Skip to content

Commit 7593420

Browse files
Merge pull request #123 from nexB/update-readme
Update README.md
2 parents bdec5b2 + 60caf71 commit 7593420

File tree

2 files changed

+75
-31
lines changed

2 files changed

+75
-31
lines changed

README.md

Lines changed: 74 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,25 @@
22

33
### What is AboutCode?
44

5-
AboutCode is a suite of tools to uncover data ... about software:
5+
AboutCode is a family of FOSS projects to uncover data ... about software:
66

7-
- Where does it come from?
8-
- What is its license?
9-
- Is it secure, maintained, well coded?
7+
- where does the code come from? which software package?
8+
- what is its license? copyright?
9+
- is the code vulnerable, maintained, well coded?
10+
- what are its dependencies, are there vulneribilities/licensing issues?
1011

11-
These are important questions when there are millions of free and open source software components and packages available on the web.
12+
All these are questions that are important to answer: there are millions
13+
of free and open source software components available on the web for reuse.
14+
15+
Knowing where a software package comes from, what its license is and whether it is
16+
vulnerable should be a problem of the past such that everyone can safely consume
17+
more free and open source software. We support not only open source software, but
18+
also open data, generated and curated by our applications.
19+
20+
> **_NOTE:_** This is a repository with information on aboutcode open source activities and not
21+
the actual code repository. See the [projects section](https://github.com/nexB/aboutcode#projects)
22+
below for links to all the code repositories of our projects with a brief overview and our
23+
[wiki](https://github.com/nexB/aboutcode/wiki) if you are looking to participate.
1224

1325
### Documentation Build Status
1426

@@ -20,15 +32,9 @@ Our homepage is at http://aboutcode.org
2032

2133
Our documentation (in progress) is at https://aboutcode.readthedocs.io/en/latest/
2234

23-
AboutCode Documentation Group Email Addresses:
24-
25-
- Join: https://groups.io/g/AboutCode/join
26-
- Post: AboutCode@groups.io
27-
- Subscribe: AboutCode+subscribe@groups.io
28-
- Unsubscribe: AboutCode+unsubscribe@groups.io
29-
- Group Owner: AboutCode+owner@groups.io
30-
31-
If you want to get in touch with the team with issues other than documentation, head to the gitter channel [here](https://gitter.im/aboutcode-org/discuss).
35+
Join the chat online at [app.gitter.im : aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im)
36+
or if you're using the element app set the homeserver to `gitter.im` and then join the [aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im)
37+
chatroom. Introduce yourself and start the discussion!
3238

3339
Look at our [wiki](https://github.com/nexB/aboutcode/wiki) for information about our participation
3440
in the GSoC and GSoD programs.
@@ -39,35 +45,73 @@ We have a weekly meeting, see more details [here](https://github.com/nexB/aboutc
3945

4046
Each AboutCode project has its own repository:
4147

42-
- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series of scan-related tools in one process flow. This is the most popular project and is used by 100's of software teams . The lead maintainer is @pombredanne
48+
- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect
49+
the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series
50+
of scan-related tools in one process flow. This is the most popular project and is used by 100's of software
51+
teams . The lead maintainer is @pombredanne
4352

44-
- **[Scancode.io](https://github.com/nexB/scancode.io)**: a web-based and
45-
API to run and review scans in rich scripted ScanPipe pipelines.
53+
- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based and API to run and review scans in
54+
rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc,
55+
to get information on licenses, copyrights, source, vulneribilities. The lead maintainer is @tdruez
4656

47-
- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: an emerging server-side application to collect and track known package vulnerabilities.
57+
- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: is a web-based API and
58+
database to collect and track all the known software package vulnerabilities, with
59+
affected and fixed packages, references and a standalone tool Vulntotal to compare
60+
this vulneribility information across similar tools. This is maintained by @tg1999 and @pombredanne
4861

49-
- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application (based on Electron) to review the results of a scan and document your conclusions about the origin and license of software components and packages.
62+
- **[univers](https://github.com/nexB/univers)** is a package to parse and compare
63+
all the package versions and all the ranges.
5064

51-
- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document the provenance of your code and generate attribution notices. AboutCode Toolkit uses small yaml files to document code provenance inside a codebase. The lead maintainer is @chinyeungli
65+
- **[purlDB](https://github.com/nexB/purldb)** consists of tools to create and expose
66+
a database of purls (Package URLs) and also has package data for all of these
67+
packages created from scans. This is maintained by @jyang
5268

53-
- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your deployment or distribution packages back to their origin in a development codebase or repository. The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct a build graph from syscalls to show which files are used to build a binary. We are contributors to strace. Maintained by @pombredanne
69+
- **[FetchCode](https://github.com/nexB/fetchcode)** is a library
70+
to reliably fetch any code via HTTP, FTP and version control systems such as git.
5471

55-
- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure and provenance of software components in Docker images using static analysis. Maintained by @pombredanne
72+
- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application
73+
based on typescript and react to visualize and review scan results from scancode scans.
5674

57-
- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine. See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is. See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne
75+
- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document
76+
the provenance of your code and generate attribution notices. AboutCode Toolkit uses small yaml files to
77+
document code provenance inside a codebase. The lead maintainer is @chinyeungli
5878

59-
- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the AboutCode tools can understand and use to exchange data. The details are at [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) are also using these conventions.
79+
- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure
80+
and provenance of software components in Docker images using static analysis. Maintained by @pombredanne
6081

61-
- **[DeltaCode](https://github.com/nexB/deltacode)**: a command line tool to compare scans and determine if and where there are material
62-
differences that affect licensing.
82+
- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)**
83+
inspects manifests and code to resolve dependencies (vulnerable and non-vulnerable) for
84+
python and nuget packages respectively.
6385

86+
- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare
87+
and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine.
88+
See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is.
89+
See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at
90+
https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne
91+
92+
- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the
93+
AboutCode tools can understand and use to exchange data. The details are at
94+
[AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html).
95+
ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as
96+
https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit)
97+
are also using these conventions.
98+
99+
- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your
100+
deployment or distribution packages back to their origin in a development codebase or repository.
101+
The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct
102+
a build graph from syscalls to show which files are used to build a binary. We are contributors to strace.
103+
Maintained by @pombredanne
64104

65105
We also co-started and worked closely with other FOSS orgs and projects:
66106

67-
- [Package URL](https://github.com/package-url): an emerging standard to reference software packages of all types with simple, readable and
68-
concise URLs.
107+
- [Package URL](https://github.com/package-url): a widely used standard to reference software packages of all types with simple,
108+
readable and concise URLs.
69109

70110
- [SPDX](http://SPDX.org): aka. Software Package Data Exchange, a spec to document the origin and licensing of packages.
71111

72-
- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing and documentation clarity. This project is incubating
73-
with https://opensource.org
112+
- [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack
113+
Bill of Materials (BOM) standard that provides advanced supply chain
114+
capabilities for cyber risk reduction
115+
116+
- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing
117+
and documentation clarity. This project is incubating with https://opensource.org

setup.cfg

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ zip_safe = false
3131

3232
setup_requires = setuptools_scm[toml] >= 4
3333

34-
python_requires = >=3.6.*
34+
python_requires = >=3.7
3535

3636
install_requires =
3737

0 commit comments

Comments
 (0)