Google Summer of Code 2022 announces approved AboutCode projects

Congratulations to the open source contributors approved to work on AboutCode projects during the Google Sumer of Code (GSoC) 2022! The whole AboutCode community is excited to work with you.

We received many project proposals from aspiring open source contributors and it was difficult for the mentor’s team to select only a few for GSoC 2022. A big thank you to everyone who did submit a project proposal - we hope to work together on our AboutCode FOSS projects now or during future GSoCs and other open source initiatives.

Here are the approved AboutCode projects:

VulnerableCode: Add more data sources and mine the graph to find correlations between vulnerabilities (Ziad Hany)

There are a large number of pending requests to include new vulnerabilities data sources in VulnerableCode. This project’s goal is to search for more data sources for vulnerabilities and consume them. Other improvements include adding on OSV importer (with more support for data sources like ODD-Fuzz), support for CWE, and Fireeye disclosures, and collecting a UVI database and CMU CERT and other data source improvements.

Scancode: Workbench improvements (Omkar Phansopkar)

This project involves several improvements to the ScanCode workbench. First is to update all packages to the latest working (stable) versions. Next is to refactor the workbench to a React + Typescript implementation to improve the developer experience, and improve various sections of the application including Table view, and data sync across sections. Create a Web Application to scan and review a single license text (Lali Akhil Raj)

The aim of this project is to create a Django-based web application to scan and review a single license text in the application will be designed around a Django_REST-framework, and it will be integrated with ScanCode-Analyzer to automatically find potential issues. It will also allow the integrated reporting of license detection issues in the app based on the results.

ScanCode Toolkit: Extending license detection to use licenses external (Kevin Ji)

When doing license detection, ScanCode uses the license and rules in the ScanCode LicenseDB. The goal of this project is to extend the capabilities of ScanCode license detection to include licenses that are external to the built-in LicenseDB, such as proprietary or private licenses or any other license not yet included in the LicenseDB. The two main components to add this capability to ScanCode Toolkit are adding a new command line option and creating index caches for these external licenses.

VulnTotal: Cross-validate vulnerability coverage of VulnerableCode (Keshav Priyadarshi)

VulnerableCode is a unique project that collates and cross-references FOSS vulnerability data from multiple sources. Inspired by the VirusTotal multi-scanner virus scanning service, the VulnTotal project will cross-validate the vulnerability coverage of VulnerableCode against other publicly available vulnerability check tools and databases. For instance, a package may be reported as vulnerable by one tool or database but not by another. We can gradually work with these tool providers to keep each other apprised about newly discovered vulnerabilities, making FOSS more secure.

For more information on AboutCode’s work as a mentoring organization for GSoC 2022, visit our GitHub Wiki. For any questions about AboutCode and our projects, join us on the AboutCode Gitter Chat.