:mag: ScanCode detects licenses, copyrights, dependencies by "scanning code" ... to discover and inventory open source and third-party packages used in your code. Sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase, the Google Summer of Code, Azure credits, nexB and others generous sponsors!
We should add extra documentation to each package class, possibly structured as attributes in order to better capture the breadth and depth of the data we collect to generate a summary table for all the things we have.
This could include new things:
logos
if a data file is a lock file or not
extra support and capabilities in other tools like binary analysis, inspectors such as dependency-inspector
core command(s) to generate lock file or install packages in dependency-inspector
pointer to the main package management tool repo
typical files extensions included (.py in pypi, and so on)
extra documentation
etc.
Beyond mere documentation, some of these attributes may have a practical use (like the command for dependency-inspector)
We should also track the relationship to other data files and manifests (important so we cant start treating these as pairs or groups). This could be an attribute, or a new class of its own that groups many datafile handler classes.
We should add extra documentation to each package class, possibly structured as attributes in order to better capture the breadth and depth of the data we collect to generate a summary table for all the things we have. This could include new things:
Beyond mere documentation, some of these attributes may have a practical use (like the command for dependency-inspector)
We should also track the relationship to other data files and manifests (important so we cant start treating these as pairs or groups). This could be an attribute, or a new class of its own that groups many datafile handler classes.