Skip to content

Roadmap

Jump to bottom
Philippe Ombredanne edited this page Dec 10, 2015 · 25 revisions

Next release

license detection

  • approximate license detection
  • unknown license detection

additional clue detection

  • URLs, emails, authors : completed except for exposing the feature in outputs

UI

  • improved scans GUI

Other work in progress

UI

  • Enhanced scan results navigation
  • ScanCode server

packaged code metadata details scans

  • Java Maven POM : parsing complete
  • RPMs : parsing complete
  • Windows Nuget, PE : parsing complete
  • RubyGems : parsing complete
  • npm : parsing complete
  • Docker images : parsing complete

additional file information

  • File classification

speed!

  • accelerate license detection indexing and scanning; include caching
  • scan using multiple processes to speed up overall scan

Beyond

packaged code metadata details scans

  • Python
  • CRAN
  • Debian

license detection

  • sync with external sources (DejaCode, SPDX, etc.)
  • web ui for easier license rules contribution

copyrights

  • improved detected lines range
  • streamline grammar
  • normalized holders and authors for summarization

documentation

  • integration in a build/CI loop
  • end to end guide to analyze a codebase
  • hacking guides

CI integration

  • Plugins for CI (Jenkins, etc)
  • Integration for CI (Travis, Appveyor, Drone, etc)
  • Integration for Github, Bitbucket

Package mining and matching

  • exact matching
  • attribute-based matching
  • fuzzy matching
  • peer-reviewed meta packages repo
  • basic mining of package repositories
  • NVD and CVE lookups

Misc

  • Crypto code detection

core features

  • transparent archive extraction
  • support scan pipelines to organize more complex scans
  • .scancode configuration file for exclusions, defaults, etc
  • scan baselining, delta scan and failure conditions (such as license change, etc)
  • dedupe and similarities to avoid re-scanning

packaging

  • simpler installation, automated installer

packaged code and dependencies support

  • Java Maven POM.XML files, Ivy, Graddle, etc.
  • RPMs
  • debs
  • Windows Nuget, PE
  • Gems
  • Perl, CPAN
  • npm and other JavaScript (jspm, bower, etc.)
  • Python
  • Go : parsing complete for Godep
  • PHP
  • AboutCode
  • other Linux distro packages

source code support

  • symbols : parsing complete
  • metrics
  • classification

compiled code support

  • ELFs : parsing complete
  • Java byte code : parsing complete
  • Windows PE : parsing complete
  • Mach-O : parsing complete
  • Dalvik/dex

Completed features

  • exact license detection
  • copyright detection
  • archive extraction
  • simple command line with outputs in:
  • JSON
  • plain HTML tables, also usable in a spreadsheet
  • fancy HTML 'app' with a file tree navigation, and scan results filtering, search and sorting
  • provide basic file information in results (size, type, etc.)
  • common model for packages data
  • basic support for common packages format
  • scan summaries

See http://nexb.com for more.

Clone this wiki locally