fossology
diff --git a/‎docs/2024/ci-scanner/index.md
Lines changed: 34 additions & 5 deletions b/‎docs/2024/ci-scanner/index.md
Lines changed: 34 additions & 5 deletions
diff --git a/‎docs/2024/ci-scanner/updates/2023-05-30.md
Lines changed: 0 additions & 25 deletions b/‎docs/2024/ci-scanner/updates/2023-05-30.md
Lines changed: 0 additions & 25 deletions
diff --git a/‎docs/2024/ci-scanner/updates/2024-05-07.md
Lines changed: 80 additions & 0 deletions b/‎docs/2024/ci-scanner/updates/2024-05-07.md
Lines changed: 80 additions & 0 deletions
diff --git a/‎docs/2024/ci-scanner/updates/2024-06-06.md
Lines changed: 43 additions & 0 deletions b/‎docs/2024/ci-scanner/updates/2024-06-06.md
Lines changed: 43 additions & 0 deletions
diff --git a/‎docs/2024/ci-scanner/updates/2024-06-13.md
Lines changed: 41 additions & 0 deletions b/‎docs/2024/ci-scanner/updates/2024-06-13.md
Lines changed: 41 additions & 0 deletions
diff --git a/‎docs/2024/index.md
Lines changed: 2 additions & 0 deletions b/‎docs/2024/index.md
Lines changed: 2 additions & 0 deletions
@@ -6,7 +6,7 @@ slug: /2024/ci-scanner/
 <!--
 SPDX-License-Identifier: CC-BY-SA-4.0
 
-SPDX-FileCopyrightText: 2024 Rajul Jha <email.here>
+SPDX-FileCopyrightText: 2024 Rajul Jha <rajuljha49@gmail.com>
 -->
 
 ## Author
@@ -15,17 +15,46 @@ SPDX-FileCopyrightText: 2024 Rajul Jha <email.here>
 
 ## Contact info
 
-- [Email](mailto:email.here)
-- [LinkedIn](https://linkedin.com/in/my-user)
+- [Email](mailto:rajuljha49@gmail.com)
+- [LinkedIn](https://linkedin.com/in/rajuljha)
 
 ## Project title
 
 CI Scanner Improvements
 
 ## What's the project about?
 
-Insert Text Here
+To be able to easily and continuously scan packages with 
+fossology checks in CI pipelines, a docker image [fossology/fossology:scanner](https://hub.docker.com/layers/fossology/fossology/scanner/images/sha256-a625b1b10832b98d47429387c18b4fb042f7b09f912b50da14da61fddb11a2ff?context=explore) capable of running license checks (using nomos or ojo) and keyword and copyright scans is available. 
+
+The main aims of this projects is to improve the CI pipeline with various quality of life improvements like:
+- Highlight the exact location of violations in the results.
+- Enable customization of keywords used by the scanner.
+- Allow whitelisting from a custom location.
+- Provide the ability to download and scan dependencies.
+
 
 ## What should be done?
 
-What are the plans for the project?
+### Reporting line numbers for violations
+- For calculating the previous and new line number from the diff scan output, an algorithm has to be made. 
+- The line number start byte and end byte information is spit out by all scanners except nomos in json output. That has to be fixed.
+- Add the line number calculated to the finding log information as well as write it in results file.
+
+### Keyword scanning using custom keyword.conf
+- Currently, the keyword scanner uses a predefined set of keywords stored at `/usr/local/share/fossology/keyword/agent/keyword.conf.`
+- To support this, we also need to document the regex-like format used for specifying these keywords.
+- Decision to be made : Should custom `keyword.conf` overwrite the previous one? 
+
+### Providing allowlist.json from a different path
+- Currently, the `allowlist.json` is located at the root of the project.
+- We want to allow users to optionally specify a different path, using a CLI argument, like --allowlist
+
+### Allow users to download and scan dependencies
+- Currently, the project only scans the source code of the project either in repo/diff manner.
+- We additionally want to allow the functionality to scan and dependencies of the project.
+
+#### Steps to achieve this:
+    - With the [CycloneDX](https://cyclonedx.org/tool-center/) tool center, we can generate SBOM which contains the dependency download url.
+    - The SBOM format specifies the package URL (purl) for each dependency. 
+    - Using the [python-packageurl](https://github.com/package-url/packageurl-python#purl-to-url) tool, we can extract the download url from the purl for this purpose.
@@ -0,0 +1,80 @@
+---
+title: Community bonding
+author: Rajul Jha
+---
+<!--
+SPDX-License-Identifier: CC-BY-SA-4.0
+
+SPDX-FileCopyrightText: 2024 Rajul Jha <rajuljha49gmail.com>
+-->
+
+### Meeting 1
+
+*(May 7, 2024)*
+
+### Discussion:
+- Could not attend due to family emergency.
+
+
+# Community Bonding Week 1
+
+*(May 9, 2024 - May 15, 2024)*
+
+### Meeting 2
+
+*(May 9, 2024)*
+
+### Discussion:
+- I gave my introduction in the meeting.
+- Got to know my mentors and colleagues.
+
+### Work Done:
+- Tried to setup the coding environment.
+- Set up a Virtual Machine because fossology does not work on Mac.:pensive:
+- Faced challenges installing some python packages which were not available for aarch64 architecture.
+Worked around the issue by commenting [this out](https://github.com/fossology/fossology/blob/6e6b00c2ded6a1db7647d0da9e97c78ed9ffddf8/install/fo-postinstall.in#L261-L263).
+
+# Community Bonding Week 2
+
+*(May 16, 2024 - May 23, 2024)*
+
+### Meeting 3
+
+*(May 16, 2024)*
+
+### Discussion:
+- Contributors shared their weekly updates.
+- Discussed and decided time for weekly project specific meetings.
+- Mentors talked about the importance of open communication in open source.
+
+### Work Done:
+- Played around with fossology and scanned a few repositories.
+- Tried to understand how scanners work internally.
+- Talked with other contributors about the project.
+
+# Community Bonding Week 3
+
+*(May 23, 2024 - May 30, 2024)*
+
+### Meeting 4
+
+*(May 23, 2024)*
+
+### Discussion:
+- Had final discussions on projects.
+- Finalized any changes to the project milestones.
+
+### Work Done:
+- Tried building the fossology scanner image locally.
+- Played around a while with the image, trying to understand what it does.
+- Faced an issue of UI freezing in the VM. Solved it by using [SSH Remote Tunneling](https://code.visualstudio.com/docs/remote/ssh)
+- Started to theorize how the line number algorithm would work.
+
+
+### Meeting 5
+*(May 30, 2024)*
+- Discussed the project updates from the mentors and contributors.
+- Got clear understanding of how to document our progress during the whole program.
+- Had discussions with the mentors about how to approach the algorithm for line numbers.
+
+***This summarizes my community bonding period at Fossology***
@@ -0,0 +1,43 @@
+---
+title: Week 1
+author: Rajul Jha
+---
+<!--
+SPDX-License-Identifier: CC-BY-SA-4.0
+
+SPDX-FileCopyrightText: 2024 Rajul Jha <rajuljha49gmail.com>
+-->
+
+# Week 1
+*(May 31, 2024 - June 6, 2024)*
+
+## Meeting 1
+*(June 5, 2024)*
+
+## Attendees
+* [Rajul Jha](https://github.com/rajuljha)
+* [Gaurav](https://github.com/GMishx)
+* [Kaushlendra](https://github.com/Kaushl2208)
+* [Shaheem Azmal](https://github.com/shaheemazmalmmd)
+* [Avinal Kumar](https://github.com/avinal)
+* Katharina
+
+## Discussions
+
+* Discussed [unified diff](https://www.gnu.org/software/diffutils/manual/html_node/Example-Unified.html) format to populate the data fetched from the Github and Gitlab API's
+* We also discussed after extraction of the content in unified diff format, how will we extract the line number from it.
+* We discussed potential risks that we had to keep in mind before approaching this:
+  * The scanner results should give required info for searching line number.
+  * The scanner results should not be affected by this.
+
+
+## Updates
+* Came across [this thread](https://stackoverflow.com/questions/24455377/git-diff-with-line-numbers-git-log-with-line-numbers) on stackoverflow. Used this gawk command as a reference and wrote a python script to convert the api content into unified diff format.
+* Create a new class `FormatResult` to handle all the formatting of the results and diff content.
+* Also, created a function to extract the line number from the formatted diff content.
+* Tested both the scripts extensively and all cover potential edge cases.
+
+## Planning for next week
+* Use the script on the diff content and try to find the line number for copyright and keyword scanners.
+* Add relevant byte info to the JSON output of nomos scanner.
+* Figure out what to do for repo scans.
@@ -0,0 +1,41 @@
+---
+title: Week 2
+author: Rajul Jha
+---
+<!--
+SPDX-License-Identifier: CC-BY-SA-4.0
+
+SPDX-FileCopyrightText: 2024 Rajul Jha <rajuljha49gmail.com>
+-->
+
+# Week 2
+*(June 6, 2024 - June 13, 2024)*
+
+## Meeting 1
+*(June 12, 2024)*
+
+## Attendees
+* [Rajul Jha](https://github.com/rajuljha)
+* [Gaurav](https://github.com/GMishx)
+* [Kaushlendra](https://github.com/Kaushl2208)
+* [Shaheem Azmal](https://github.com/shaheemazmalmmd)
+
+## Discussions
+
+* Mentors reviewed my PR's and gave me feedback like changes regarding squashing commits into one.
+* There was a discussion regarding the copyright and keyword scanners breaking because of new formatting since they are regex based. I tested the code and it was working without any descrepencies.
+* Mentors gave me pointers for adding byte info to nomos, which I was unable to figure out before.
+* I also found a bug in `SpdxReport` where it breaks when an unknown license reference is found by the scanner. I had a discussion with the mentors regarding solving it.
+
+## Updates
+* Completed the Format Results functionality for the copyright and keyword scanners. :grin:
+  * Add the line numbers to the STDOUT, text_report and bom report function.
+  * Sent out a [PR(#2754)](https://github.com/fossology/fossology/pull/2754) with the given changes.
+* Add the line numbers for repo scans also in a seperate [PR(#2756)](https://github.com/fossology/fossology/pull/2756)
+
+## Planning for next week
+* Add line numbers for the remaining nomos and ojo scanners which requires:
+  * Adding relevant byte info to the JSON output of nomos scanner.
+* Solve the bug found in `SpdxReport`.
+* Upgrade the spdx_tools library to latest version.
+* Try to figure out a method of providing custom keyword scanning by providing a path to a custom `keyword.conf` file by the user.
@@ -54,6 +54,7 @@ More info to come here.
 | General Meeting     | *Thursday* 13:30 - 14:30 UTC  | [Jitsi](https://meet.jit.si/moderated/5a655b3b6f3b4f83cddb13b93ac5408d6de48bf4ce1049f4128aa1c885478d48) | [.ics](/ics/gsoc_2024_weekly.ics)    |
 | -                   | -                             | -                                                                                                       | -                                    |
 | SPDX Related        | *Tuesday* 10:30 - 11:20 UTC   | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6)   | [.ics](/ics/gsoc_2024_spdx.ics)      |
+| REST API            | *Tuesday* 11:00 - 11:50 UTC   | [Jitsi](https://moderated.jitsi.net/d623bb1284a54c83958eff31d2ecce9ed6b894312eda4ed9b400d5963f4e18b6)   | [.ics](/ics/gsoc_2024_rest.ics)      |
 | CI Scanner          | *Wednesday* 10:30 - 11:00 UTC | [Jitsi](https://moderated.jitsi.net/39896aad61bc4a27b9418ee6b78689348c65790e889046069dbe9c8c34110c9a)   | [.ics](/ics/gsoc_2024_ci.ics)        |
 | Scheduler Overhaul  | *Friday* 10:30 - 11:00 UTC    | [Jitsi](https://moderated.jitsi.net/5444f675f5ce47c788fa4238a6a958c53d3e62804e9243d5b807fbaa81f3120f)   | [.ics](/ics/gsoc_2024_scheduler.ics) |
 | AI Powered Scanners | *Thursday* 10:30 - 11:20 UTC  | [Jitsi](https://moderated.jitsi.net/15ee0bf46cb345e4accc817ed2967b55db216bf57c894c30bd1550ecf3ec3ace)   | [.ics](/ics/gsoc_2024_ai.ics)        |
@@ -62,3 +63,4 @@ More info to come here.
 Photos to come soon.
 
 Thanks for being part of the community. 💚
+