Version 2.16.0

.github/workflows/gitleaks-action.yml

@@ -0,0 +1,25 @@
+# Software Name: floss-toolbox
+# SPDX-FileCopyrightText: Copyright (c) Orange SA
+# SPDX-License-Identifier: Apache-2.0
+#
+# This software is distributed under the Apache 2.0 license,
+# the text of which is available at https://opensource.org/license/apache-2-0
+# or see the "LICENSE.txt" file for more details.
+#
+# Authors: See CONTRIBUTORS.txt
+# Software description: A toolbox of scripts to help work of forges admins and open source referents
+
+name: gitleaks
+on: [pull_request, push, workflow_dispatch]
+jobs:
+  scan:
+    name: gitleaks
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}

CHANGELOG.md

@@ -5,102 +5,121 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## Unreleased
+## [Unreleased](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.16.0..dev)
 
-## [2.15.0] - 2024-03-12
+## [2.16.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.16.0..2.15.0) - 2024-03-16
 
 ### Added
 
--  Project - Generate THIRD-PARTY.md based on user inputs ([#119](https://github.com/Orange-OpenSource/floss-toolbox/issues/119))
+- [Utils] Add metrics and improve outputs for third-party generator scripts
 
-## [2.14.0] - 2024-03-01
+### Changed
+
+- [Licenses Inventory] Update dependency pytests to v7.4.4
+- [Licenses Inventory] Update dependency beautifulsoup4 to v4.12.3
+- [Licenses Inventory] Improve requirements for Python modules in use ([#108](https://github.com/Orange-OpenSource/floss-toolbox/issues/108))
+- [Project] Plug Renovate, Gitleaks ([#112](https://github.com/Orange-OpenSource/floss-toolbox/issues/112))
+- [Project] Apply REUSE standards ([#114](https://github.com/Orange-OpenSource/floss-toolbox/issues/114))
+- [Project] Improve a bit CHANGELOG by leading scope keyword for each line
+
+### Security
+
+- [Licenses Inventory] Bump requests from v2.28.1 to v2.31.0 ([#3](https://github.com/Orange-OpenSource/floss-toolbox/security/dependabot/3))
+
+## [2.15.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.15.0..2.14.0) - 2024-03-12
+
+### Added
+
+- [Project] Generate THIRD-PARTY.md based on user inputs ([#119](https://github.com/Orange-OpenSource/floss-toolbox/issues/119))
+
+## [2.14.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.14.0..2.13.0) - 2024-03-01
 
 ### Added
 
-- Generate template-based text using variables ([#84](https://github.com/Orange-OpenSource/floss-toolbox/issues/84))
+- [Utils] Generate template-based text using variables ([#84](https://github.com/Orange-OpenSource/floss-toolbox/issues/84))
 
 ### Changed
 
-- Make CHANGELOG more compliant ([#103](https://github.com/Orange-OpenSource/floss-toolbox/issues/103))
+- [Project] Make CHANGELOG more compliant ([#103](https://github.com/Orange-OpenSource/floss-toolbox/issues/103))
 
-## [2.13.0] - 2023-07-19
+## [2.13.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.13.0..2.12.0) - 2023-07-19
 
 ### Added
 
-- Diver - Compute metrics with in parameter URL to clone repo ([#98](https://github.com/Orange-OpenSource/floss-toolbox/issues/98))
+- [Diver] Compute metrics with in parameter URL to clone repo ([#98](https://github.com/Orange-OpenSource/floss-toolbox/issues/98))
 
 ### Fixed
 
-- Project - Broken links in README ([#96](https://github.com/Orange-OpenSource/floss-toolbox/issues/96))
+- [Project] Broken links in README ([#96](https://github.com/Orange-OpenSource/floss-toolbox/issues/96))
 
-## [2.12.0] - 2023-07-18
+## [2.12.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.12.0..2.11.0) - 2023-07-18
 
 ### Added
 
-- Diver - Lines of codes and useful metrics ([#28](https://github.com/Orange-OpenSource/floss-toolbox/issues/28))
+- [Diver] Lines of codes and useful metrics ([#28](https://github.com/Orange-OpenSource/floss-toolbox/issues/28))
 
 ### Changed
 
-- Project - Add DCO ([#87](https://github.com/Orange-OpenSource/floss-toolbox/issues/87))
-- Project - Add security policy file ([#90](https://github.com/Orange-OpenSource/floss-toolbox/issues/90))
-- Project - Split README files  ([#85](https://github.com/Orange-OpenSource/floss-toolbox/issues/85))
-- Licenses Inventory - Move HTML test files to archives of release ([#86](https://github.com/Orange-OpenSource/floss-toolbox/issues/86))
-- GitHub - Add in dry-run Gemfiles ([#93](https://github.com/Orange-OpenSource/floss-toolbox/issues/93))
+- [Project] Add DCO ([#87](https://github.com/Orange-OpenSource/floss-toolbox/issues/87))
+- [Project] Add security policy file ([#90](https://github.com/Orange-OpenSource/floss-toolbox/issues/90))
+- [Project] Split README files  ([#85](https://github.com/Orange-OpenSource/floss-toolbox/issues/85))
+- [Licenses Inventory] Move HTML test files to archives of release ([#86](https://github.com/Orange-OpenSource/floss-toolbox/issues/86))
+- [GitHub] Add in dry-run Gemfiles ([#93](https://github.com/Orange-OpenSource/floss-toolbox/issues/93))
 
-## [2.11.0] - 2023-06-28
+## [2.11.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.11.0..2.10.1) - 2023-06-28
 
 ### Added
 
-- GitHub - Set teams permissions to read ([#82](https://github.com/Orange-OpenSource/floss-toolbox/issues/82))
+- [GitHub] Set teams permissions to read ([#82](https://github.com/Orange-OpenSource/floss-toolbox/issues/82))
 
-## [2.10.1] - 2023-05-31
+## [2.10.1](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.10.1..2.10.0) - 2023-05-31
 
 ### Fixed
 
-- Diver - Path variables not protected ([#80](https://github.com/Orange-OpenSource/floss-toolbox/issues/80))
+- [Diver] Path variables not protected ([#80](https://github.com/Orange-OpenSource/floss-toolbox/issues/80))
 
-## [2.10.0] - 2023-05-30
+## [2.10.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.10.0..2.9.0) - 2023-05-30
 
 ### Added
 
-- Licenses Inventory - New release ([#77](https://github.com/Orange-OpenSource/floss-toolbox/issues/77))
+- [Licenses Inventory] New release ([#77](https://github.com/Orange-OpenSource/floss-toolbox/issues/77))
 
-## [2.9.0] - 2023-03-31
+## [2.9.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.9.0..2.8.0) - 2023-03-31
 
 ### Added
 
-- Licenses Inventory - New release ([#64](https://github.com/Orange-OpenSource/floss-toolbox/issues/64))
+- [Licenses Inventory] New release ([#64](https://github.com/Orange-OpenSource/floss-toolbox/issues/64))
 
-## [2.8.0] - 2023-03-10
+## [2.8.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.8.0..2.7.1) - 2023-03-10
 
 ### Added
 
-- Project - Split dry run ([#68](https://github.com/Orange-OpenSource/floss-toolbox/issues/68))
+- [Project] Split dry run ([#68](https://github.com/Orange-OpenSource/floss-toolbox/issues/68))
 
 ### Changed
 
-- Project - Update copyright ([#70](https://github.com/Orange-OpenSource/floss-toolbox/issues/70))
-- Project - Improve README ([#69](https://github.com/Orange-OpenSource/floss-toolbox/issues/69))
+- [Project] Update copyright ([#70](https://github.com/Orange-OpenSource/floss-toolbox/issues/70))
+- [Project] Improve README ([#69](https://github.com/Orange-OpenSource/floss-toolbox/issues/69))
 
-## [2.7.1]
+## [2.7.1](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.7.1..2.7.0)
 
 ### Changed
 
 - Add missing files ([#63](https://github.com/Orange-OpenSource/floss-toolbox/issues/63))
 
-## [2.7.0] - 2023-01-18
+## [2.7.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.7.0..2.6.0) - 2023-01-18
 
 ### Added
 
 - Package manager - Extract from files downloaded dependencies ([#2](https://github.com/Orange-OpenSource/floss-toolbox/issues/2))
 
-## [2.6.0] - 2022-05-05
+## [2.6.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.6.0..2.5.0) - 2022-05-05
 
 ### Added
 
 - Look for leaks and vulnerabilities with exclusion of projects ([#57](https://github.com/Orange-OpenSource/floss-toolbox/issues/57))
 
-## [2.5.0] - 2022-03-09
+## [2.5.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.5.0..2.4.0) - 2022-03-09
 
 ### Added
 
@@ -111,38 +130,38 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Failure of git log if no commits ([#52](https://github.com/Orange-OpenSource/floss-toolbox/issues/52))
 
-## [2.4.0] - 2022-03-08
+## [2.4.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.4.0..2.3.0) - 2022-03-08
 
 ### Added
 
-- Look for leaks (GitHub) ([#44](https://github.com/Orange-OpenSource/floss-toolbox/issues/44))
+- [GitHub] Look for leaks ([#44](https://github.com/Orange-OpenSource/floss-toolbox/issues/44))
 - Dry run ([#29](https://github.com/Orange-OpenSource/floss-toolbox/issues/29))
 
 ### Changed
 
 - Check of vulnerabilities ([#37](https://github.com/Orange-OpenSource/floss-toolbox/issues/37))
 - Fix typo in doc and files ([#40](https://github.com/Orange-OpenSource/floss-toolbox/issues/40))
 
-## [2.3.0] - 2022-02-25
+## [2.3.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.3.0..2.2.0) - 2022-02-25
 
 ### Added
 
 - Find repositories with vulnerabilities (Dependabot) ([#20](https://github.com/Orange-OpenSource/floss-toolbox/issues/20))
 
-## [2.2.0] 2022-02-24
+## [2.2.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.2.0..2.1.0) 2022-02-24
 
 ### Added
 
 - Backup of repositories ([#19](https://github.com/Orange-OpenSource/floss-toolbox/issues/19))
 - Extract email addresses ([#27](https://github.com/Orange-OpenSource/floss-toolbox/issues/27))
 
-## [2.1.0] - 2021-10-06
+## [2.1.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.1.0..2.0.0) - 2021-10-06
 
 ### Added
 
 - List all contributors of a Git repository using Git history ([#13](https://github.com/Orange-OpenSource/floss-toolbox/issues/13))
 
-## [2.0.0] - 2021-06-05
+## [2.0.0](https://github.com/Orange-OpenSource/floss-toolbox/compare/2.0.0..1.0.0) - 2021-06-05
 
 ## Added
 

CITATION.cff

@@ -39,5 +39,5 @@ keywords:
   - audits
   - history
 license: Apache-2.0
-version: v2.15.0
-date-released: '2024-03-12'
+version: v2.16.0
+date-released: '2024-03-19'

toolbox/LicensesInventory/licenses/LICENSE-requests.txt → LICENSES/Apache-2.0.txt

@@ -173,3 +173,30 @@
       defend, and hold each Contributor harmless for any liability
       incurred by, or claims asserted against, such Contributor by reason
       of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

toolbox/github/licenses/LICENSE-Ruby-Git.txt → LICENSES/MIT.txt

@@ -1,6 +1,6 @@
-The MIT License
+MIT License
 
-Copyright (c) 2008 Scott Chacon
+Copyright (c) [year] [fullname]
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -9,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -19,14 +19,14 @@ _Python_ is also used.
 And a bit of _PHP_ because it is nice to use several languages we are not used to (stop the routine!).
 For these needs scripting is enough.
 
-# Environment
+## Environment
 
 You should have mainly the following environments bellow, but have a look on each folder README:
 - _Bash_ version **3.2.5**
 - _Ruby_ version **2.7.1**
 - _Python_ version **3.7**
 
-# Project tree
+## Project tree
 
 There are 5 folders containing scripts and programs to make your life a bit easier:
 
@@ -38,10 +38,31 @@ There are 5 folders containing scripts and programs to make your life a bit easi
 
 Feel free to read each README available in all of the subdirectories listed above.
 
-# Dry run
+## Dry run
 
 To be sure you have a ready-to-run project, you can run the following dry-run command which will check if runtimes, third party tools and files are available.
 
 ```shell
 bash dry-run.sh
-```
+```
+
+## About the repository
+
+### Renovate
+
+[Renovate](https://docs.renovatebot.com/) is used to as to try to keep updated dependencies of the project.
+A _renovate.json_ must be added at the project root with cofiguration details ; but **the organization admins must enable it** (through the [admin console](https://developer.mend.io/)).
+By default [Dependabot](https://docs.github.com/fr/code-security/supply-chain-security/understanding-your-software-supply-chain/about-supply-chain-security#what-is-dependabot) was enabled for this project but has been replaced by _Renovate_.
+
+### Gitleaks
+
+[Gitleaks](https://github.com/gitleaks/gitleaks) is used so as to look for secrets and leak of sensitive data.
+A _gitleaks.toml_ file has been placed at the project root, picked from the _Gitleaks_ repository, to define rules.
+A *gitleaks-action.yml* is also defined to define the GitHub Action to call and some secrets to use to do so.
+The *GITLEAKS_LICENSE* is defined in the organization level, **only the organization admins can make it visible to projects**.
+This key (dedicated to organization) has been asked to the *Gitleaks* team and received gratefully from them.
+
+### DCO
+
+The *Developer Certificate of Origin* is applied here thanks to a [Probot bot](https://probot.github.io/apps/dco/).
+On pull requests all commits must be signed off. This control is processed in an action.