Lukas Puehringer <lukas.puehringer@nyu.edu>
Date: Thu, 4 Jul 2019 14:21:58 +0200
Subject: [PATCH 5/5] Switch to fossa requirements analysis strategy

Before we used pip analysis strategy, which also includes
test/build dependencies in the scan (pylint, bandit, tox, etc...).

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
---
 .fossa.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.fossa.yml b/.fossa.yml
index ac1803ab..8c861577 100755
--- a/.fossa.yml
+++ b/.fossa.yml
@@ -13,4 +13,5 @@ analyze:
     target: .
     path: .
     options:
-      strategy: pip
\ No newline at end of file
+      strategy: requirements
+      requirements: requirements.txt