aboutcode-org / scancode-toolkit

:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
https://github.com/aboutcode-org/scancode-toolkit/releases/
2.11k stars 546 forks source link

Collect publiccode metadata as package-like data #2851

Open pombredanne opened 2 years ago

pombredanne commented 2 years ago

See https://github.com/publiccodeyml/publiccode.yml This is package-like data in YAML and we would a handler to parse this. See also:

Examples:

Presented at FOSDEM 2022 by @ruphy https://archive.fosdem.org/2022/schedule/event/publiccodeyml/

devlakshay commented 2 months ago

Hi, is it still open? If so, can you provide what we are trying to solve?

pombredanne commented 2 months ago

@devlakshay the goal would be to create a new module to parse the YAML files https://github.com/search?q=path%3Apubliccode.yml&type=code and create a package data out of it. Like we do for Maven for instance.

pombredanne commented 2 months ago

@devlakshay please read the links listed in this issues And check the packagedcode/ module here to see what we do with other package metadata.