-
Notifications
You must be signed in to change notification settings - Fork 399
Google Summer of Code Proposals 2024
Welcome to the main page for all GSoC-2024 related information.
We from the fossology project would like to apply for GSoC-2024. Please see two main resources for finding out more FOSSology in general:
Meetings: Checkout the Meetings table
If you are interested in an application - great! We encourage your application. So the question is how to get started with the topic, just a few points:
- Check https://www.fossology.org and these Github pages https://github.com/fossology/fossology/wiki
- Maybe check some initial intro at https://github.com/fossology/fossology/wiki/New-at-FOSSology%2C-You-Could-...
- Try to install fossology, either using vagrant or docker
Check out our YouTube video for installation from source: https://youtu.be/q12KwmPYZG4 (Outdated)
- Read the proposed topics
- Use the mailing list fossology-devel@fossology.org or contact proposed mentors for further steps
- Slack invite link
- GitHub discussion
- If you are interested in trying to make contributions, see out issues with the label good first issue. Maybe you could sort out the workflow and make a first pull request.
In 2020, we were awarded seven slots, please see here what was the result of it:
- Ayush and Kaushlendra's work on the Atarashi license scanner and Nirjas
- Darshan's work on Dashboard: https://github.com/darshank15/GSoC_2020_FOSSOlogy/wiki
Also - very much fun - There are some YouTube videos created:
- Ayush made a YouTube video / interview style of his experience: https://youtu.be/C8f_etew-yc
- Hypnos invited Darshan for an interview: https://youtu.be/_KbQ83JK7Q0
In 2021, the GSoC program awarded the fossology project with 7 slots. It was a lot bigger and a lot of fun for 2021, a dedicated page has been set up. Please see the GSoC works here.
From this page you can also get an idea about the work being carried out: check the weekly reporting, for example for the UI project.
You can check out our GSoC 2022 projects with 8 slots. The dedicated page can be found here.
You can check out our GSoC 2023 projects with 5 slots. The dedicated page can be found here
Interested in becoming a mentor? Please reach out to us!
- Anupam Ghosh
- Avinal Kumar
- Ayush Bhardwaj
- Gaurav Mishra
- Kaushlendra Pratap
- Shaheem Azmal M MD
- Vivek Kumar
- Katharina Ettinger
- Sahil Jha
Please reach out to us to add more proposals for GSoC-2024.
Currently, discussion happening on https://github.com/fossology/fossology/discussions/2663
- Improving FOSSology CI scanner image
- SPDX license expression support
- Overhauling scheduler design
- Debian packaging for Debian repository
- REST API improvements
- New Artificial Intelligence based copyright and license scanner agent
- Support SPDX 3.0 reports
- Support text phrases and bulk phrases scanning for MONK agent
Goal:: Enhancing current scanner image with new reports and features As a fun project, FOSSology started combining scanners in a simple and small Docker image which can be run on CI providers. The image is currently capable of understanding build environment (GitLab/GitHub Actions/Travis) and use their API's to fetch diff of a branch or scan the complete repo. The capabilities of image include license scanning with Nomos and ojo scanners, copyright and keyword scanning with respective scanners. The image makes use of a Python script to perform all the tasks.
- The integration with GitHub Actions can be improved by reporting line number where a license violation is found.
- Allowing user to provide a different list of Keywords for scanning (currently stored at
/usr/local/share/fossology/keyword/agent/keyword.conf). - Improving on whitelist format with feature to provide it from other sources, currently it is read from a file which is expected to be in the root of repo being scanned.
- Ability to download a dependency for scan (path provided at pipeline trigger).
Additionally, the JSON output of nomos needs to be enhanced providing highlight and line information in the output.
| Category | Rating |
|---|---|
| Low Hanging Fruit | - |
| Risk/Exploratory | ** |
| Fun/Periphial | *** |
| Core Development | ** |
| Project Infrastructure | *** |
| Project size | Large |
| Preferred contributor | Student/Professional |
| Skills needed | Docker, Python |
Goal: Support SPDX license expression detection and reporting
- Support SPDX license expressions in FOSSology such as
MIT AND (GPL-2.0-only OR BSD-2-Clause). - Differentiate SPDX licenses with exceptions. FOSSology currently stores license exceptions as licenses.
- Scanning SPDX Expressions with ojo as step 1.
- UI components to create and see license expressions in file clearing page.
- Updating reports to export the expressions correctly.
| Category | Rating |
|---|---|
| Low Hanging Fruit | - |
| Risk/Exploratory | ** |
| Fun/Periphial | *** |
| Core Development | *** |
| Project Infrastructure | *** |
| Project size | Large |
| Preferred contributor | - |
| Skills needed | PHP, C/C++ |
Goal: Improving FOSSology scheduler or replacing with OTS solution The existing scheduler design is causing new issues which need to be addressed. Moreover, existing scheduler design is not touched in years.
Concerning points
- The scheduler is written in C which makes it next to impossible to find cause of a failure.
- The C language does not support exception handling out of the box. It makes code less readable and prone to errors.
- The linear queue design causes issue when there should be only one instance of an agent running for an upload, but overall the agent is not mutually exclusive.
For example, if the monkbulk has a limit set to 1, it should be implied for only single upload. But with linear queue, this monkbulk job will block all other agents from executing even when they are not effected by the results of monkbulk. This essentially makes the agent mutually exclusive even though, there is a special flag EXCLUSIVE for the very same purpose: https://github.com/fossology/fossology/wiki/Job-Scheduler#agentconfs
- One idea on redesigning the queue, it can be broken into buckets per upload each maintaining its own priority queue. There can be another queue for global operations like maintenance, delagent, etc.
- Doing so, each bucket can be traversed in round-robin and pick first pending job and check against host limit. This will eliminate the scenario mentioned in point 3. Also, exclusive agents can be sent to global queue.
upload specific queue |-<upload_2> -> nomos, copyright, ojo, keyword |-<upload_3> -> monkbulk, decider, monkbulk, decider |-<upload_4> -> reuser, decider global queue -> delagent,
- Since the FOSSology is released, there can be number of new scheduling libraries being released which needs to be explored. They can be a nice addition to the project.
| Category | Rating |
|---|---|
| Low Hanging Fruit | - |
| Risk/Exploratory | ** |
| Fun/Periphial | *** |
| Core Development | *** |
| Project Infrastructure | * |
| Project size | Large |
| Preferred contributor | Professional |
| Skills needed | C/C++, Go, any fast language |
Goal: Improve Debian packaging and make it acceptable for APT
The existing effort to put FOSSology under Debian packaging list needs to be taken forward. A repository under Debian Salsa was setup initially but not maintained any more: https://salsa.debian.org/fossology-team/fossology It is configured to use gbp.
Blockers
- The Debian building mechanism does not allow installation from sources other than apt. The Composer packages need to be packed as Debian packages and shipped with FOSSology.
- Packaging and shipping other tools needs to satisfy their licensing terms.
- The versions of packages in APT and actual versions used are different.
- APT also provides JS libraries like JQuery and DataTables but RHL does not.
See also
- https://github.com/fossology/fossology/pull/2075
- https://wiki.debian.org/PackagingWithGit
- https://wiki.debian.org/SimplePackagingTutorial
- https://wiki.debian.org/Diagrams
- https://wiki.debian.org/PHP
- https://peertube.debian.social/videos/watch/0fb2dbc4-f43d-477e-8b14-20c426f970de
| Category | Rating |
|---|---|
| Low Hanging Fruit | * |
| Risk/Exploratory | ** |
| Fun/Periphial | *** |
| Core Development | * |
| Project Infrastructure | *** |
| Project size | Small |
| Preferred contributor | Student/Professional |
| Skills needed | Debian, APT, CMake |
Goal: Completing REST API implementation and migrate to v2
- Writing test cases for all the existing and new functionalities.
- Improve REST API and expose more endpoints
| Category | Rating |
|---|---|
| Low Hanging Fruit | ** |
| Risk/Exploratory | * |
| Fun/Periphial | ** |
| Core Development | *** |
| Project Infrastructure | ** |
| Project size | Large |
| Preferred contributor | Student/Professional |
| Skills needed | PHP, Slim framework |
Goal: Integrate new AI capabilities to improve the scanners
A quick ChatGPT 3.5 test shows it's pretty good at spotting the correct licenses and expressing them as SPDX expressions.
One idea would be integrate a similar technology into an Fossology agent - however not by relying on external proprietary services but by building a dedicated LLM model based on existing open source solutions.
| Category | Rating |
|---|---|
| Low Hanging Fruit | - |
| Risk/Exploratory | *** |
| Fun/Peripheral | *** |
| Core Development | * |
| Project Infrastructure | * |
| Project size | Large |
| Preferred contributor | Student/Professional |
Goal: Support reading and generating SPDX 3.0 reports
- Support generation of SPDX 3.0 reports in different formats.
- Start with Core, Software and Licensing profiles. Increase if needed.
- Support generation of SPDX reports in JSON format.
- Support ingestion of SPDX 3.0 reports
Refs:
- https://github.com/spdx/spdx-3-model/
- https://github.com/fossology/fossology/tree/master/src/spdx2
- https://github.com/fossology/fossology/tree/master/src/reportImport
| Category | Rating |
|---|---|
| Low Hanging Fruit | ** |
| Risk/Exploratory | ** |
| Fun/Periphial | * |
| Core Development | ** |
| Project Infrastructure | * |
| Project size | Large |
| Preferred contributor | Student/Professional |
| Skills needed | PHP, Twig |
Goal: Adding text phrases from UI to database and provide ability to scan them using MONK.
FLOW : Create a UI Where user can add multiple text phrases associated with license. Also user should have a option to choose bulk license text based on users or whole.
Should enable MONK or new Monk like agent to scan from phrases table. also enabling options to add license text acknowledgement and comments from UI.
Test cases needs to be provided as well.
| Category | Rating |
|---|---|
| Low Hanging Fruit | ** |
| Risk/Exploratory | * |
| Fun/Peripheral | ** |
| Core Development | * |
| Project Infrastructure | ** |
| Project size | Large |
| Preferred contributor | Student/professional |
To coordinate work, we have had regular meetings for the different topics open for the community.
| Topic(s) | Timings | Meeting link | ICS |
|---|---|---|---|
| General Meeting | TBD | TBD | |
| - | - | - | - |
| Project 1 | TBD | TBD |
- Nomos
- Monk
- MonkBulk
- ReSo-(REUSE.Software)
- Reuse clearing with reuser
- ScanCode agent
- Copyright
- ECC
- Package Agent
- Maintenance Agent
- Mimetype Agent
- Buckets
- Spasht Agent
- Email notification configuration
- Migration to UTF 8 DB
- External authentication configuration
- OpenID Connect authentication configuration
- Access Control