AboutCode is a family of FOSS projects to uncover metadata about software:
- where does the code come from? which software package?
- what is its license? copyright?
- is the code vulnerable, maintained, well coded?
- what are its dependencies, are there vulnerabilities/licensing issues?
All these are questions that are important to answer: there are millions of free and open source software components available on the web for reuse.
Knowing where a software package comes from, what its license is and whether it is vulnerable should be a problem of the past such that everyone can safely consume more free and open source software. We support not only open source software, but also open data, generated and curated by our applications.
Note
This is a repository with information on aboutcode open source activities and not the actual code repository. See the projects section below for links to all the code repositories of our projects with a brief overview and our wiki if you are looking to participate.
- Homepage: http://aboutcode.org
- Documentation: https://aboutcode.readthedocs.io/en/latest/
- Chat: Gitter | Slack
- Weekly Meetings: Meeting Minutes
- GSoC: Wiki
- Documentation Build:
Tip
To manually build the documentation, run make docs from the root of this repo.
We welcome contributions! Whether you're fixing bugs, adding features, or improving documentation, we'd love your help.
Get started:
- Read our CONTRIBUTING.md guide
- Look for good first issues
- Join our community chat
For the latest list of AboutCode projects and tools, please visit our website:
AboutCode is based on key industry standards and works closely with other FOSS organizations:
PURL is a URL string used to identify and locate software packages universally across programming languages, package managers, and tools. It originated from ScanCode and is in process to become an Ecma standard.
Maintainer: @johnmhoran
VERS is an emerging specification for resolving dependency and vulnerable version ranges. It originated as part of the PURL project and is in process to become an Ecma standard.
Specification: VERSION-RANGE-SPEC.rst
-
Package URL: A widely used standard to identify software packages with simple, readable URLs. See the PURL discussions for Ecma standardization details.
-
SPDX: System Package Data Exchange, a specification to document the origin and licensing of packages.
-
CycloneDX: OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard for supply chain security.
-
ClearlyDefined: A project to help FOSS projects improve their licensing and documentation clarity (incubating with opensource.org).
License: Apache License 2.0 | Code of Conduct: CODE_OF_CONDUCT.rst