Roadmap¶
This is a high level list of what we are working on and what is completed.
This is not updated regularly, see the milestones instead for updated shorter and longer term roadmaps.
Legend¶
Work in Progress¶
(see Completed features below)
Package manifest and dependency parsers¶
Docker image base (as part of: https://github.com/pombredanne/conan ) #651
RubyGems base and dependencies #650 (code in https://github.com/nexB/scancode-toolkit-contrib/ )
Perl, CPAN (basic in https://github.com/nexB/scancode-toolkit-contrib/)
Go : parsing for Godep in https://github.com/nexB/scancode-toolkit-contrib/
License Detection¶
support and detect license expressions (code in https://github.com/nexB/license-expression)
Copyrights¶
Core features¶
pre/post/ouput plugins! (worked as part of the GSoC by @yadsharaf )
transparent archive extraction (as opposed to on-demand with extractcode)
scancode.yml configuration file for exclusions, defaults, scan failure conditions, etc.
support scan pipelines and rules to organize more complex scans
scan baselining, delta scan and failure conditions (such as license change, etc) ( spawned as its the DeltaCode project)
dedupe and similarities to avoid re-scanning. For now only identical files are scanned only once.
native support for ABC Data (See AboutCode Data Structure (ABCD) )
Classification, summarization and deduction¶
Source code support (some will be spawned as their own tool)¶
symbols : parsing complete in https://github.com/nexB/scancode-toolkit-contrib/
metrics : some elements in https://github.com/nexB/scancode-toolkit-contrib/
Compiled code support (will be spawned as their own tool)¶
ELFs : parsing complete in https://github.com/nexB/scancode-toolkit-contrib/
Java bytecode : parsing complete in https://github.com/nexB/scancode-toolkit-contrib/
Windows PE : parsing complete in https://github.com/nexB/scancode-toolkit-contrib/
Mach-O : parsing complete in in https://github.com/nexB/scancode-toolkit-contrib/
Data exchange¶
Packaging¶
Documentation¶
CI integration¶
Other work in progress¶
ScanCode server: Separate project: https://github.com/nexB/scancode-server. Will include Integration / webhooks for Github, Bitbucket.
VulnerableCode: NVD and CVE lookups: Separate project: https://github.com/nexB/vulnerablecode
ScanCode Workbench: desktop app for scan review: Separate project: https://github.com/nexB/scancode-workbench
DependentCode: dynamic dependencies resolutions: Separate project: https://github.com/nexB/dependentcode
Package mining and matching¶
(Note that this will be a separate project) Some code is in https://github.com/nexB/scancode-toolkit-contrib/