Skip to content

Roadmap

Jump to bottom
Philippe Ombredanne edited this page Apr 11, 2016 · 25 revisions

Legend

completed 🕥 In progress Planned, not started

Next release

license detection

  • 🕥 approximate license detection
  • 🕥 unknown license detection

additional clue detection

  • ✅ URLs, emails, authors

UI

  • 🕥 improved scans GUI
  • ✅ License summary
  • ✅ Copyright summary
  • ⬜ built-in help

Other work in progress

UI

  • ⬜ Enhanced scan results navigation
  • 🕥 ScanCode server

packaged code metadata details scans

  • 🕥 Java Maven POM : parsing complete
  • 🕥 RPMs : parsing complete
  • 🕥 Docker images : parsing complete
  • 🕥 npm : parsing complete
  • 🕥 RubyGems : parsing complete
  • 🕥 Windows Nuget, PE : parsing complete

additional file information

  • ⬜ File classification

speed!

  • 🕥 accelerate license detection indexing and scanning; include caching
  • 🕥 scan using multiple processes to speed up overall scan

Beyond

packaged code metadata details scans

  • 🕥 Python
  • 🕥 CRAN
  • 🕥 Debian
  • ⬜ Plain packages

license detection

  • 🕥 sync with external sources (DejaCode, SPDX, etc.)
  • ⬜ web ui for easier license rules contribution

copyrights

  • ⬜ improved detected lines range
  • ⬜ streamline grammar
  • ⬜ normalized holders and authors for summarization

documentation

  • ⬜ integration in a build/CI loop
  • ⬜ end to end guide to analyze a codebase
  • ⬜ hacking guides

CI integration

  • ⬜ Plugins for CI (Jenkins, etc)
  • ⬜ Integration for CI (Travis, Appveyor, Drone, etc)
  • 🕥 Integration / webhooks for Github, Bitbucket

Package mining and matching

  • 🕥 exact matching
  • 🕥 attribute-based matching
  • 🕥 fuzzy matching
  • ⬜ peer-reviewed meta packages repo
  • ⬜ basic mining of package repositories
  • ⬜ NVD and CVE lookups

Misc

  • ⬜ Crypto code detection

core features

  • ⬜ transparent archive extraction (as opposed to on-demand with extractcode)
  • ⬜ support scan pipelines to organize more complex scans
  • 🕥 .scancode configuration file for exclusions, defaults, scan failure conditions, etc.
  • 🕥 scan baselining, delta scan and failure conditions (such as license change, etc)
  • 🕥 dedupe and similarities to avoid re-scanning
  • ⬜ logging

packaging

  • ⬜ simpler installation, automated installer

packaged code and dependencies support

  • 🕥 Java Maven POM.XML files, Ivy, Graddle, etc.
  • 🕥 RPMs
  • 🕥 debs
  • 🕥 Windows Nuget, PE
  • 🕥 Gems
  • ⬜ Perl, CPAN
  • 🕥 npm and other JavaScript (jspm, bower, etc.)
  • 🕥 Python
  • 🕥 Go : parsing complete for Godep
  • ⬜ PHP
  • ⬜ AboutCode
  • ⬜ other Linux distro packages

source code support

  • 🕥 symbols : parsing complete
  • 🕥 metrics
  • ⬜ classification

compiled code support

  • 🕥 ELFs : parsing complete
  • 🕥 Java byte code : parsing complete
  • 🕥 Windows PE : parsing complete
  • 🕥 Mach-O : parsing complete
  • ⬜ Dalvik/dex

Completed features

  • ✅ exact license detection
  • ✅ copyright detection
  • ✅ archive extraction with extractcode
  • ✅ simple command line with outputs in:
  • ✅ JSON
  • ✅ plain HTML tables, also usable in a spreadsheet
  • ✅ fancy HTML 'app' with a file tree navigation, and scan results filtering, search and sorting
  • ✅ provide basic file information in results (size, type, etc.)
  • ✅ common model for packages data
  • ✅ basic support for common packages format
  • ✅ scan summaries

See http://nexb.com for more.

Clone this wiki locally