diff --git a/.github/config.yml b/.github/config.yml index 368a4ef..4013ab2 100644 --- a/.github/config.yml +++ b/.github/config.yml @@ -4,20 +4,19 @@ # Comment to be posted to on first time issues newIssueWelcomeComment: | - Thanks for opening your first issue! 👍🎉😄⚡️ - Do join our [Gitter channel](https://gitter.im/aboutcode-org/gsod-season-of-docs) for more discussions. + Thanks for opening your first issue! 👍🎉😄⚡️ + Do join our [Gitter channel](https://gitter.im/aboutcode-org/gsod-season-of-docs) for more discussions. # Configuration for new-pr-welcome - https://github.com/behaviorbot/new-pr-welcome - # Comment to be posted to on PRs from first time contributors in your repository newPRWelcomeComment: | - Thanks for opening this pull request! 👍🎉😄⚡️ - Also please refer [Contributing related documentation](https://aboutcode.readthedocs.io/en/latest/doc_maintenance.html) for more help! 💿 - + Thanks for opening this pull request! 👍🎉😄⚡️ + Also please refer [Contributing related documentation](https://aboutcode.readthedocs.io/en/latest/doc_maintenance.html) for more help! 💿 + # Configuration for first-pr-merge - https://github.com/behaviorbot/first-pr-merge # Comment to be posted to on pull requests merged by a first time user firstPRMergeComment: | - Congrats on merging your first pull request! 👍🎉😄⚡️ - Now that you've completed this, you can help on more [Issues](https://github.com/nexB/aboutcode/issues) + Congrats on merging your first pull request! 👍🎉😄⚡️ + Now that you've completed this, you can help on more [Issues](https://github.com/aboutcode-org/aboutcode/issues) # It is recommend to include as many gifs and emojis as possible diff --git a/NOTICE b/NOTICE index 65936b2..acc8555 100644 --- a/NOTICE +++ b/NOTICE @@ -1,19 +1,37 @@ # + # Copyright (c) nexB Inc. and others. + # SPDX-License-Identifier: Apache-2.0 + # -# Visit https://aboutcode.org and https://github.com/nexB/ for support and download. + +# Visit https://aboutcode.org and https://github.com/aboutcode-org/ for support and download. + # ScanCode is a trademark of nexB Inc. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # -# http://www.apache.org/licenses/LICENSE-2.0 + +# http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + # diff --git a/README.md b/README.md index b596fd4..0b578d9 100644 --- a/README.md +++ b/README.md @@ -4,114 +4,141 @@ AboutCode is a family of FOSS projects to uncover data ... about software: -- where does the code come from? which software package? -- what is its license? copyright? -- is the code vulnerable, maintained, well coded? -- what are its dependencies, are there vulneribilities/licensing issues? - -All these are questions that are important to answer: there are millions -of free and open source software components available on the web for reuse. - -Knowing where a software package comes from, what its license is and whether it is -vulnerable should be a problem of the past such that everyone can safely consume -more free and open source software. We support not only open source software, but -also open data, generated and curated by our applications. - -> **_NOTE:_** This is a repository with information on aboutcode open source activities and not - the actual code repository. See the [projects section](https://github.com/nexB/aboutcode#projects) - below for links to all the code repositories of our projects with a brief overview and our - [wiki](https://github.com/nexB/aboutcode/wiki) if you are looking to participate. +- where does the code come from? which software package? +- what is its license? copyright? +- is the code vulnerable, maintained, well coded? +- what are its dependencies, are there vulneribilities/licensing issues? + +All these are questions that are important to answer: there are millions of free +and open source software components available on the web for reuse. + +Knowing where a software package comes from, what its license is and whether it +is vulnerable should be a problem of the past such that everyone can safely +consume more free and open source software. We support not only open source +software, but also open data, generated and curated by our applications. + +> **_NOTE:_** This is a repository with information on aboutcode open source +> activities and not the actual code repository. See the +> [projects section](https://github.com/aboutcode-org/aboutcode#projects) below +> for links to all the code repositories of our projects with a brief overview +> and our [wiki](https://github.com/aboutcode-org/aboutcode/wiki) if you are +> looking to participate. ### Documentation Build Status -![Doc Build](https://github.com/nexB/aboutcode/actions/workflows/docs-ci.yml/badge.svg) +![Doc Build](https://github.com/aboutcode-org/aboutcode/actions/workflows/docs-ci.yml/badge.svg) -### Important Links +### Important Links Our homepage is at http://aboutcode.org -Our documentation (in progress) is at https://aboutcode.readthedocs.io/en/latest/ +Our documentation (in progress) is at +https://aboutcode.readthedocs.io/en/latest/ -Join the chat online at [app.gitter.im : aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im) -or if you're using the element app set the homeserver to `gitter.im` and then join the [aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im) +Join the chat online at +[app.gitter.im : aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im) +or if you're using the element app set the homeserver to `gitter.im` and then +join the +[aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im) chatroom. Introduce yourself and start the discussion! -Look at our [wiki](https://github.com/nexB/aboutcode/wiki) for information about our participation -in the GSoC and GSoD programs. +Look at our [wiki](https://github.com/aboutcode-org/aboutcode/wiki) for +information about our participation in the GSoC and GSoD programs. -We have a weekly meeting, see more details [here](https://github.com/nexB/aboutcode/wiki/MeetingMinutes). +We have a weekly meeting, see more details +[here](https://github.com/aboutcode-org/aboutcode/wiki/MeetingMinutes). ### Projects Each AboutCode project has its own repository: -- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect - the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series - of scan-related tools in one process flow. This is the most popular project and is used by 100's of software - teams . The lead maintainer is @pombredanne - -- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based and API to run and review scans in - rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc, - to get information on licenses, copyrights, source, vulneribilities. The lead maintainer is @tdruez - -- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: is a web-based API and - database to collect and track all the known software package vulnerabilities, with - affected and fixed packages, references and a standalone tool Vulntotal to compare - this vulneribility information across similar tools. This is maintained by @tg1999 and @pombredanne - -- **[univers](https://github.com/nexB/univers)** is a package to parse and compare - all the package versions and all the ranges. - -- **[purlDB](https://github.com/nexB/purldb)** consists of tools to create and expose - a database of purls (Package URLs) and also has package data for all of these - packages created from scans. This is maintained by @jyang - -- **[FetchCode](https://github.com/nexB/fetchcode)** is a library - to reliably fetch any code via HTTP, FTP and version control systems such as git. - -- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application - based on typescript and react to visualize and review scan results from scancode scans. - -- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document - the provenance of your code and generate attribution notices. AboutCode Toolkit uses small yaml files to - document code provenance inside a codebase. The lead maintainer is @chinyeungli - -- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure - and provenance of software components in Docker images using static analysis. Maintained by @pombredanne - -- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)** - inspects manifests and code to resolve dependencies (vulnerable and non-vulnerable) for - python and nuget packages respectively. - -- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare - and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine. - See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is. - See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at - https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne - -- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the - AboutCode tools can understand and use to exchange data. The details are at - [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). - ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as - https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) - are also using these conventions. - -- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your - deployment or distribution packages back to their origin in a development codebase or repository. - The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct - a build graph from syscalls to show which files are used to build a binary. We are contributors to strace. - Maintained by @pombredanne +- **[ScanCode Toolkit](https://github.com/aboutcode-org/scancode-toolkit)**: a + set of code scanning tools to detect the origin and license of code and + dependencies. ScanCode now uses a plug-in architecture to run a series of + scan-related tools in one process flow. This is the most popular project and + is used by 100's of software teams . The lead maintainer is @pombredanne + +- **[Scancode.io](https://github.com/aboutcode-org/scancode.io)**: is a + web-based and API to run and review scans in rich scripted pipelines, on + different kinds of containers, docker images, package archives, manifests + etc, to get information on licenses, copyrights, source, vulneribilities. + The lead maintainer is @tdruez + +- **[VulnerableCode](https://github.com/aboutcode-org/vulnerablecode)**: is a + web-based API and database to collect and track all the known software + package vulnerabilities, with affected and fixed packages, references and a + standalone tool Vulntotal to compare this vulneribility information across + similar tools. This is maintained by @tg1999 and @pombredanne + +- **[univers](https://github.com/aboutcode-org/univers)** is a package to + parse and compare all the package versions and all the ranges. + +- **[purlDB](https://github.com/aboutcode-org/purldb)** consists of tools to + create and expose a database of purls (Package URLs) and also has package + data for all of these packages created from scans. This is maintained by + @jyang + +- **[FetchCode](https://github.com/aboutcode-org/fetchcode)** is a library to + reliably fetch any code via HTTP, FTP and version control systems such as + git. + +- **[Scancode Workbench](https://github.com/aboutcode-org/scancode-workbench)**: + a desktop application based on typescript and react to visualize and review + scan results from scancode scans. + +- **[AboutCode Toolkit](https://github.com/aboutcode-org/aboutcode-toolkit)**: + a set of command line tools to document the provenance of your code and + generate attribution notices. AboutCode Toolkit uses small yaml files to + document code provenance inside a codebase. The lead maintainer is + @chinyeungli + +- **[container-inspector](https://github.com/aboutcode-org/container-inspector)**: + a tool to analyze the structure and provenance of software components in + Docker images using static analysis. Maintained by @pombredanne + +- **[python-inspector](https://github.com/aboutcode-org/python-inspector)** + and **[nuget inspector](https://github.com/aboutcode-org/nuget-inspector/)** + inspects manifests and code to resolve dependencies (vulnerable and + non-vulnerable) for python and nuget packages respectively. + +- **[license-expression](https://github.com/aboutcode-org/license-expression/)**: + a library to parse, analyze, compare and normalize SPDX and SPDX-like + license expressions using a boolean logic expression engine. See + https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to + understand what an expression is. See + https://github.com/aboutcode-org/license-expression for the code. The + underlying boolean engine is live at https://github.com/bastikr/boolean.py . + Both are co-maintained by @pombredanne + +- **ABCD aka AboutCode Data**: a simple set of conventions to define data + structures that all the AboutCode tools can understand and use to exchange + data. The details are at + [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). + ABOUT files and ScanCode Toolkit data are examples of this approach. Other + projects such as https://libraries.io and and + [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) are + also using these conventions. + +- **[TraceCode Toolkit](https://github.com/aboutcode-org/tracecode-toolkit)**: + a set of tools to trace files from your deployment or distribution packages + back to their origin in a development codebase or repository. The primary + tool uses strace https://github.com/strace/strace/ to trace system calls on + Linux and construct a build graph from syscalls to show which files are used + to build a binary. We are contributors to strace. Maintained by @pombredanne We also co-started and worked closely with other FOSS orgs and projects: -- [Package URL](https://github.com/package-url): a widely used standard to reference software packages of all types with simple, - readable and concise URLs. +- [Package URL](https://github.com/package-url): a widely used standard to + reference software packages of all types with simple, readable and concise + URLs. -- [SPDX](http://SPDX.org): aka. Software Package Data Exchange, a spec to document the origin and licensing of packages. +- [SPDX](http://SPDX.org): aka. Software Package Data Exchange, a spec to + document the origin and licensing of packages. -- [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack - Bill of Materials (BOM) standard that provides advanced supply chain - capabilities for cyber risk reduction +- [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack Bill + of Materials (BOM) standard that provides advanced supply chain capabilities + for cyber risk reduction -- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing - and documentation clarity. This project is incubating with https://opensource.org +- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help + FOSS projects improve their licensing and documentation clarity. This + project is incubating with https://opensource.org diff --git a/configure b/configure index eff05de..d3111b7 100755 --- a/configure +++ b/configure @@ -3,7 +3,7 @@ # Copyright (c) nexB Inc. and others. All rights reserved. # SPDX-License-Identifier: Apache-2.0 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text. -# See https://github.com/nexB/ for support or download. +# See https://github.com/aboutcode-org/ for support or download. # See https://aboutcode.org for more information about nexB OSS projects. # diff --git a/configure.bat b/configure.bat index 241503d..81a49f0 100644 --- a/configure.bat +++ b/configure.bat @@ -4,7 +4,7 @@ @rem Copyright (c) nexB Inc. and others. All rights reserved. @rem SPDX-License-Identifier: Apache-2.0 @rem See http://www.apache.org/licenses/LICENSE-2.0 for the license text. -@rem See https://github.com/nexB/ for support or download. +@rem See https://github.com/aboutcode-org/ for support or download. @rem See https://aboutcode.org for more information about nexB OSS projects. diff --git a/docs/source/aboutcode-project-overview.rst b/docs/source/aboutcode-project-overview.rst index 557b4ee..8ebdd35 100644 --- a/docs/source/aboutcode-project-overview.rst +++ b/docs/source/aboutcode-project-overview.rst @@ -6,36 +6,36 @@ AboutCode Project Overview The primary current AboutCode projects are: -- `ScanCode Toolkit `_: is a code scanning "engine" and command-line tool to detect the provenance and license of code and its dependencies. ScanCode TK is a command-line tool with many scanning options and output formats (JSON, HTML, CSV or SPDX). ScanCode detects licenses, copyrights, package manifests and more in both source code and binary files. There is already a large set of pre- and post-plugins and you can also create your own plugins. +- `ScanCode Toolkit `_: is a code scanning "engine" and command-line tool to detect the provenance and license of code and its dependencies. ScanCode TK is a command-line tool with many scanning options and output formats (JSON, HTML, CSV or SPDX). ScanCode detects licenses, copyrights, package manifests and more in both source code and binary files. There is already a large set of pre- and post-plugins and you can also create your own plugins. - Read more at: https://scancode-toolkit.readthedocs.io - - Get the code at: https://github.com/nexB/scancode-toolkit + - Get the code at: https://github.com/aboutcode-org/scancode-toolkit | -- `ScanCode.io `_: is a Cloud application server that automates Software Composition Analysis with pipelines. ScanCode.io has standard pipelines for Docker and VM images, root filesystems and packages. ScanCode.io organizes these complex code analyses as scripted pipelines and stores the results in its database for automated code analysis. +- `ScanCode.io `_: is a Cloud application server that automates Software Composition Analysis with pipelines. ScanCode.io has standard pipelines for Docker and VM images, root filesystems and packages. ScanCode.io organizes these complex code analyses as scripted pipelines and stores the results in its database for automated code analysis. - Read more at: https://scancodeio.readthedocs.io - - Get the code at: https://github.com/nexB/scancode.io + - Get the code at: https://github.com/aboutcode-org/scancode.io | -- `ScanCode Workbench `_: is a desktop application (based on Electron) to review the results of a scan and document your conclusions about the origin and license of software components and packages. +- `ScanCode Workbench `_: is a desktop application (based on Electron) to review the results of a scan and document your conclusions about the origin and license of software components and packages. - Read more at: https://scancode-workbench.readthedocs.io - - Get the code at: https://github.com/nexB/scancode-workbench + - Get the code at: https://github.com/aboutcode-org/scancode-workbench | -- `VulnerableCode `_: is an early stage project to provide a free and open source database of vulnerabilities and the packages they impact with tools to aggregate and correlate those vulnerabilities. The initial development of VulnerableCode was supported by the NLNet Foundation. +- `VulnerableCode `_: is an early stage project to provide a free and open source database of vulnerabilities and the packages they impact with tools to aggregate and correlate those vulnerabilities. The initial development of VulnerableCode was supported by the NLNet Foundation. - Read more at: https://vulnerablecode.readthedocs.io - - Get the code at: https://github.com/nexB/vulnerablecode + - Get the code at: https://github.com/aboutcode-org/vulnerablecode | -- `AboutCode Toolkit `_: AboutCode Toolkit provides a set of command-line tools to generate Attribution documents and software BOM reports from any source. It also provides a standard ABCD format for yaml files to document software provenance and license metadata in a codebase where this is not already covered by a package manager. +- `AboutCode Toolkit `_: AboutCode Toolkit provides a set of command-line tools to generate Attribution documents and software BOM reports from any source. It also provides a standard ABCD format for yaml files to document software provenance and license metadata in a codebase where this is not already covered by a package manager. - Read more at: https://aboutcode-toolkit.readthedocs.io - - Get the code at: https://github.com/nexB/aboutcode-toolkit + - Get the code at: https://github.com/aboutcode-org/aboutcode-toolkit diff --git a/docs/source/conf.py b/docs/source/conf.py index ff085a7..04c6a2a 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -43,7 +43,7 @@ # This points to aboutcode.readthedocs.io # In case of "undefined label" ERRORS check docs on intersphinx to troubleshoot -# Link was created at commit - https://github.com/nexB/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83 +# Link was created at commit - https://github.com/aboutcode-org/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83 intersphinx_mapping = { "aboutcode": ("https://aboutcode.readthedocs.io/en/latest/", None), diff --git a/docs/source/contributing.rst b/docs/source/contributing.rst index 473be32..7c657ca 100644 --- a/docs/source/contributing.rst +++ b/docs/source/contributing.rst @@ -7,7 +7,7 @@ organization. We are always looking for enthusiatic contributors and we are will lend a helping hand if you have any questions or comments. That being said, here a few resources to help you get started. -1) Take a look through our public repos here: https://github.com/nexB/ +1) Take a look through our public repos here: https://github.com/aboutcode-org/ * Find one you are interested in and check out its open **Issues** 2) If you have specific questions browse through our documentation here: https://aboutcode.readthedocs.io/en/latest/ * Depending on the project, there may be a seperate ReadTheDocs website diff --git a/docs/source/contributing/contrib_doc.rst b/docs/source/contributing/contrib_doc.rst index f5ba927..9fda633 100644 --- a/docs/source/contributing/contrib_doc.rst +++ b/docs/source/contributing/contrib_doc.rst @@ -12,7 +12,7 @@ To get started, create or identify a working directory on your local machine. Open that directory and execute the following command in a terminal session:: - git clone https://github.com/nexB/aboutcode.git + git clone https://github.com/aboutcode-org/aboutcode.git That will create an ``/aboutcode`` directory in your working directory. Now you can install the dependencies in a virtualenv:: diff --git a/docs/source/doc_guidelines.rst b/docs/source/doc_guidelines.rst index 6f789c9..d4923e5 100644 --- a/docs/source/doc_guidelines.rst +++ b/docs/source/doc_guidelines.rst @@ -26,7 +26,7 @@ To get started, create or identify a working directory on your local machine. Open that directory and execute the following command in a terminal session:: - git clone https://github.com/nexB/aboutcode.git + git clone https://github.com/aboutcode-org/aboutcode.git That will create an /aboutcode directory in your working directory. Now you can install the dependencies in a virtualenv:: diff --git a/setup.cfg b/setup.cfg index 2ec8b39..8d50787 100644 --- a/setup.cfg +++ b/setup.cfg @@ -6,7 +6,7 @@ license = Apache-2.0 description = aboutcode long_description = file:README.rst long_description_content_type = text/x-rst -url = https://github.com/nexB/aboutcode +url = https://github.com/aboutcode-org/aboutcode author = nexB. Inc. and others author_email = info@aboutcode.org