From f2bf3268f2432be3778ea4026990a74f9b8c76d4 Mon Sep 17 00:00:00 2001 From: Tether <47709623+tarunsankhla@users.noreply.github.com> Date: Mon, 1 Apr 2024 19:25:36 -0400 Subject: [PATCH] Update README.md --- README.md | 115 ++++++++++++++++-------------------------------------- 1 file changed, 34 insertions(+), 81 deletions(-) diff --git a/README.md b/README.md index b596fd4..0462cce 100644 --- a/README.md +++ b/README.md @@ -2,25 +2,16 @@ ### What is AboutCode? -AboutCode is a family of FOSS projects to uncover data ... about software: +AboutCode encompasses a family of FOSS (Free and Open Source Software) projects aimed at revealing crucial data about software. These projects address essential questions such as: -- where does the code come from? which software package? -- what is its license? copyright? -- is the code vulnerable, maintained, well coded? -- what are its dependencies, are there vulneribilities/licensing issues? +- Where does the code originate from? Which software package does it belong to? +- What is its license and copyright status? +- Is the code vulnerable, actively maintained, and well-written? +- What are its dependencies, and are there any vulnerabilities or licensing issues associated with them? -All these are questions that are important to answer: there are millions -of free and open source software components available on the web for reuse. +Answering these questions is paramount, given the abundance of free and open-source software components available for reuse on the web. By providing insights into a software package's origin, license, vulnerability status, and other critical information, AboutCode strives to make consuming free and open-source software safer and more accessible. It not only supports open-source software but also advocates for open data, which is generated and curated by its applications. -Knowing where a software package comes from, what its license is and whether it is -vulnerable should be a problem of the past such that everyone can safely consume -more free and open source software. We support not only open source software, but -also open data, generated and curated by our applications. - -> **_NOTE:_** This is a repository with information on aboutcode open source activities and not - the actual code repository. See the [projects section](https://github.com/nexB/aboutcode#projects) - below for links to all the code repositories of our projects with a brief overview and our - [wiki](https://github.com/nexB/aboutcode/wiki) if you are looking to participate. +> **_NOTE:_** This repository contains information about AboutCode's open-source activities, not the actual code repository. Refer to the [Projects section](https://github.com/nexB/aboutcode#projects) below for links to all the code repositories of our projects, along with brief overviews. For participation guidelines, please visit our [wiki](https://github.com/nexB/aboutcode/wiki). ### Documentation Build Status @@ -28,90 +19,52 @@ also open data, generated and curated by our applications. ### Important Links -Our homepage is at http://aboutcode.org - -Our documentation (in progress) is at https://aboutcode.readthedocs.io/en/latest/ - -Join the chat online at [app.gitter.im : aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im) -or if you're using the element app set the homeserver to `gitter.im` and then join the [aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im) -chatroom. Introduce yourself and start the discussion! - -Look at our [wiki](https://github.com/nexB/aboutcode/wiki) for information about our participation -in the GSoC and GSoD programs. - -We have a weekly meeting, see more details [here](https://github.com/nexB/aboutcode/wiki/MeetingMinutes). +- Homepage: [AboutCode](http://aboutcode.org) +- Documentation (work in progress): [AboutCode Documentation](https://aboutcode.readthedocs.io/en/latest/) +- Chat Online: + - [Gitter: aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im) + - [Matrix: aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im) +- [Wiki](https://github.com/nexB/aboutcode/wiki) for information about our participation in the GSoC (Google Summer of Code) and GSoD (Google Season of Docs) programs. +- [Weekly Meetings Details](https://github.com/nexB/aboutcode/wiki/MeetingMinutes) ### Projects Each AboutCode project has its own repository: -- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect - the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series - of scan-related tools in one process flow. This is the most popular project and is used by 100's of software - teams . The lead maintainer is @pombredanne +- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: A set of code scanning tools to detect the origin and license of code and dependencies. ScanCode now utilizes a plugin architecture to run various scan-related tools in one process flow. This project is widely used by hundreds of software teams. The lead maintainer is @pombredanne. + +- **[Scancode.io](https://github.com/nexB/scancode.io)**: A web-based and API platform for running and reviewing scans in rich scripted pipelines. It can scan different kinds of containers, Docker images, package archives, manifests, etc., to gather information on licenses, copyrights, source, and vulnerabilities. The lead maintainer is @tdruez. -- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based and API to run and review scans in - rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc, - to get information on licenses, copyrights, source, vulneribilities. The lead maintainer is @tdruez +- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: A web-based API and database for collecting and tracking known software package vulnerabilities. It includes information about affected and fixed packages, references, and a standalone tool called Vulntotal to compare vulnerability information across similar tools. This project is maintained by @tg1999 and @pombredanne. -- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: is a web-based API and - database to collect and track all the known software package vulnerabilities, with - affected and fixed packages, references and a standalone tool Vulntotal to compare - this vulneribility information across similar tools. This is maintained by @tg1999 and @pombredanne +- **[univers](https://github.com/nexB/univers)**: A package for parsing and comparing all package versions and ranges. -- **[univers](https://github.com/nexB/univers)** is a package to parse and compare - all the package versions and all the ranges. +- **[purlDB](https://github.com/nexB/purldb)**: Consists of tools for creating and exposing a database of Purls (Package URLs). It also includes package data created from scans. Maintained by @jyang. -- **[purlDB](https://github.com/nexB/purldb)** consists of tools to create and expose - a database of purls (Package URLs) and also has package data for all of these - packages created from scans. This is maintained by @jyang +- **[FetchCode](https://github.com/nexB/fetchcode)**: A library for reliably fetching code via HTTP, FTP, and version control systems such as Git. -- **[FetchCode](https://github.com/nexB/fetchcode)** is a library - to reliably fetch any code via HTTP, FTP and version control systems such as git. +- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: A desktop application based on TypeScript and React for visualizing and reviewing scan results from Scancode scans. -- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application - based on typescript and react to visualize and review scan results from scancode scans. +- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: A set of command-line tools for documenting the provenance of code and generating attribution notices. It uses small YAML files to document code provenance within a codebase. The lead maintainer is @chinyeungli. -- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document - the provenance of your code and generate attribution notices. AboutCode Toolkit uses small yaml files to - document code provenance inside a codebase. The lead maintainer is @chinyeungli +- **[container-inspector](https://github.com/nexB/container-inspector)**: A tool for analyzing the structure and provenance of software components in Docker images using static analysis. Maintained by @pombredanne. -- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure - and provenance of software components in Docker images using static analysis. Maintained by @pombredanne +- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)**: These tools inspect manifests and code to resolve dependencies (vulnerable and non-vulnerable) for Python and NuGet packages, respectively. -- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)** - inspects manifests and code to resolve dependencies (vulnerable and non-vulnerable) for - python and nuget packages respectively. +- **[license-expression](https://github.com/nexB/license-expression/)**: A library for parsing, analyzing, comparing, and normalizing SPDX and SPDX-like license expressions using a boolean logic expression engine. The underlying boolean engine is live at [boolean.py](https://github.com/bastikr/boolean.py). Co-maintained by @pombredanne. -- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare - and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine. - See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is. - See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at - https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne +- **ABCD (AboutCode Data)**: A simple set of conventions to define data structures that all AboutCode tools can understand and use to exchange data. Visit the [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html) page for details. Other projects, such as [libraries.io](https://libraries.io) and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit), also use these conventions. -- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the - AboutCode tools can understand and use to exchange data. The details are at - [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). - ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as - https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) - are also using these conventions. +- **[TraceCode Toolkit](https://github.com/n -- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your - deployment or distribution packages back to their origin in a development codebase or repository. - The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct - a build graph from syscalls to show which files are used to build a binary. We are contributors to strace. - Maintained by @pombredanne +exB/tracecode-toolkit)**: A set of tools to trace files from your deployment or distribution packages back to their origin in a development codebase or repository. The primary tool utilizes strace to trace system calls on Linux and construct a build graph from syscalls to show which files are used to build a binary. The project is maintained by @pombredanne. -We also co-started and worked closely with other FOSS orgs and projects: +We also collaborate closely with other FOSS organizations and projects: -- [Package URL](https://github.com/package-url): a widely used standard to reference software packages of all types with simple, - readable and concise URLs. +- [Package URL](https://github.com/package-url): A widely used standard to reference software packages of all types with simple, readable, and concise URLs. -- [SPDX](http://SPDX.org): aka. Software Package Data Exchange, a spec to document the origin and licensing of packages. +- [SPDX](http://SPDX.org): Software Package Data Exchange, a spec for documenting the origin and licensing of packages. -- [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack - Bill of Materials (BOM) standard that provides advanced supply chain - capabilities for cyber risk reduction +- [CycloneDX](https://cyclonedx.org): OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. -- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing - and documentation clarity. This project is incubating with https://opensource.org +- [ClearlyDefined](https://ClearlyDefined.io): A project to review and help FOSS projects improve their licensing and documentation clarity. This project is incubating with [opensource.org](https://opensource.org).