Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(report): Support SPDX 3.0 Reports Week1,2,3,4,5 #252

Merged
merged 1 commit into from
Jul 10, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/2024/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ More info to come here.
| :--------------------------------------------------- | :----------------------------------------------------------- |
| [Aaditya Singh](https://github.com/aadsingh) | [Overhaul Scheduler Design](/docs/2024/scheduler) |
| [Abdelrahman Jamal](https://github.com/Hero2323) | [AI Powered License Detection](/docs/2024/license-detection) |
| [Abhishek Kumar](https://github.com/abhi-kumar17871) | [SPDX 3.0 Support](/docs/2024/spdx30) |
| [Abhishek Kumar](https://github.com/abhi-kumar17871) | [Support SPDX 3.0 Reports](/docs/2024/spdx30) |
| [Akash Sah](https://github.com/AkashSah2003) | [SPDX License Expression](/docs/2024/spdx-expression) |
| [Divij Sharma](https://github.com/dvjsharma) | [REST API Improvements](/docs/2024/rest) |
| [Rajul Jha](https://github.com/rajuljha) | [Improving CI Scanner](/docs/2024/ci-scanner) |
Expand Down
2 changes: 1 addition & 1 deletion docs/2024/spdx30/_category_.json
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{
"label": "SPDX 3.0 Support",
"label": "Support SPDX 3.0 Reports",
"position": 5
}
Binary file added docs/2024/spdx30/assets/model_Core+Software.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/2024/spdx30/assets/model_Licensing.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
25 changes: 19 additions & 6 deletions docs/2024/spdx30/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ slug: /2024/spdx30/
<!--
SPDX-License-Identifier: CC-BY-SA-4.0

SPDX-FileCopyrightText: 2024 Abhishek Kumar <email.here>
SPDX-FileCopyrightText: 2024 Abhishek Kumar <skumar17871@gmail.com>
-->

## Author
Expand All @@ -15,17 +15,30 @@ SPDX-FileCopyrightText: 2024 Abhishek Kumar <email.here>

## Contact info

- [Email](mailto:email.here)
- [LinkedIn](https://linkedin.com/in/my-user)
- [Email](mailto:akumar17871@gmail.com)
- [LinkedIn](https://www.linkedin.com/in/akumar17871/)

## Project title

SPDX 3.0 Support
Support SPDX 3.0 Reports

## What's the project about?

Insert Text Here
This project aims to support the generation, parsing, and interpreting of SPDX 3.0 reports. Currently, FOSSology uses SPDX 2.3 for report generation and ingestion, but with the introduction of SPDX 3.0, it has become the industry standard. Upgrading to SPDX 3.0 will address the limitations of the older version, such as compatibility issues and difficulties in integrating with other tools.

In this project, I will be working on the generation of SPDX 3.0 reports in multiple formats, implementing SPDX 3.0 profiles, and then the ingestion of these reports.

## What should be done?

What are the plans for the project?
1. Support generation of SPDX 3.0 reports in multiple formats
- Include support for JSON-LD, plain JSON, tag:value, RDF, and CSV formats to meet diverse needs and use cases.

2. Support of SPDX 3.0 profiles
- Begin with Core, Software, and Licensing profiles.
- Expand to additional profiles such as Lite if possible.

3. Support ingestion of SPDX 3.0 reports
- Ensure FOSSology can read and process SPDX 3.0 reports for seamless integration and compliance.

4. Improve compatibility and standardization
- Ensure smoother integration and compliance with industry standards.
25 changes: 0 additions & 25 deletions docs/2024/spdx30/updates/2023-05-30.md

This file was deleted.

59 changes: 59 additions & 0 deletions docs/2024/spdx30/updates/2024-05-07.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
title: Community bonding
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

## Meeting 1

*(May 7, 2024)*

### Discussion:
This was the first meeting with mentors and other fellow contributors. In this meeting, mentors and contributors introduced themselves. We agreed on the time and platform for general weekly meetings.

## Meeting 2

*(May 9, 2024)*

### Discussion:
* In this meeting, mentors talked about what we can do in community bonding period and emphasized the importance of communication in open source community.
* Q&A session was held to address the general issues.


## Week 1 Activities

*(May 9, 2024 - May 15, 2024)*

* Revised the basics of PHP and Template Engine- TWIG and other skills required for the project.
* Gone through the documentation and codebase to get clear idea how SPDX v2.3 was implemented and what are the changes that are needed to be related to the project.


## Meeting 3

*(May 16, 2024)*

### Discussion:
* Contributors provided updates on their progress.
* Mentors checked if everyone was able to set up their local development environment.


## Week 2 Activities

*(May 16, 2024 - May 22, 2024)*

* I had some issues while setting up the local environment as I was working on ARM architecture machine having Ubuntu 22.04 installed on my virtual machine.
* So, I rectified the issue by commenting out the installation of python dependencies in [fo-postinstall.in](https://github.com/fossology/fossology/blob/6e6b00c2ded6a1db7647d0da9e97c78ed9ffddf8/install/fo-postinstall.in#L261-L263) file, as it was creating conflicts with other installed dependencies.


## Meeting 4

*(May 23, 2024)*

### Discussion:
* Contributors shared their updates.
* Mentors urged contributors to address some of the issues to enhance their understanding of the project.
* Timing for the specific-project weekly meetings were finalized.
53 changes: 53 additions & 0 deletions docs/2024/spdx30/updates/2024-05-28.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
---
title: Week 1
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

# Week 1 meeting and activities

_(May 28,2024)_

## Attendees:

* [Abhishek Kumar](https://github.com/abhi-kumar17871)
* [Gaurav Mishra](https://github.com/GMishx)
* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
* [Dearsh Oberoi](https://github.com/deo002)
* [Akash Sah](https://github.com/Akashsah2003)

## Discussions

* I presented the basic SPDX v3.0 JSON-ld format report to the mentors.
* Got a feedback for the implementation of the required fields and profiles in the reports .
* Also was asked to validate the reports generated using the [SPDX python tool](https://github.com/spdx/tools-python).
* Next Step: Work on Licensing profile in JSON-ld reports.

## Core and software profile use cases

* ### Core profile
* The Core profile describes the foundational classes and properties that are used by all profiles of the SPDX model.

* ### Software profile
* The Software profile contains information about files, packages, SBOMs, snippets, and artifacts of the software application.

The [model image](../assets/model_Core+Software.png) for the Core+Software profile.
I have implemented the following use cases as required by the organization for this profile:
* Person
* Agent
* Tool
* File
* Package
* Person with full CreationInfo
* Package with ExternalIdentifier
* Relationship with Package containing Files
* SpdxDocument with Files

## Updates

* Started working on SPDX v3.0 JSON-ld format report generation.
* In this week, I targeted to implement Core and Software profiles in this format.
39 changes: 39 additions & 0 deletions docs/2024/spdx30/updates/2024-06-04.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
title: Week 2
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

# Week 2 Meeting and Activities

_(June 4, 2024)_

## Attendees:

* [Abhishek Kumar](https://github.com/abhi-kumar17871)
* [Gaurav Mishra](https://github.com/GMishx)
* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
* [Dearsh Oberoi](https://github.com/deo002)
* [Akash Sah](https://github.com/Akashsah2003)

## Discussions

* I presented the changes after implementing the Core and Software Profiles made in the SPDX v3.0 report in JSON-ld format to the mentor.
* I discussed with the mentors about the SPDX python tool for validation of v3.0 reports as it was not optimised for v3.0 reports. So, it was decided to look for it later or will perform the validation manually.
* Next Step: Work on JSON report generation.

## Licensing profile use cases
The Licensing profile describes the aspects of licensing for the software application under three categories (sub-directories) - Licensing, SimpleLicensing, and ExpandedLicensing.

The Licensing category describes information about declared licenses and concluded (detected) licenses. The SimpleLicensing category describes information about text-formatted licenses. The ExpandedLicensing category describes information about parseable and machine-readable licenses.

The [model image](../assets/model_Licensing.png) for the Licensing profile.

## Activities

* In this week, I continued to work on the SPDX v3.0 JSON-ld format report generation for Licensing profile.
* Made a [PR#2750](https://github.com/fossology/fossology/pull/2750) for Generation of SPDX v3.0 report in JSON format.
32 changes: 32 additions & 0 deletions docs/2024/spdx30/updates/2024-06-11.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
---
title: Week 3
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

# Week 3 Meeting and Activities

_(June 11, 2024)_

## Attendees:

* [Abhishek Kumar](https://github.com/abhi-kumar17871)
* [Gaurav Mishra](https://github.com/GMishx)
* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
* [Dearsh Oberoi](https://github.com/deo002)
* [Akash Sah](https://github.com/Akashsah2003)

## Discussions

* Presented the JSON-ld report.
* There was a build issue in my latest PR. I started to look into it as well.
* Next Step: Work on RDF report generation.

## Activities

* In this week, I worked upon SPDX v3.0 report in JSON format.
* Followed the [JSON Serialization](https://github.com/spdx/spdx-3-model/blob/main/serialization/json.md) for report generation in JSON format.
34 changes: 34 additions & 0 deletions docs/2024/spdx30/updates/2024-06-18.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
title: Week 4
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

# Week 4 Meeting and Activities

_(June 18, 2024)_

## Attendees:

* [Abhishek Kumar](https://github.com/abhi-kumar17871)
* [Gaurav Mishra](https://github.com/GMishx)
* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
* [Dearsh Oberoi](https://github.com/deo002)
* [Akash Sah](https://github.com/Akashsah2003)

## Discussions

* Have completed generation of SPDX v3.0 report in JSON format.
* Also discussed to the mentor about [validation of JSON-ld using JSON Schema, and SHACL Model](https://github.com/spdx/spdx-3-model/blob/main/serialization/json_ld/validation.md).
* We decided to follow the JSON Schema and SHACL Model for initial phase of validation.
* Next Step: Work on the validation of JSON-ld documents.

## Activities

* In this week, I worked upon the RDF report generation.
* I followed the [ontology](https://spdx.org/rdf/3.0.0/spdx-model.ttl) present in the SPDX-3 model github repository.
* I also started looking into the fields which were absent in the previous formats and have rectified them using the JSON schema.
33 changes: 33 additions & 0 deletions docs/2024/spdx30/updates/2024-06-25.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
title: Week 5
author: Abhishek Kumar
tags: [gsoc24, spdx30]
---
<!--
SPDX-License-Identifier: CC-BY-SA-4.0
SPDX-FileCopyrightText: 2024 Abhishek Kumar <akumar17871@gmail.com>
-->

# Week 5 Meeting and Activities

_(June 25, 2024)_

## Attendees:

* [Abhishek Kumar](https://github.com/abhi-kumar17871)
* [Gaurav Mishra](https://github.com/GMishx)
* [Shaheem Azmal M MD](https://github.com/shaheemazmalmmd)
* [Dearsh Oberoi](https://github.com/deo002)
* [Akash Sah](https://github.com/Akashsah2003)

## Discussions

* Presented my work SPDX v3.0 report in JSON and RDF format and also validated the reports using.
* Started resolving the issue while building the package in GitHub workflow.
* Next Step: Resolve the build issue and work on tag:value and CSV report generation.

## Activities

* In this week, I have validated the SPDX v3.0 report in JSON-ld, JSON and RDF format.
* Also add the various fields which were required in Core, Software and Licensing profiles by the organization.
* I have started working for the SPDX v3.0 report generation in tag:value format.