From 2fc7eaee29a74c7b5ada2b8d28df30c665ad794f Mon Sep 17 00:00:00 2001 From: Boluwatife Victor <95125924+BirdboyBolu@users.noreply.github.com> Date: Fri, 31 Mar 2023 13:03:45 +0100 Subject: [PATCH 1/2] Update README.md I fixed several grammar problems, misspellings, and missing punctuation marks. For example, the word "vulnerability" was constantly misspelled as "vulneribility". Also, some project names were supposed to start with capital letters not small. I fixed all those and made some sentences clearer and easier to read. I also want to further express my interest in applying for the technical writer role via the Google Season of Docs 2023. I know NexB/AboutCode applied to be a mentoring organization and I can see that this project strongly needs a Technical writer. I more than willing to handle this for you. I already submitted my Statement of Interest as requested, I am only reiterating my interest to join NexB/AboutCode. Also, unfortunately, Google does not select AboutCode as part of the mentoring organization for #GSOD2023, I am still willing to join this organization and improve its documentation. (I am willing to WORK for Free) if NexB/AboutCode does not have the budget to hire a technical writer. Please reach out to me via: ayomide27victor@gmail.com. I look forward to hearing from you and don't hesitate to reach me if you need further clarifications concerning my STATEMENT OF INTEREST application. Cheers. --- README.md | 68 +++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/README.md b/README.md index b596fd4..4ce7a3c 100644 --- a/README.md +++ b/README.md @@ -4,20 +4,21 @@ AboutCode is a family of FOSS projects to uncover data ... about software: -- where does the code come from? which software package? -- what is its license? copyright? -- is the code vulnerable, maintained, well coded? -- what are its dependencies, are there vulneribilities/licensing issues? +- Where does the code come from? Which software package? +- What is its license? Copyright? +- Is the code vulnerable, maintained, andd well-coded? +- What are its dependencies, are there vulnerabilities/licensing issues? -All these are questions that are important to answer: there are millions -of free and open source software components available on the web for reuse. +All these are important questions to answer: millions of free and open-source +software components are available on the web for reuse. -Knowing where a software package comes from, what its license is and whether it is -vulnerable should be a problem of the past such that everyone can safely consume -more free and open source software. We support not only open source software, but -also open data, generated and curated by our applications. +Knowing where a software package comes from, its license, and whether it is +vulnerable should be a problem of the past so that everyone can safely +consume more free and open-source software. We support open-source software and +open data generated and curated by our applications. -> **_NOTE:_** This is a repository with information on aboutcode open source activities and not + +> **_NOTE:_** This repository contains information on aboutcode open source activities and not the actual code repository. See the [projects section](https://github.com/nexB/aboutcode#projects) below for links to all the code repositories of our projects with a brief overview and our [wiki](https://github.com/nexB/aboutcode/wiki) if you are looking to participate. @@ -47,54 +48,53 @@ Each AboutCode project has its own repository: - **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series - of scan-related tools in one process flow. This is the most popular project and is used by 100's of software - teams . The lead maintainer is @pombredanne + of scan-related tools in one process flow. TThis is the most popular project used by hundreds of software + teams. The lead maintainer is @pombredanne -- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based and API to run and review scans in - rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc, - to get information on licenses, copyrights, source, vulneribilities. The lead maintainer is @tdruez +- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based API to run and review scans in + rich scripted pipelines on different kinds of containers, docker images, package archives, manifests etc., + to get information on licenses, copyrights, sources, and vulnerabilities. The lead maintainer is @tdruez. - **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: is a web-based API and database to collect and track all the known software package vulnerabilities, with - affected and fixed packages, references and a standalone tool Vulntotal to compare - this vulneribility information across similar tools. This is maintained by @tg1999 and @pombredanne + affected and fixed packages, references, and a standalone tool Vulntotal to compare + this vulnerability information across similar tools. This is maintained by @tg1999 and @pombredanne. -- **[univers](https://github.com/nexB/univers)** is a package to parse and compare +- **[Univers](https://github.com/nexB/univers)** is a package to parse and compare all the package versions and all the ranges. -- **[purlDB](https://github.com/nexB/purldb)** consists of tools to create and expose +- **[PurlDB](https://github.com/nexB/purldb)** consists of tools to create and expose a database of purls (Package URLs) and also has package data for all of these - packages created from scans. This is maintained by @jyang + packages created from scans. This is maintained by @jyang. - **[FetchCode](https://github.com/nexB/fetchcode)** is a library - to reliably fetch any code via HTTP, FTP and version control systems such as git. + to reliably fetch any code via HTTP, FTP, and version control systems such as git. - **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application based on typescript and react to visualize and review scan results from scancode scans. - **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document the provenance of your code and generate attribution notices. AboutCode Toolkit uses small yaml files to - document code provenance inside a codebase. The lead maintainer is @chinyeungli + document code provenance inside a codebase. The lead maintainer is @chinyeungli. -- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure +- **[Container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure and provenance of software components in Docker images using static analysis. Maintained by @pombredanne -- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)** +- **[Python-inspector](https://github.com/nexB/python-inspector)** and **[Nuget inspector](https://github.com/nexB/nuget-inspector/)** inspects manifests and code to resolve dependencies (vulnerable and non-vulnerable) for - python and nuget packages respectively. + python and nuget packages, respectively. -- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare +- **[License-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare, and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine. See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is. See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at - https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne + https://github.com/bastikr/boolean.py. Both are co-maintained by @pombredanne. - **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the AboutCode tools can understand and use to exchange data. The details are at [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). - ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as - https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) - are also using these conventions. + ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects, such as + https://libraries.io and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit), also use these conventions. - **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your deployment or distribution packages back to their origin in a development codebase or repository. @@ -102,7 +102,7 @@ Each AboutCode project has its own repository: a build graph from syscalls to show which files are used to build a binary. We are contributors to strace. Maintained by @pombredanne -We also co-started and worked closely with other FOSS orgs and projects: +We also co-started and worked closely with other FOSS organizations and projects: - [Package URL](https://github.com/package-url): a widely used standard to reference software packages of all types with simple, readable and concise URLs. @@ -111,7 +111,7 @@ We also co-started and worked closely with other FOSS orgs and projects: - [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain - capabilities for cyber risk reduction + capabilities for cyber risk reduction. - [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing - and documentation clarity. This project is incubating with https://opensource.org + and documentation clarity. This project is incubating with https://opensource.org. From 5b9abdc63241c0a76eba4ddf38004e0887cc452c Mon Sep 17 00:00:00 2001 From: Boluwatife Victor <95125924+BirdboyBolu@users.noreply.github.com> Date: Fri, 31 Mar 2023 13:08:31 +0100 Subject: [PATCH 2/2] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4ce7a3c..38c4e3d 100644 --- a/README.md +++ b/README.md @@ -48,7 +48,7 @@ Each AboutCode project has its own repository: - **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series - of scan-related tools in one process flow. TThis is the most popular project used by hundreds of software + of scan-related tools in one process flow. This is the most popular project used by hundreds of software teams. The lead maintainer is @pombredanne - **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based API to run and review scans in