From f89816b4ee6d4264d269d2fcdc12083de0148b4c Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Thu, 26 Jun 2025 13:56:54 -0700 Subject: [PATCH 01/21] Update aboutcode-project-overview.rst Add additional project descriptions and getting started items. --- docs/source/aboutcode-project-overview.rst | 34 ++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 8db170b..8b843f3 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -11,6 +11,40 @@ The primary current AboutCode projects are: aboutcode-projects/scancode-toolkit-project aboutcode-projects/scancodeio-project + aboutcode-projects/dejacode-project + aboutcode-projects/purldb-project aboutcode-projects/scancode-workbench-project aboutcode-projects/vulnerablecode-project aboutcode-projects/aboutcode-toolkit-project + +Getting Started +--------------- + +Use AboutCode to manage and communicate license policies +-------------------------------------------------------- + getting-started/manage-license-policies + +Use AboutCode to ensure license compliance in your products +----------------------------------------------------------- + getting-started/license-compliance + +Use AboutCode to create SBOMs for your products +----------------------------------------------- + getting-started/create-sboms + +Use AboutCode to consume SBOMs from your suppliers +-------------------------------------------------- + getting-started/consume-sboms + +Use AboutCode to find security vulnerabilities in your codebase +--------------------------------------------------------------- + getting-started/find-security-vulnerabilities + +Use AboutCode to manage your security remediation tasks +------------------------------------------------------- + getting-started/security-remediation + +Use AboutCode to support CRA compliance +--------------------------------------- + getting-started/cra-compliance + From e0d08fd5eb2f5406d5c331479a94722c76b86b22 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Thu, 26 Jun 2025 13:58:50 -0700 Subject: [PATCH 02/21] Add DejaCode and PurlDB to project list --- .../aboutcode-projects/dejacode-project.rst | 31 +++++++++++++++++++ .../aboutcode-projects/purldb-project.rst | 24 ++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 docs/source/aboutcode-projects/dejacode-project.rst create mode 100644 docs/source/aboutcode-projects/purldb-project.rst diff --git a/docs/source/aboutcode-projects/dejacode-project.rst b/docs/source/aboutcode-projects/dejacode-project.rst new file mode 100644 index 0000000..acee3f7 --- /dev/null +++ b/docs/source/aboutcode-projects/dejacode-project.rst @@ -0,0 +1,31 @@ +.. _dejacode-project: + +DejaCode +======== + +`DejaCode `_: is a Cloud +application server that automates open source license compliance and ensures +software supply chain integrity. It is a comprehensive enterprise-level application, +powered by `ScanCode `_, +the industry-leading code scanner. + + - Run scans and track all the open source and third-party products and components used + in your software. + - Apply usage policies at the license or component level, and integrate into + ScanCode to ensure compliance. + - Capture software inventories (SBOMs), generate compliance artifacts, and keep + historical data. + - Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and + software systems. + - Scan a software package, simply by providing its Download URL, to get comprehensive + details of its composition and create an SBOM. + - Load software package data into DejaCode with the integration for the open source + ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM. + - Track and report vulnerability tracking and reporting by integrating with the open + source VulnerableCode project. + - Create, publish and share SBOM documents in DejaCode, including detailed attribution + documentation and custom reports in multiple file formats and standards, such as + CycloneDX and SPDX. + + - Read more at: https://dejacode.readthedocs.io + - Get the code at: https://github.com/aboutcode-org/dejacode diff --git a/docs/source/aboutcode-projects/purldb-project.rst b/docs/source/aboutcode-projects/purldb-project.rst new file mode 100644 index 0000000..b4667ee --- /dev/null +++ b/docs/source/aboutcode-projects/purldb-project.rst @@ -0,0 +1,24 @@ +.. purldb-project: + +PurlDB +====== + +`PurlDB `_: is a set of +tools to create and expose a database of purls (Package URLs). This project is +sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and +nexB for https://www.aboutcode.org/ + +The purldb tools include: + + - PackageDB that is the reference model (based on ScanCode toolkit) that contains + package data with PURL (Package URLs) being a first class citizen. + - MineCode that contains utilities to mine package repositories + - MatchCode that contains utilities to index package metadata and resources for + matching + - MatchCode.io that provides package matching functionalities for codebases + - ClearCode that contains utilities to mine Clearlydefined for package data + - purldb-toolkit CLI utility and library to use the PurlDB, its API and various + related libraries. + + - Read more at: https://purldb.readthedocs.io + - Get the code at: https://github.com/aboutcode-org/purldb From 8934cf9c806d2128637a76f7d5f9523afd06785f Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Thu, 26 Jun 2025 14:16:47 -0700 Subject: [PATCH 03/21] Create getting-started/temp.rst --- docs/source/getting-started/temp.rst | 1 + 1 file changed, 1 insertion(+) create mode 100644 docs/source/getting-started/temp.rst diff --git a/docs/source/getting-started/temp.rst b/docs/source/getting-started/temp.rst new file mode 100644 index 0000000..9c595a6 --- /dev/null +++ b/docs/source/getting-started/temp.rst @@ -0,0 +1 @@ +temp From de026802837171bedcca8701b4a9af12c42337a7 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Thu, 26 Jun 2025 14:19:31 -0700 Subject: [PATCH 04/21] Create new getting-started docs --- docs/source/getting-started/consume-sboms.rst | 13 +++++ .../source/getting-started/cra-compliance.rst | 13 +++++ docs/source/getting-started/create-sboms.rst | 13 +++++ .../find-security-vulnerabilities.rst | 14 +++++ .../getting-started/license-compliance.rst | 54 +++++++++++++++++++ .../manage-license-policies.rst | 52 ++++++++++++++++++ .../getting-started/security-remediation.rst | 13 +++++ 7 files changed, 172 insertions(+) create mode 100644 docs/source/getting-started/consume-sboms.rst create mode 100644 docs/source/getting-started/cra-compliance.rst create mode 100644 docs/source/getting-started/create-sboms.rst create mode 100644 docs/source/getting-started/find-security-vulnerabilities.rst create mode 100644 docs/source/getting-started/license-compliance.rst create mode 100644 docs/source/getting-started/manage-license-policies.rst create mode 100644 docs/source/getting-started/security-remediation.rst diff --git a/docs/source/getting-started/consume-sboms.rst b/docs/source/getting-started/consume-sboms.rst new file mode 100644 index 0000000..d7f86c0 --- /dev/null +++ b/docs/source/getting-started/consume-sboms.rst @@ -0,0 +1,13 @@ +.. _consume-sboms: + +Use AboutCode to consume SBOMs from your suppliers +================================================== + +Intro ... +**work-in-progress** + +1. Install AboutCode Projects +----------------------------- + +**work-in-progress** + diff --git a/docs/source/getting-started/cra-compliance.rst b/docs/source/getting-started/cra-compliance.rst new file mode 100644 index 0000000..91df634 --- /dev/null +++ b/docs/source/getting-started/cra-compliance.rst @@ -0,0 +1,13 @@ +.. _cra-compliance: + +Use AboutCode to support CRA compliance +======================================= + +Intro ... +**work-in-progress** + +1. Install AboutCode Projects +----------------------------- + +**work-in-progress** + diff --git a/docs/source/getting-started/create-sboms.rst b/docs/source/getting-started/create-sboms.rst new file mode 100644 index 0000000..7dc0f17 --- /dev/null +++ b/docs/source/getting-started/create-sboms.rst @@ -0,0 +1,13 @@ +.. _create-sboms: + +Use AboutCode to create SBOMs for your products +=============================================== + +Intro ... +**work-in-progress** + +1. Install AboutCode Projects +----------------------------- + +**work-in-progress** + diff --git a/docs/source/getting-started/find-security-vulnerabilities.rst b/docs/source/getting-started/find-security-vulnerabilities.rst new file mode 100644 index 0000000..2916e43 --- /dev/null +++ b/docs/source/getting-started/find-security-vulnerabilities.rst @@ -0,0 +1,14 @@ +.. _find-security-vulnerabilities: + +Use AboutCode to find security vulnerabilities +============================================== + +Intro ... +**work-in-progress** + +1. Install AboutCode Projects +----------------------------- + +**work-in-progress** + + diff --git a/docs/source/getting-started/license-compliance.rst b/docs/source/getting-started/license-compliance.rst new file mode 100644 index 0000000..43fae0a --- /dev/null +++ b/docs/source/getting-started/license-compliance.rst @@ -0,0 +1,54 @@ +.. _license-compliance: + +Use AboutCode to ensure license compliance in your products +=========================================================== + +Intro ... + +1. Install AboutCode Projects +----------------------------- + +**Install DejaCode.** + +https://dejacode.readthedocs.io/en/latest/installation.html + +**Setup your own Dataspace in DejaCode** + +https://dejacode.readthedocs.io/en/latest/dataspace.html + +Not ready to install your own instance of DejaCode? Consider taking a look at +the DejaCode public evaluation site to take a test drive, and if you have specific +requirements, you may also request a private SaaS evaluation dataspace. +See https://public.dejacode.com/account/register/ + +**Install ScanCode.io** + +https://scancodeio.readthedocs.io/en/latest/installation.html + +Configure DejaCode to integrate with ScanCode.io. See + +https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio + +**Install PurlDB** + +https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html + +Configure DejaCode to integrate with your PurlDB instance. See: + +https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb + +Not ready to install your own instance of PurlDB? You can configure DejaCode to +integrate with the public version at https://public.vulnerablecode.io/ + +2. Setup your Usage Policies +---------------------------- + +See https://aboutcode.readthedocs.io/en/latest/aboutcode-projects/manage-usage-policies.html + +3. + + + + + + diff --git a/docs/source/getting-started/manage-license-policies.rst b/docs/source/getting-started/manage-license-policies.rst new file mode 100644 index 0000000..32de0d1 --- /dev/null +++ b/docs/source/getting-started/manage-license-policies.rst @@ -0,0 +1,52 @@ +.. _manage-license-policies: + +Use AboutCode to manage and communicate license policies +======================================================== + +You can define the Usage Policy choices that may apply to various application object +types such as Licenses, Components, Subcomponent relationships, and Packages. +For each application object type, you can specify the Usage Policy label text, icon, +and icon color for each relevant policy position that you need to communicate to your +users. Examples include Recommended, Approved, Restricted, and Prohibited. + +1. Install AboutCode Projects +----------------------------- + +**Install DejaCode.** + +https://dejacode.readthedocs.io/en/latest/installation.html + +**Setup your own Dataspace in DejaCode** + +https://dejacode.readthedocs.io/en/latest/dataspace.html + +Not ready to install your own instance of DejaCode? Consider taking a look at +the DejaCode public evaluation site to take a test drive, and if you have specific +requirements, you may also request a private SaaS evaluation dataspace. +See https://public.dejacode.com/account/register/ + +2. Create Your Usage Policies +----------------------------- + +You can copy the Reference data usage policies to your dataspace for a quick start. +Modify them to fit your specific requirements. + +For details, see https://dejacode.readthedocs.io/en/latest/howto-1.html + +Assign your usage policies to licenses. For details, see +https://dejacode.readthedocs.io/en/latest/howto-1.html#assign-your-usage-policies-to-licenses + +Make your usage policies visible to DejaCode users. For details, see +https://dejacode.readthedocs.io/en/latest/howto-1.html#make-usage-policies-visible-to-your-users + +3. Export Your Usage Policies +----------------------------- + +To use your Usage Policies in **ScanCode Toolkit** and **ScanCode.io** see + +https://dejacode.readthedocs.io/en/latest/howto-1.html#export-license-policy-definitions + +https://scancode-toolkit.readthedocs.io/en/stable/cli-reference/list-options.html#all-post-scan-options + +https://scancodeio.readthedocs.io/en/latest/tutorial_license_policies.html#license-policies-and-compliance-alerts + diff --git a/docs/source/getting-started/security-remediation.rst b/docs/source/getting-started/security-remediation.rst new file mode 100644 index 0000000..7f2e8d7 --- /dev/null +++ b/docs/source/getting-started/security-remediation.rst @@ -0,0 +1,13 @@ +.. _security-remediation: + +Use AboutCode to manage security remediation tasks +================================================== + +Intro ... +**work-in-progress** + +1. Install AboutCode Projects +----------------------------- + +**work-in-progress** + From 1aa4111ce65df7834d09ad8f8387acbbbee64210 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:00:45 -0700 Subject: [PATCH 05/21] Issue #27 Improve Getting Started docs --- docs/source/aboutcode-project-overview.rst | 23 +++------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 8b843f3..14267c4 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -20,31 +20,14 @@ The primary current AboutCode projects are: Getting Started --------------- -Use AboutCode to manage and communicate license policies --------------------------------------------------------- - getting-started/manage-license-policies +.. toctree:: + :maxdepth: 2 -Use AboutCode to ensure license compliance in your products ------------------------------------------------------------ - getting-started/license-compliance + getting-started/manage-license-policies -Use AboutCode to create SBOMs for your products ------------------------------------------------ getting-started/create-sboms -Use AboutCode to consume SBOMs from your suppliers --------------------------------------------------- getting-started/consume-sboms -Use AboutCode to find security vulnerabilities in your codebase ---------------------------------------------------------------- - getting-started/find-security-vulnerabilities - -Use AboutCode to manage your security remediation tasks -------------------------------------------------------- - getting-started/security-remediation - -Use AboutCode to support CRA compliance ---------------------------------------- getting-started/cra-compliance From d711bbe2fe7ee06279aeb3e317606cfccc070a59 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:02:24 -0700 Subject: [PATCH 06/21] Issue #27 Improve Getting Started docs --- docs/source/getting-started/consume-sboms.rst | 90 ++++++++++++++++++- 1 file changed, 87 insertions(+), 3 deletions(-) diff --git a/docs/source/getting-started/consume-sboms.rst b/docs/source/getting-started/consume-sboms.rst index d7f86c0..b3eabac 100644 --- a/docs/source/getting-started/consume-sboms.rst +++ b/docs/source/getting-started/consume-sboms.rst @@ -3,11 +3,95 @@ Use AboutCode to consume SBOMs from your suppliers ================================================== -Intro ... -**work-in-progress** +You can use **ScanCode.io** to consume SBOMs from your suppliers. ScanCode.io will +identify all the licenses associated with your codebase resources, highlighting the ones +that need attention based on your policies. ScanCode.io also identifies and highlights +software vulnerabilities. + +You can also use **DejaCode** to consume SBOMs from your suppliers, generally in the +context of an SBOM that you intend to use in one of your own products. 1. Install AboutCode Projects ----------------------------- -**work-in-progress** +**Install DejaCode.** + +https://dejacode.readthedocs.io/en/latest/installation.html + +**Setup your own Dataspace in DejaCode** + +https://dejacode.readthedocs.io/en/latest/dataspace.html + +.. note:: + Not ready to install your own instance of DejaCode? Consider taking a look at + the DejaCode public evaluation site to take a test drive, and if you have specific + requirements, you may also request a private SaaS evaluation dataspace. + See https://public.dejacode.com/account/register/ + +**Install ScanCode.io** + +https://scancodeio.readthedocs.io/en/latest/installation.html + +Configure DejaCode to integrate with ScanCode.io. See + +https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio + +**Install PurlDB** + +https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html + +Configure DejaCode to integrate with your PurlDB instance. See: + +https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb + +.. note:: + Not ready to install your own instance of PurlDB? You can configure DejaCode to + integrate with the public version at https://public.purldb.io/ + +**Install VulnerableCode** + +https://vulnerablecode.readthedocs.io/en/latest/installation.html#installation + +Configure Dejacode to integrate with your Vulnerablecode instance. + +https://dejacode.readthedocs.io/en/latest/dataspace.html#enable-vulnerablecodedb-service + +.. note:: + Not ready to install your own instance of VulnerableCode? You can configure DejaCode + to integrate with the public version at https://public.vulnerablecode.io/ + + +2. Load Package Data from SBOMs to ScanCode.io +---------------------------------------------- + +Create a new Project in ScanCode.io . + +https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project + +Load package data from one or more SBOMs to your Project using the load_sbom Pipeline. + +https://scancodeio.readthedocs.io/en/latest/built-in-pipelines.html#load-sbom + +Review the details in your ScanCode.io project. + +Export the results in the appropriate format to share with your team. + +https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files + + +3. Import SBOM data to a DejaCode Product +----------------------------------------- + +Create a new Product in DejaCode for comprehensive analysis and action. + +https://dejacode.readthedocs.io/en/latest/tutorial-1.html + +Load an SBOM to your Dejacode Product. + +https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#load-an-sbom-to-your-product + +Review and edit your Product in DejaCode. Enrich the data as needed. + +Generate Attribution and SBOMs from DejaCode Products. +https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#tutorial-5-working-with-sboms-in-a-product From a5dd80ee858a9e4011f77424b6abfaee4f783f44 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:03:46 -0700 Subject: [PATCH 07/21] Issue #27 Improve Getting Started docs --- docs/source/getting-started/cra-compliance.rst | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/source/getting-started/cra-compliance.rst b/docs/source/getting-started/cra-compliance.rst index 91df634..4d44eb0 100644 --- a/docs/source/getting-started/cra-compliance.rst +++ b/docs/source/getting-started/cra-compliance.rst @@ -3,11 +3,9 @@ Use AboutCode to support CRA compliance ======================================= -Intro ... -**work-in-progress** +The AboutCode stack provides you with the tools you need to support CRA Compliance +activities, including code scanning and analysis, license identification, vulnerability +management, and SBOM generation. -1. Install AboutCode Projects ------------------------------ - -**work-in-progress** +https://dejacode.readthedocs.io/en/latest/reference-3-cravex.html From db142b8869e54a4513e15d857d1b7fb324f5f1f9 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:04:55 -0700 Subject: [PATCH 08/21] Issue #27 Improve Getting Started docs --- docs/source/getting-started/create-sboms.rst | 82 +++++++++++++++++++- 1 file changed, 79 insertions(+), 3 deletions(-) diff --git a/docs/source/getting-started/create-sboms.rst b/docs/source/getting-started/create-sboms.rst index 7dc0f17..b0ea8a6 100644 --- a/docs/source/getting-started/create-sboms.rst +++ b/docs/source/getting-started/create-sboms.rst @@ -3,11 +3,87 @@ Use AboutCode to create SBOMs for your products =============================================== -Intro ... -**work-in-progress** +You can use **ScanCode.io** to create SBOMs for your products. ScanCode.io will +identify all the licenses associated with your codebase resources, highlighting the ones +that need attention based on your policies. You can also use ScanCode.io to identify +software vulnerabilities. + +You can also use **DejaCode** to create SBOMs for your products. Dejacode will enable +you to review your product inventories, assert license conclusions, and record your +analysis and actions related to any licenses that require attention. You can also +record your analysis and actions related to any software vulnerabilities that you +have discovered. 1. Install AboutCode Projects ----------------------------- -**work-in-progress** +**Install DejaCode.** + +https://dejacode.readthedocs.io/en/latest/installation.html + +**Setup your own Dataspace in DejaCode** + +https://dejacode.readthedocs.io/en/latest/dataspace.html + +.. note:: + Not ready to install your own instance of DejaCode? Consider taking a look at + the DejaCode public evaluation site to take a test drive, and if you have specific + requirements, you may also request a private SaaS evaluation dataspace. + See https://public.dejacode.com/account/register/ + +**Install ScanCode.io** + +https://scancodeio.readthedocs.io/en/latest/installation.html + +Configure DejaCode to integrate with ScanCode.io. See + +https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio + +**Install PurlDB** + +https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html + +Configure DejaCode to integrate with your PurlDB instance. See: + +https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb + +.. note:: + Not ready to install your own instance of PurlDB? You can configure DejaCode to + integrate with the public version at https://public.purldb.io/ + +**Install VulnerableCode** + +https://vulnerablecode.readthedocs.io/en/latest/installation.html#installation + +Configure Dejacode to integrate with your Vulnerablecode instance. + +https://dejacode.readthedocs.io/en/latest/dataspace.html#enable-vulnerablecodedb-service + +.. note:: + Not ready to install your own instance of VulnerableCode? You can configure DejaCode + to integrate with the public version at https://public.vulnerablecode.io/ + + +2. Scan your codebases using ScanCode.io +---------------------------------------- + +Create new Projects in ScanCode.io to scan your codebases. + +https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project + +Export the results in the appropriate format to share with your team. + +https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files + + +3. Import scan results to DejaCode products +------------------------------------------- + +Create new Products in DejaCode for comprehensive analysis and action. + +https://dejacode.readthedocs.io/en/latest/tutorial-1.html + +Generate Attribution and SBOMs from DejaCode Products. + +https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#tutorial-5-working-with-sboms-in-a-product From d2c0064a07a190274d59172c106600d6fb88c7df Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:07:58 -0700 Subject: [PATCH 09/21] Issue #27 Improve Getting Started docs --- .../getting-started/manage-license-policies.rst | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/docs/source/getting-started/manage-license-policies.rst b/docs/source/getting-started/manage-license-policies.rst index 32de0d1..eac3f82 100644 --- a/docs/source/getting-started/manage-license-policies.rst +++ b/docs/source/getting-started/manage-license-policies.rst @@ -20,10 +20,11 @@ https://dejacode.readthedocs.io/en/latest/installation.html https://dejacode.readthedocs.io/en/latest/dataspace.html -Not ready to install your own instance of DejaCode? Consider taking a look at -the DejaCode public evaluation site to take a test drive, and if you have specific -requirements, you may also request a private SaaS evaluation dataspace. -See https://public.dejacode.com/account/register/ +.. note:: + Not ready to install your own instance of DejaCode? Consider taking a look at + the DejaCode public evaluation site to take a test drive, and if you have specific + requirements, you may also request a private SaaS evaluation dataspace. + See https://public.dejacode.com/account/register/ 2. Create Your Usage Policies ----------------------------- @@ -42,11 +43,17 @@ https://dejacode.readthedocs.io/en/latest/howto-1.html#make-usage-policies-visib 3. Export Your Usage Policies ----------------------------- -To use your Usage Policies in **ScanCode Toolkit** and **ScanCode.io** see +You can export your DejaCode Usage Policies to a file that can be used in other +applications. https://dejacode.readthedocs.io/en/latest/howto-1.html#export-license-policy-definitions +You can use your Usage Policies in **ScanCode Toolkit** with the "--license-policy" +Post-Scan option + https://scancode-toolkit.readthedocs.io/en/stable/cli-reference/list-options.html#all-post-scan-options +You can use your Usage Policies in **ScanCode.io** with a "policies.yml" file + https://scancodeio.readthedocs.io/en/latest/tutorial_license_policies.html#license-policies-and-compliance-alerts From bf95d8008d3559bf687659f889365e475ec273bd Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:09:28 -0700 Subject: [PATCH 10/21] Issue #27 this file deprecated --- .../find-security-vulnerabilities.rst | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/docs/source/getting-started/find-security-vulnerabilities.rst b/docs/source/getting-started/find-security-vulnerabilities.rst index 2916e43..9f8d550 100644 --- a/docs/source/getting-started/find-security-vulnerabilities.rst +++ b/docs/source/getting-started/find-security-vulnerabilities.rst @@ -1,14 +1 @@ -.. _find-security-vulnerabilities: - -Use AboutCode to find security vulnerabilities -============================================== - -Intro ... -**work-in-progress** - -1. Install AboutCode Projects ------------------------------ - -**work-in-progress** - - +deprecated From 130403eb64d5c284d36059541a96a16281a3db1e Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:10:49 -0700 Subject: [PATCH 11/21] Issue #27 this file deprecated --- .../getting-started/license-compliance.rst | 55 +------------------ 1 file changed, 1 insertion(+), 54 deletions(-) diff --git a/docs/source/getting-started/license-compliance.rst b/docs/source/getting-started/license-compliance.rst index 43fae0a..9f8d550 100644 --- a/docs/source/getting-started/license-compliance.rst +++ b/docs/source/getting-started/license-compliance.rst @@ -1,54 +1 @@ -.. _license-compliance: - -Use AboutCode to ensure license compliance in your products -=========================================================== - -Intro ... - -1. Install AboutCode Projects ------------------------------ - -**Install DejaCode.** - -https://dejacode.readthedocs.io/en/latest/installation.html - -**Setup your own Dataspace in DejaCode** - -https://dejacode.readthedocs.io/en/latest/dataspace.html - -Not ready to install your own instance of DejaCode? Consider taking a look at -the DejaCode public evaluation site to take a test drive, and if you have specific -requirements, you may also request a private SaaS evaluation dataspace. -See https://public.dejacode.com/account/register/ - -**Install ScanCode.io** - -https://scancodeio.readthedocs.io/en/latest/installation.html - -Configure DejaCode to integrate with ScanCode.io. See - -https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio - -**Install PurlDB** - -https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/getting-started/install.html - -Configure DejaCode to integrate with your PurlDB instance. See: - -https://dejacode.readthedocs.io/en/latest/application-settings.html#purldb - -Not ready to install your own instance of PurlDB? You can configure DejaCode to -integrate with the public version at https://public.vulnerablecode.io/ - -2. Setup your Usage Policies ----------------------------- - -See https://aboutcode.readthedocs.io/en/latest/aboutcode-projects/manage-usage-policies.html - -3. - - - - - - +deprecated From 4d08023a8d14b70d93a2c4a3509dcbb745a3b84f Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:11:32 -0700 Subject: [PATCH 12/21] Issue #27 this file deprecated --- .../getting-started/security-remediation.rst | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/docs/source/getting-started/security-remediation.rst b/docs/source/getting-started/security-remediation.rst index 7f2e8d7..9f8d550 100644 --- a/docs/source/getting-started/security-remediation.rst +++ b/docs/source/getting-started/security-remediation.rst @@ -1,13 +1 @@ -.. _security-remediation: - -Use AboutCode to manage security remediation tasks -================================================== - -Intro ... -**work-in-progress** - -1. Install AboutCode Projects ------------------------------ - -**work-in-progress** - +deprecated From a1b8731ca915dcef5b985ec4ab9f7b5476becb3d Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 12:12:08 -0700 Subject: [PATCH 13/21] Issue #27 this file deprecated --- docs/source/getting-started/temp.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/source/getting-started/temp.rst b/docs/source/getting-started/temp.rst index 9c595a6..9f8d550 100644 --- a/docs/source/getting-started/temp.rst +++ b/docs/source/getting-started/temp.rst @@ -1 +1 @@ -temp +deprecated From 141fb9259945783a508632803a327450a4af3502 Mon Sep 17 00:00:00 2001 From: Dennis Clark Date: Mon, 30 Jun 2025 15:57:55 -0700 Subject: [PATCH 14/21] Issue #27 Refinements to Getting Started docs --- docs/source/getting-started/create-sboms.rst | 41 ++++++++++++-------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/docs/source/getting-started/create-sboms.rst b/docs/source/getting-started/create-sboms.rst index b0ea8a6..2bbb23e 100644 --- a/docs/source/getting-started/create-sboms.rst +++ b/docs/source/getting-started/create-sboms.rst @@ -2,17 +2,18 @@ Use AboutCode to create SBOMs for your products =============================================== - -You can use **ScanCode.io** to create SBOMs for your products. ScanCode.io will -identify all the licenses associated with your codebase resources, highlighting the ones -that need attention based on your policies. You can also use ScanCode.io to identify -software vulnerabilities. - -You can also use **DejaCode** to create SBOMs for your products. Dejacode will enable -you to review your product inventories, assert license conclusions, and record your -analysis and actions related to any licenses that require attention. You can also -record your analysis and actions related to any software vulnerabilities that you -have discovered. +You can use **ScanCode.io** to create an SBOM from a scanned package, codebase or +product. ScanCode.io will identify all the licenses associated with the scanned object, +highlighting the licenses that need attention based on your policies. You can also use +ScanCode.io to identify software vulnerabilities. With its library of standard and +custom pipelines, ScanCode.io performs a deep and comprehensive scanning to meet your +analysis requirements. + +If you need to edit the results of a scan, **Dejacode** will enable you to import those +results into a product, review your product inventories, assert license conclusions, +and record your analysis and actions related to any licenses that require attention. +You can also record your analysis and actions related to any software vulnerabilities +that have been discovered. You can then use DejaCode to create SBOMs for your products. 1. Install AboutCode Projects ----------------------------- @@ -64,14 +65,17 @@ https://dejacode.readthedocs.io/en/latest/dataspace.html#enable-vulnerablecodedb to integrate with the public version at https://public.vulnerablecode.io/ -2. Scan your codebases using ScanCode.io ----------------------------------------- +2. Scan software using ScanCode.io +---------------------------------- -Create new Projects in ScanCode.io to scan your codebases. +Create new Projects in ScanCode.io to scan packages, codebases, or products. You can +also load inventories (scan results) created by ScanCode-Toolkit. You can specify +the exact pipelines to use for particular platforms and technologies. https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project -Export the results in the appropriate format to share with your team. +Export the scan results in the appropriate format to share with your team. ScanCode.io +will report details of the identified packages if you choose to export SBOMs. https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files @@ -79,11 +83,14 @@ https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files 3. Import scan results to DejaCode products ------------------------------------------- -Create new Products in DejaCode for comprehensive analysis and action. +Create new Products in DejaCode for comprehensive analysis and action. DejaCode allows +you and your team members to edit a Product inventory as needed to assert license +choices and conclusions, and to document your vulnerability status. https://dejacode.readthedocs.io/en/latest/tutorial-1.html -Generate Attribution and SBOMs from DejaCode Products. +Generate Attribution and SBOMs from DejaCode Products. You can generate SBOMs in both +SPDX and CycloneDX (inlucing VEX) formats. https://dejacode.readthedocs.io/en/latest/tutorial-5-sboms.html#tutorial-5-working-with-sboms-in-a-product From 99fd1fb201363ddf36b2e4f2fe2be29e5da37a14 Mon Sep 17 00:00:00 2001 From: DennisClark Date: Tue, 1 Jul 2025 10:53:54 -0700 Subject: [PATCH 15/21] Issue #27 remove unused files --- docs/source/getting-started/find-security-vulnerabilities.rst | 1 - docs/source/getting-started/license-compliance.rst | 1 - docs/source/getting-started/security-remediation.rst | 1 - docs/source/getting-started/temp.rst | 1 - 4 files changed, 4 deletions(-) delete mode 100644 docs/source/getting-started/find-security-vulnerabilities.rst delete mode 100644 docs/source/getting-started/license-compliance.rst delete mode 100644 docs/source/getting-started/security-remediation.rst delete mode 100644 docs/source/getting-started/temp.rst diff --git a/docs/source/getting-started/find-security-vulnerabilities.rst b/docs/source/getting-started/find-security-vulnerabilities.rst deleted file mode 100644 index 9f8d550..0000000 --- a/docs/source/getting-started/find-security-vulnerabilities.rst +++ /dev/null @@ -1 +0,0 @@ -deprecated diff --git a/docs/source/getting-started/license-compliance.rst b/docs/source/getting-started/license-compliance.rst deleted file mode 100644 index 9f8d550..0000000 --- a/docs/source/getting-started/license-compliance.rst +++ /dev/null @@ -1 +0,0 @@ -deprecated diff --git a/docs/source/getting-started/security-remediation.rst b/docs/source/getting-started/security-remediation.rst deleted file mode 100644 index 9f8d550..0000000 --- a/docs/source/getting-started/security-remediation.rst +++ /dev/null @@ -1 +0,0 @@ -deprecated diff --git a/docs/source/getting-started/temp.rst b/docs/source/getting-started/temp.rst deleted file mode 100644 index 9f8d550..0000000 --- a/docs/source/getting-started/temp.rst +++ /dev/null @@ -1 +0,0 @@ -deprecated From 950f67b747e98f730b2466d1587c950c5107097c Mon Sep 17 00:00:00 2001 From: DennisClark Date: Tue, 1 Jul 2025 11:04:07 -0700 Subject: [PATCH 16/21] Issue #27 minor improvement to text --- docs/source/getting-started/consume-sboms.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/source/getting-started/consume-sboms.rst b/docs/source/getting-started/consume-sboms.rst index b3eabac..65f1406 100644 --- a/docs/source/getting-started/consume-sboms.rst +++ b/docs/source/getting-started/consume-sboms.rst @@ -14,6 +14,10 @@ context of an SBOM that you intend to use in one of your own products. 1. Install AboutCode Projects ----------------------------- +**Install ScanCode.io** + +https://scancodeio.readthedocs.io/en/latest/installation.html + **Install DejaCode.** https://dejacode.readthedocs.io/en/latest/installation.html @@ -28,10 +32,6 @@ https://dejacode.readthedocs.io/en/latest/dataspace.html requirements, you may also request a private SaaS evaluation dataspace. See https://public.dejacode.com/account/register/ -**Install ScanCode.io** - -https://scancodeio.readthedocs.io/en/latest/installation.html - Configure DejaCode to integrate with ScanCode.io. See https://dejacode.readthedocs.io/en/latest/application-settings.html#scancodeio From d28ae46ff4df24dc2a53d40a1eddd05af9815939 Mon Sep 17 00:00:00 2001 From: DennisClark Date: Tue, 1 Jul 2025 11:46:15 -0700 Subject: [PATCH 17/21] Issue #27 some reorganizing of the project list --- docs/source/aboutcode-project-overview.rst | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 14267c4..6838124 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -4,17 +4,25 @@ AboutCode Project Overview ========================== -The primary current AboutCode projects are: +Primary AboutCode Projects +-------------------------- .. toctree:: :maxdepth: 2 - aboutcode-projects/scancode-toolkit-project aboutcode-projects/scancodeio-project - aboutcode-projects/dejacode-project + aboutcode-projects/vulnerablecode-project aboutcode-projects/purldb-project + aboutcode-projects/scancode-toolkit-project aboutcode-projects/scancode-workbench-project - aboutcode-projects/vulnerablecode-project + aboutcode-projects/dejacode-project + +Supporting AboutCode Projects +----------------------------- + +.. toctree:: + :maxdepth: 2 + aboutcode-projects/aboutcode-toolkit-project Getting Started From 3392ba3b4fecf09cf0317618b10d1331ea136c30 Mon Sep 17 00:00:00 2001 From: DennisClark Date: Tue, 1 Jul 2025 12:17:45 -0700 Subject: [PATCH 18/21] Issue #27 Correct formatting problems in two docs --- .../aboutcode-projects/dejacode-project.rst | 40 ++++++++++--------- .../aboutcode-projects/purldb-project.rst | 20 +++++----- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/docs/source/aboutcode-projects/dejacode-project.rst b/docs/source/aboutcode-projects/dejacode-project.rst index acee3f7..1f93b49 100644 --- a/docs/source/aboutcode-projects/dejacode-project.rst +++ b/docs/source/aboutcode-projects/dejacode-project.rst @@ -9,23 +9,25 @@ software supply chain integrity. It is a comprehensive enterprise-level applicat powered by `ScanCode `_, the industry-leading code scanner. - - Run scans and track all the open source and third-party products and components used - in your software. - - Apply usage policies at the license or component level, and integrate into - ScanCode to ensure compliance. - - Capture software inventories (SBOMs), generate compliance artifacts, and keep - historical data. - - Ensure FOSS compliance with enterprise-grade features and integrations for DevOps and - software systems. - - Scan a software package, simply by providing its Download URL, to get comprehensive - details of its composition and create an SBOM. - - Load software package data into DejaCode with the integration for the open source - ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM. - - Track and report vulnerability tracking and reporting by integrating with the open - source VulnerableCode project. - - Create, publish and share SBOM documents in DejaCode, including detailed attribution - documentation and custom reports in multiple file formats and standards, such as - CycloneDX and SPDX. +* Run scans and track all the open source and third-party products and + components used in your software. +* Apply usage policies at the license or component level, + integrate into ScanCode to ensure compliance. +* Capture software inventories (SBOMs), generate compliance artifacts, and keep + historical data. +* Ensure FOSS compliance with enterprise-grade features and integrations for DevOps + and software systems. +* Scan a software package, simply by providing its Download URL, to get comprehensive + details of its composition and create an SBOM. +* Load software package data into DejaCode with the integration for the open source + ScanCode.io and ScanCode Toolkit projects to create a product’s SBOM. +* Track and report vulnerability tracking and reporting by integrating with the open + source VulnerableCode project. +* Create, publish and share SBOM documents in DejaCode, including detailed attribution + documentation and custom reports in multiple file formats and standards, such as + CycloneDX and SPDX. + +Read more at: https://dejacode.readthedocs.io + +Get the code at: https://github.com/aboutcode-org/dejacode - - Read more at: https://dejacode.readthedocs.io - - Get the code at: https://github.com/aboutcode-org/dejacode diff --git a/docs/source/aboutcode-projects/purldb-project.rst b/docs/source/aboutcode-projects/purldb-project.rst index b4667ee..7a238a9 100644 --- a/docs/source/aboutcode-projects/purldb-project.rst +++ b/docs/source/aboutcode-projects/purldb-project.rst @@ -8,17 +8,19 @@ tools to create and expose a database of purls (Package URLs). This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ and nexB for https://www.aboutcode.org/ -The purldb tools include: +The PurlDB tools include: - - PackageDB that is the reference model (based on ScanCode toolkit) that contains +* PackageDB that is the reference model (based on ScanCode toolkit) that contains package data with PURL (Package URLs) being a first class citizen. - - MineCode that contains utilities to mine package repositories - - MatchCode that contains utilities to index package metadata and resources for +* MineCode that contains utilities to mine package repositories +* MatchCode that contains utilities to index package metadata and resources for matching - - MatchCode.io that provides package matching functionalities for codebases - - ClearCode that contains utilities to mine Clearlydefined for package data - - purldb-toolkit CLI utility and library to use the PurlDB, its API and various +* MatchCode.io that provides package matching functionalities for codebases +* ClearCode that contains utilities to mine Clearlydefined for package data +* purldb-toolkit CLI utility and library to use the PurlDB, its API and various related libraries. - - Read more at: https://purldb.readthedocs.io - - Get the code at: https://github.com/aboutcode-org/purldb +Read more at: https://purldb.readthedocs.io + +Get the code at: https://github.com/aboutcode-org/purldb + From faf767bb5cd41f57aa08e34762d7b43d6b9de6e6 Mon Sep 17 00:00:00 2001 From: DennisClark Date: Wed, 2 Jul 2025 15:04:27 -0700 Subject: [PATCH 19/21] Issue #27 Introduce start-scanning-code and additional projects --- docs/source/aboutcode-project-overview.rst | 4 ++ .../license-expression-project.rst | 11 +++++ .../scancode-action-project.rst | 10 ++++ .../getting-started/start-scanning-code.rst | 46 +++++++++++++++++++ 4 files changed, 71 insertions(+) create mode 100644 docs/source/aboutcode-projects/license-expression-project.rst create mode 100644 docs/source/aboutcode-projects/scancode-action-project.rst create mode 100644 docs/source/getting-started/start-scanning-code.rst diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 6838124..64bdd63 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -23,6 +23,8 @@ Supporting AboutCode Projects .. toctree:: :maxdepth: 2 + aboutcode-projects/license-expression-project + aboutcode-projects/scancode-action-project aboutcode-projects/aboutcode-toolkit-project Getting Started @@ -31,6 +33,8 @@ Getting Started .. toctree:: :maxdepth: 2 + getting-started/start-scanning-code + getting-started/manage-license-policies getting-started/create-sboms diff --git a/docs/source/aboutcode-projects/license-expression-project.rst b/docs/source/aboutcode-projects/license-expression-project.rst new file mode 100644 index 0000000..4431bb6 --- /dev/null +++ b/docs/source/aboutcode-projects/license-expression-project.rst @@ -0,0 +1,11 @@ +.. _license-expression-project: + +license-expression +================== + +`license-expression `_: is a +comprehensive utility library to parse, compare, simplify and normalize license +expressions (such as SPDX license expressions) using boolean logic. + + - Read more at: https://github.com/aboutcode-org/license-expression + - Get the code at: https://github.com/aboutcode-org/license-expression/releases diff --git a/docs/source/aboutcode-projects/scancode-action-project.rst b/docs/source/aboutcode-projects/scancode-action-project.rst new file mode 100644 index 0000000..8f0ed5e --- /dev/null +++ b/docs/source/aboutcode-projects/scancode-action-project.rst @@ -0,0 +1,10 @@ +.. _scancode-action-project: + +scancode-action +=============== + +`scancode-action `_: enables +you to run ScanCode.io pipelines from your workflows. + + - Read more at: https://github.com/aboutcode-org/scancode-action + - Get the code at: https://github.com/aboutcode-org/scancode-action/releases diff --git a/docs/source/getting-started/start-scanning-code.rst b/docs/source/getting-started/start-scanning-code.rst new file mode 100644 index 0000000..8513607 --- /dev/null +++ b/docs/source/getting-started/start-scanning-code.rst @@ -0,0 +1,46 @@ +.. _start-scanning-code: + +Use AboutCode to Start Scanning Code +==================================== +You can use **ScanCode.io** to identify all the licenses associated with a package, +codebase, or container. ScanCode.io will also identify software vulnerabilities. With its +library of standard and custom pipelines, ScanCode.io performs deep and comprehensive +scanning to meet your analysis requirements. + +1. Install ScanCode.io +---------------------- + +**Install ScanCode.io** + +https://scancodeio.readthedocs.io/en/latest/installation.html + +Configure ScanCode.io to identify software vulnerabilities. + +https://scancodeio.readthedocs.io/en/latest/tutorial_vulnerablecode_integration.html#configure-vulnerablecode-integration + + +2. Scan Software Using ScanCode.io +---------------------------------- + +Create a new Project in ScanCode.io to scan a Docker image. + +https://scancodeio.readthedocs.io/en/latest/tutorial_web_ui_analyze_docker_image.html + +You now know how to use the **analyze_docker_image** pipeline! + +3. Review Scan Results Using ScanCode.io +---------------------------------------- + +https://scancodeio.readthedocs.io/en/latest/tutorial_web_ui_review_scan_results.html + +4. Analyze a Codebase from the Command Line +------------------------------------------- + +Thinking about integrating ScanCode.io into your build system? You can scan a +codebase from the command line. + +https://scancodeio.readthedocs.io/en/latest/tutorial_cli_analyze_codebase.html + +You now know how to use the **scan_codebase** pipeline, and you are ready to explore +the many other features of ScanCode.io! + From add5569a2792b3e2cd2d7a3bffbf6eaa5146674e Mon Sep 17 00:00:00 2001 From: DennisClark Date: Mon, 7 Jul 2025 13:06:29 -0700 Subject: [PATCH 20/21] Issue #27 respond to suggestions in PR #202 --- docs/source/aboutcode-projects/dejacode-project.rst | 2 +- docs/source/getting-started/consume-sboms.rst | 3 ++- docs/source/getting-started/create-sboms.rst | 3 ++- docs/source/getting-started/manage-license-policies.rst | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/source/aboutcode-projects/dejacode-project.rst b/docs/source/aboutcode-projects/dejacode-project.rst index 1f93b49..8cf2f70 100644 --- a/docs/source/aboutcode-projects/dejacode-project.rst +++ b/docs/source/aboutcode-projects/dejacode-project.rst @@ -6,7 +6,7 @@ DejaCode `DejaCode `_: is a Cloud application server that automates open source license compliance and ensures software supply chain integrity. It is a comprehensive enterprise-level application, -powered by `ScanCode `_, +powered by `ScanCode `_, the industry-leading code scanner. * Run scans and track all the open source and third-party products and diff --git a/docs/source/getting-started/consume-sboms.rst b/docs/source/getting-started/consume-sboms.rst index 65f1406..d58a2b3 100644 --- a/docs/source/getting-started/consume-sboms.rst +++ b/docs/source/getting-started/consume-sboms.rst @@ -74,7 +74,8 @@ https://scancodeio.readthedocs.io/en/latest/built-in-pipelines.html#load-sbom Review the details in your ScanCode.io project. -Export the results in the appropriate format to share with your team. +Export the results in the appropriate format to share with your team, such as CycloneDX +and SPDX SBOMs. https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files diff --git a/docs/source/getting-started/create-sboms.rst b/docs/source/getting-started/create-sboms.rst index 2bbb23e..460a925 100644 --- a/docs/source/getting-started/create-sboms.rst +++ b/docs/source/getting-started/create-sboms.rst @@ -75,7 +75,8 @@ the exact pipelines to use for particular platforms and technologies. https://scancodeio.readthedocs.io/en/latest/user-interface.html#creating-a-new-project Export the scan results in the appropriate format to share with your team. ScanCode.io -will report details of the identified packages if you choose to export SBOMs. +will report details of the identified packages if you choose to export CycloneDX +and SPDX SBOMs. https://scancodeio.readthedocs.io/en/latest/output-files.html#output-files diff --git a/docs/source/getting-started/manage-license-policies.rst b/docs/source/getting-started/manage-license-policies.rst index eac3f82..1e42b7e 100644 --- a/docs/source/getting-started/manage-license-policies.rst +++ b/docs/source/getting-started/manage-license-policies.rst @@ -48,7 +48,7 @@ applications. https://dejacode.readthedocs.io/en/latest/howto-1.html#export-license-policy-definitions -You can use your Usage Policies in **ScanCode Toolkit** with the "--license-policy" +You can use your Usage Policies in **ScanCode-Toolkit** with the "--license-policy" Post-Scan option https://scancode-toolkit.readthedocs.io/en/stable/cli-reference/list-options.html#all-post-scan-options From 13262f8d183da37d0a157d3d08d3b34e9d2bc979 Mon Sep 17 00:00:00 2001 From: DennisClark Date: Mon, 7 Jul 2025 14:05:04 -0700 Subject: [PATCH 21/21] Issue #27. Identify additional supporting AboutCode projects. --- docs/source/aboutcode-project-overview.rst | 3 +++ .../python-inspector-project.rst | 27 +++++++++++++++++++ .../scancode-licensedb-project.rst | 27 +++++++++++++++++++ .../source-inspector-project.rst | 11 ++++++++ 4 files changed, 68 insertions(+) create mode 100644 docs/source/aboutcode-projects/python-inspector-project.rst create mode 100644 docs/source/aboutcode-projects/scancode-licensedb-project.rst create mode 100644 docs/source/aboutcode-projects/source-inspector-project.rst diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 64bdd63..f3da184 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -24,6 +24,9 @@ Supporting AboutCode Projects :maxdepth: 2 aboutcode-projects/license-expression-project + aboutcode-projects/scancode-licensedb-project + aboutcode-projects/source-inspector-project + aboutcode-projects/python-inspector-project aboutcode-projects/scancode-action-project aboutcode-projects/aboutcode-toolkit-project diff --git a/docs/source/aboutcode-projects/python-inspector-project.rst b/docs/source/aboutcode-projects/python-inspector-project.rst new file mode 100644 index 0000000..af4e574 --- /dev/null +++ b/docs/source/aboutcode-projects/python-inspector-project.rst @@ -0,0 +1,27 @@ +.. _python-inspector-project: + +python-inspector +================ + +`python-inspector `_: +is a collection of utilities to: + +- resolve PyPI packages dependencies + +- parse various requirements.txt files and setup.py files as input + for resolving dependencies. + +- parse various manifests and packages files such as + Pipfile, pyproject.toml, poetry.lock and setup.cfg and legacy and + current metadata file formats for eggs, wheels and sdist. These + have not been wired with the command line yet. + +- query PyPI JSON and simple APIs for package information + +It grew out of ScanCode-Toolkit to find and analyze PyPI archives and +installed Python packages and their files. + +The goal of python-inspector is to be a comprehensive library +that can handle every style of Python package layouts, manifests and lockfiles. + + - Get the code at: https://github.com/aboutcode-org/python-inspector diff --git a/docs/source/aboutcode-projects/scancode-licensedb-project.rst b/docs/source/aboutcode-projects/scancode-licensedb-project.rst new file mode 100644 index 0000000..c64962c --- /dev/null +++ b/docs/source/aboutcode-projects/scancode-licensedb-project.rst @@ -0,0 +1,27 @@ +.. _scancode-licensedb-project: + +ScanCode LicenseDB +================== + +`ScanCode LicenseDB `_: +is a large free and open database of software licenses, in particular open-source +software licenses, with over 2300 curated licenses texts and their metadata. + +LicenseDB is built from the ScanCode Toolkit license dataset. ScanCode Toolkit +is a leading open source code scanner and license detection engine. + +LicenseDB is an essential reference license resource for license compliance and +SBOMs. LicenseDB includes all the SPDX and OSI licenses together with an extended +curated collection of other licenses and license metadata. These licenses are +carefully reviewed and curated and continuously updated by an open community of +contributors. + +LicenseDB is available as a web site at: https://scancode-licensedb.aboutcode.org/ +You can search the licenses by name, key and other attributes. The web site is updated +daily by a GitHub action with updates from scancode-toolkit develop. + +LicenseDB is also available as a JSON or YAML API and a git repository +making it easy to reuse and integrate in tools that need a database of reference +software licenses. + + - Get the code at: https://github.com/aboutcode-org/scancode-licensedb diff --git a/docs/source/aboutcode-projects/source-inspector-project.rst b/docs/source/aboutcode-projects/source-inspector-project.rst new file mode 100644 index 0000000..55d9dea --- /dev/null +++ b/docs/source/aboutcode-projects/source-inspector-project.rst @@ -0,0 +1,11 @@ +.. _source-inspector-project: + +source-inspector +================ + +`source-inspector `_: +is a collection of utilities to inspect and analyze source code and collect interesting +data using various tools such as code symbols, strings and comments. +This is also a ScanCode-Toolkit plugin. + + - Get the code at: https://github.com/aboutcode-org/source-inspector