|
1 | | -A Simple Python Project Skeleton |
| 1 | +purl-validator |
2 | 2 | ================================ |
3 | 3 |
|
4 | | -This repo attempts to standardize the structure of the Python-based project's |
5 | | -repositories using modern Python packaging and configuration techniques. |
6 | | -Using this `blog post`_ as inspiration, this repository serves as the base for |
7 | | -all new Python projects and is mergeable in existing repositories as well. |
8 | | - |
9 | | -.. _blog post: https://blog.jaraco.com/a-project-skeleton-for-python-projects/ |
10 | | - |
11 | | - |
12 | | -Usage |
13 | | -===== |
14 | | - |
15 | | -A brand new project |
16 | | -------------------- |
17 | | - |
18 | | -.. code-block:: bash |
19 | | -
|
20 | | - git init my-new-repo |
21 | | - cd my-new-repo |
22 | | - git pull [email protected]:nexB/skeleton |
23 | | -
|
24 | | - # Create the new repo on GitHub, then update your remote |
25 | | - git remote set-url origin [email protected]:nexB/your-new-repo.git |
26 | | -
|
27 | | -From here, you can make the appropriate changes to the files for your specific project. |
28 | | - |
29 | | -Update an existing project |
30 | | ---------------------------- |
31 | | - |
32 | | -.. code-block:: bash |
33 | | -
|
34 | | - cd my-existing-project |
35 | | - git remote add skeleton [email protected]:nexB/skeleton |
36 | | - git fetch skeleton |
37 | | - git merge skeleton/main --allow-unrelated-histories |
38 | | -
|
39 | | -This is also the workflow to use when updating the skeleton files in any given repository. |
40 | | - |
41 | | -More usage instructions can be found in ``docs/skeleton-usage.rst``. |
42 | | - |
43 | | - |
44 | | -Release Notes |
45 | | -============= |
46 | | - |
47 | | -- 2025-03-31: |
48 | | - |
49 | | - - Use ruff as the main code formatting tool, add ruff rules to pyproject.toml |
50 | | - |
51 | | -- 2025-03-29: |
52 | | - |
53 | | - - Add support for beta macOS-15 |
54 | | - - Add support for beta windows-2025 |
55 | | - |
56 | | -- 2025-02-14: |
57 | | - |
58 | | - - Drop support for Python 3.8, add support in CI for Python 3.13, use Python 3.12 as default |
59 | | - version. |
60 | | - |
61 | | -- 2025-01-17: |
62 | | - |
63 | | - - Drop support for macOS-12, add support for macOS-14 |
64 | | - - Add support in CI for ubuntu-24.04 |
65 | | - - Add support in CI for Python 3.12 |
66 | | - |
67 | | -- 2024-08-20: |
68 | | - |
69 | | - - Update references of ownership from nexB to aboutcode-org |
70 | | - |
71 | | -- 2024-07-01: |
72 | | - |
73 | | - - Drop support for Python 3.8 |
74 | | - - Drop support for macOS-11, add support for macOS-14 |
75 | | - |
76 | | -- 2024-02-19: |
77 | | - |
78 | | - - Replace support in CI of default ubuntu-20.04 by ubuntu-22.04 |
79 | | - |
80 | | -- 2023-10-18: |
81 | | - |
82 | | - - Add dark mode support in documentation |
83 | | - |
84 | | -- 2023-07-18: |
85 | | - |
86 | | - - Add macOS-13 job in azure-pipelines.yml |
87 | | - |
88 | | -- 2022-03-04: |
89 | | - |
90 | | - - Synchronize configure and configure.bat scripts for sanity |
91 | | - - Update CI operating system support with latest Azure OS images |
92 | | - - Streamline utility scripts in etc/scripts/ to create, fetch and manage third-party |
93 | | - dependencies. There are now fewer scripts. See etc/scripts/README.rst for details |
94 | | - |
95 | | -- 2021-09-03: |
96 | | - - ``configure`` now requires pinned dependencies via the use of ``requirements.txt`` |
97 | | - and ``requirements-dev.txt`` |
98 | | - - ``configure`` can now accept multiple options at once |
99 | | - - Add utility scripts from scancode-toolkit/etc/release/ for use in generating project files |
100 | | - - Rename virtual environment directory from ``tmp`` to ``venv`` |
101 | | - - Update README.rst with instructions for generating ``requirements.txt`` |
102 | | - and ``requirements-dev.txt``, as well as collecting dependencies as wheels and generating |
103 | | - ABOUT files for them. |
104 | | - |
105 | | -- 2021-05-11: |
106 | | - - Adopt new configure scripts from ScanCode TK that allows correct configuration of which |
107 | | - Python version is used. |
| 4 | +PURLs are everywhere in SBOMs. But with adoption comes widespread errors. |
| 5 | +A recent study on the quality of SBOMs revealed that for many proprietary and |
| 6 | +open source tools, PURLs in SBOMs are inconsistent, fake, incorrect, or |
| 7 | +misleading. This is a serious problem to any application of SBOMs for |
| 8 | +cybersecurity and application security, as well as related compliance |
| 9 | +regulations. This project is to create a PURL validator that's decentralized |
| 10 | +such that libraries can use it offline and help them create better PURLs. |
| 11 | + |
| 12 | +Building this compact dataset is new territory. There is research |
| 13 | +and exploration necessary for creating a super compact data structure |
| 14 | +that is also easy and fast to query across multiple languages. The data |
| 15 | +structure will also need memory-mapping to avoid running out of memory. |
0 commit comments