tern
spdx-spec
Our great sponsors
tern | spdx-spec | |
---|---|---|
1 | 4 | |
932 | 268 | |
0.5% | 5.2% | |
3.2 | 4.7 | |
about 2 months ago | 3 days ago | |
Python | Python | |
BSD 2-clause "Simplified" License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tern
-
Learn by reading code: Python standard library design decisions explained
A project you may want to look into adding is Tern [0]. I've had a good time reading through the code over the past couple of weeks, and have found it to be at least not "bad" code, and pretty easy to understand.
Specifically how they are untarring each container layer and creating a chroot jail to run commands inside is fairly self-contained and interesting.
[0] https://github.com/tern-tools/tern
spdx-spec
-
What is SBOM
Software package data exchange - SPDX - open source, prepared as machine-readable format, originated in Linux and curated by Linux Foundation
-
How-to choose a FOSS license and implement it
Normative info is on https://spdx.github.io/spdx-spec/ HTH, William
-
SPDX Becomes Internationally Recognized Standard for Software Bill of Materials - Linux Foundation
Although I have to say charging 200CHF for a document licensed under the Creative Commons is ballsy.
What are some alternatives?
ort - A suite of tools to automate software compliance checks.
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
awesome-security-GRC - Curated list of resources for security Governance, Risk Management, Compliance and Audit professionals and enthusiasts (if they exist).
PNG-spec - Maintenance of the PNG specification
cdxgen - Creates CycloneDX Software Bill of Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Slack: https://cyclonedx.slack.com/archives/C04NFFE1962
beacon-APIs - Collection of RESTful APIs provided by Ethereum Beacon nodes
goodcode - A curated collection of annotated code examples from prominent open-source projects
activitystreams - Activity Streams 2.0
import-linter - Import Linter allows you to define and enforce rules for the internal and external imports within your Python project.
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
Licenses Library - Lightweight Android library which provides most common licenses in formatted and plain text