diff --git a/docs/2024/index.md b/docs/2024/index.md index 70b31ca55..e9db2a779 100644 --- a/docs/2024/index.md +++ b/docs/2024/index.md @@ -26,7 +26,7 @@ More info to come here. | :--------------------------------------------------- | :----------------------------------------------------------- | | [Aaditya Singh](https://github.com/aadsingh) | [Overhaul Scheduler Design](/docs/2024/scheduler) | | [Abdelrahman Jamal](https://github.com/Hero2323) | [AI Powered License Detection](/docs/2024/license-detection) | -| [Abhishek Kumar](https://github.com/abhi-kumar17871) | [SPDX 3.0 Support](/docs/2024/spdx30) | +| [Abhishek Kumar](https://github.com/abhi-kumar17871) | [Support SPDX 3.0 Reports](/docs/2024/spdx30) | | [Akash Sah](https://github.com/AkashSah2003) | [SPDX License Expression](/docs/2024/spdx-expression) | | [Divij Sharma](https://github.com/dvjsharma) | [REST API Improvements](/docs/2024/rest) | | [Rajul Jha](https://github.com/rajuljha) | [Improving CI Scanner](/docs/2024/ci-scanner) | diff --git a/docs/2024/spdx30/_category_.json b/docs/2024/spdx30/_category_.json index e9771b420..d9927caba 100644 --- a/docs/2024/spdx30/_category_.json +++ b/docs/2024/spdx30/_category_.json @@ -1,4 +1,4 @@ { - "label": "SPDX 3.0 Support", + "label": "Support SPDX 3.0 Reports", "position": 5 } diff --git a/docs/2024/spdx30/assets/model_Core+Software.png b/docs/2024/spdx30/assets/model_Core+Software.png new file mode 100644 index 000000000..30163a5f1 Binary files /dev/null and b/docs/2024/spdx30/assets/model_Core+Software.png differ diff --git a/docs/2024/spdx30/assets/model_Licensing.png b/docs/2024/spdx30/assets/model_Licensing.png new file mode 100644 index 000000000..4e0590f48 Binary files /dev/null and b/docs/2024/spdx30/assets/model_Licensing.png differ diff --git a/docs/2024/spdx30/index.md b/docs/2024/spdx30/index.md index e2a26f886..496742e92 100644 --- a/docs/2024/spdx30/index.md +++ b/docs/2024/spdx30/index.md @@ -6,7 +6,7 @@ slug: /2024/spdx30/ ## Author @@ -15,17 +15,30 @@ SPDX-FileCopyrightText: 2024 Abhishek Kumar ## Contact info -- [Email](mailto:email.here) -- [LinkedIn](https://linkedin.com/in/my-user) +- [Email](mailto:akumar17871@gmail.com) +- [LinkedIn](https://www.linkedin.com/in/akumar17871/) ## Project title -SPDX 3.0 Support +Support SPDX 3.0 Reports ## What's the project about? -Insert Text Here +This project aims to support the generation, parsing, and interpreting of SPDX 3.0 reports. Currently, FOSSology uses SPDX 2.3 for report generation and ingestion, but with the introduction of SPDX 3.0, it has become the industry standard. Upgrading to SPDX 3.0 will address the limitations of the older version, such as compatibility issues and difficulties in integrating with other tools. + +In this project, I will be working on the generation of SPDX 3.0 reports in multiple formats, implementing SPDX 3.0 profiles, and then the ingestion of these reports. ## What should be done? -What are the plans for the project? +1. Support generation of SPDX 3.0 reports in multiple formats + - Include support for JSON-LD, plain JSON, tag:value, RDF, and CSV formats to meet diverse needs and use cases. + +2. Support of SPDX 3.0 profiles + - Begin with Core, Software, and Licensing profiles. + - Expand to additional profiles such as Lite if possible. + +3. Support ingestion of SPDX 3.0 reports + - Ensure FOSSology can read and process SPDX 3.0 reports for seamless integration and compliance. + +4. Improve compatibility and standardization + - Ensure smoother integration and compliance with industry standards. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2023-05-30.md b/docs/2024/spdx30/updates/2023-05-30.md deleted file mode 100644 index 4ab24b322..000000000 --- a/docs/2024/spdx30/updates/2023-05-30.md +++ /dev/null @@ -1,25 +0,0 @@ ---- -title: Community bonding -author: Abhishek Kumar ---- - - -# Meeting 1 - -*(May 30,2024)* - -## Attendees: - -## Discussion: - -# Meeting 2 - -*(May 18,2023)* - -## Attendees: - -## Discussion: diff --git a/docs/2024/spdx30/updates/2024-05-07.md b/docs/2024/spdx30/updates/2024-05-07.md new file mode 100644 index 000000000..371289e67 --- /dev/null +++ b/docs/2024/spdx30/updates/2024-05-07.md @@ -0,0 +1,59 @@ +--- +title: Community bonding +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +## Meeting 1 + +*(May 7, 2024)* + +### Discussion: +This was the first meeting with mentors and other fellow contributors. In this meeting, mentors and contributors introduced themselves. We agreed on the time and platform for general weekly meetings. + +## Meeting 2 + +*(May 9, 2024)* + +### Discussion: +* In this meeting, mentors talked about what we can do in community bonding period and emphasized the importance of communication in open source community. +* Q&A session was held to address the general issues. + + +## Week 1 Activities + +*(May 9, 2024 - May 15, 2024)* + +* Revised the basics of PHP and Template Engine- TWIG and other skills required for the project. +* Gone through the documentation and codebase to get clear idea how SPDX v2.3 was implemented and what are the changes that are needed to be related to the project. + + +## Meeting 3 + +*(May 16, 2024)* + +### Discussion: +* Contributors provided updates on their progress. +* Mentors checked if everyone was able to set up their local development environment. + + +## Week 2 Activities + +*(May 16, 2024 - May 22, 2024)* + +* I had some issues while setting up the local environment as I was working on ARM architecture machine having Ubuntu 22.04 installed on my virtual machine. +* So, I rectified the issue by commenting out the installation of python dependencies in [fo-postinstall.in](https://github.com/fossology/fossology/blob/6e6b00c2ded6a1db7647d0da9e97c78ed9ffddf8/install/fo-postinstall.in#L261-L263) file, as it was creating conflicts with other installed dependencies. + + +## Meeting 4 + +*(May 23, 2024)* + +### Discussion: +* Contributors shared their updates. +* Mentors urged contributors to address some of the issues to enhance their understanding of the project. +* Timing for the specific-project weekly meetings were finalized. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2024-05-28.md b/docs/2024/spdx30/updates/2024-05-28.md new file mode 100644 index 000000000..006305b94 --- /dev/null +++ b/docs/2024/spdx30/updates/2024-05-28.md @@ -0,0 +1,53 @@ +--- +title: Week 1 +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +# Week 1 meeting and activities + +_(May 28,2024)_ + +## Attendees: + +* [Abhishek Kumar](https://github.com/abhi-kumar17871) +* [Gaurav Mishra](https://github.com/GMishx) +* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) +* [Dearsh Oberoi](https://github.com/deo002) +* [Akash Sah](https://github.com/Akashsah2003) + +## Discussions + +* I presented the basic SPDX v3.0 JSON-ld format report to the mentors. +* Got a feedback for the implementation of the required fields and profiles in the reports . +* Also was asked to validate the reports generated using the [SPDX python tool](https://github.com/spdx/tools-python). +* Next Step: Work on Licensing profile in JSON-ld reports. + +## Core and software profile use cases + +* ### Core profile + * The Core profile describes the foundational classes and properties that are used by all profiles of the SPDX model. + +* ### Software profile + * The Software profile contains information about files, packages, SBOMs, snippets, and artifacts of the software application. + +The [model image](../assets/model_Core+Software.png) for the Core+Software profile. +I have implemented the following use cases as required by the organization for this profile: +* Person +* Agent +* Tool +* File +* Package +* Person with full CreationInfo +* Package with ExternalIdentifier +* Relationship with Package containing Files +* SpdxDocument with Files + +## Updates + +* Started working on SPDX v3.0 JSON-ld format report generation. +* In this week, I targeted to implement Core and Software profiles in this format. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2024-06-04.md b/docs/2024/spdx30/updates/2024-06-04.md new file mode 100644 index 000000000..c53629b1e --- /dev/null +++ b/docs/2024/spdx30/updates/2024-06-04.md @@ -0,0 +1,39 @@ +--- +title: Week 2 +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +# Week 2 Meeting and Activities + +_(June 4, 2024)_ + +## Attendees: + +* [Abhishek Kumar](https://github.com/abhi-kumar17871) +* [Gaurav Mishra](https://github.com/GMishx) +* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) +* [Dearsh Oberoi](https://github.com/deo002) +* [Akash Sah](https://github.com/Akashsah2003) + +## Discussions + +* I presented the changes after implementing the Core and Software Profiles made in the SPDX v3.0 report in JSON-ld format to the mentor. +* I discussed with the mentors about the SPDX python tool for validation of v3.0 reports as it was not optimised for v3.0 reports. So, it was decided to look for it later or will perform the validation manually. +* Next Step: Work on JSON report generation. + +## Licensing profile use cases +The Licensing profile describes the aspects of licensing for the software application under three categories (sub-directories) - Licensing, SimpleLicensing, and ExpandedLicensing. + +The Licensing category describes information about declared licenses and concluded (detected) licenses. The SimpleLicensing category describes information about text-formatted licenses. The ExpandedLicensing category describes information about parseable and machine-readable licenses. + +The [model image](../assets/model_Licensing.png) for the Licensing profile. + +## Activities + +* In this week, I continued to work on the SPDX v3.0 JSON-ld format report generation for Licensing profile. +* Made a [PR#2750](https://github.com/fossology/fossology/pull/2750) for Generation of SPDX v3.0 report in JSON format. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2024-06-11.md b/docs/2024/spdx30/updates/2024-06-11.md new file mode 100644 index 000000000..86c523af3 --- /dev/null +++ b/docs/2024/spdx30/updates/2024-06-11.md @@ -0,0 +1,32 @@ +--- +title: Week 3 +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +# Week 3 Meeting and Activities + +_(June 11, 2024)_ + +## Attendees: + +* [Abhishek Kumar](https://github.com/abhi-kumar17871) +* [Gaurav Mishra](https://github.com/GMishx) +* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) +* [Dearsh Oberoi](https://github.com/deo002) +* [Akash Sah](https://github.com/Akashsah2003) + +## Discussions + +* Presented the JSON-ld report. +* There was a build issue in my latest PR. I started to look into it as well. +* Next Step: Work on RDF report generation. + +## Activities + +* In this week, I worked upon SPDX v3.0 report in JSON format. +* Followed the [JSON Serialization](https://github.com/spdx/spdx-3-model/blob/main/serialization/json.md) for report generation in JSON format. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2024-06-18.md b/docs/2024/spdx30/updates/2024-06-18.md new file mode 100644 index 000000000..4ba68e8f8 --- /dev/null +++ b/docs/2024/spdx30/updates/2024-06-18.md @@ -0,0 +1,34 @@ +--- +title: Week 4 +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +# Week 4 Meeting and Activities + +_(June 18, 2024)_ + +## Attendees: + +* [Abhishek Kumar](https://github.com/abhi-kumar17871) +* [Gaurav Mishra](https://github.com/GMishx) +* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) +* [Dearsh Oberoi](https://github.com/deo002) +* [Akash Sah](https://github.com/Akashsah2003) + +## Discussions + +* Have completed generation of SPDX v3.0 report in JSON format. +* Also discussed to the mentor about [validation of JSON-ld using JSON Schema, and SHACL Model](https://github.com/spdx/spdx-3-model/blob/main/serialization/json_ld/validation.md). +* We decided to follow the JSON Schema and SHACL Model for initial phase of validation. +* Next Step: Work on the validation of JSON-ld documents. + +## Activities + +* In this week, I worked upon the RDF report generation. +* I followed the [ontology](https://spdx.org/rdf/3.0.0/spdx-model.ttl) present in the SPDX-3 model github repository. +* I also started looking into the fields which were absent in the previous formats and have rectified them using the JSON schema. \ No newline at end of file diff --git a/docs/2024/spdx30/updates/2024-06-25.md b/docs/2024/spdx30/updates/2024-06-25.md new file mode 100644 index 000000000..2819544b3 --- /dev/null +++ b/docs/2024/spdx30/updates/2024-06-25.md @@ -0,0 +1,33 @@ +--- +title: Week 5 +author: Abhishek Kumar +tags: [gsoc24, spdx30] +--- + + +# Week 5 Meeting and Activities + +_(June 25, 2024)_ + +## Attendees: + +* [Abhishek Kumar](https://github.com/abhi-kumar17871) +* [Gaurav Mishra](https://github.com/GMishx) +* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd) +* [Dearsh Oberoi](https://github.com/deo002) +* [Akash Sah](https://github.com/Akashsah2003) + +## Discussions + +* Presented my work SPDX v3.0 report in JSON and RDF format and also validated the reports using. +* Started resolving the issue while building the package in GitHub workflow. +* Next Step: Resolve the build issue and work on tag:value and CSV report generation. + +## Activities + +* In this week, I have validated the SPDX v3.0 report in JSON-ld, JSON and RDF format. +* Also add the various fields which were required in Core, Software and Licensing profiles by the organization. +* I have started working for the SPDX v3.0 report generation in tag:value format. \ No newline at end of file