Roadmap

Legend

✅	completed	🕥	In progress	⬜	Planned, not started

Next release

license detection

• ✅ approximate license detection
• ✅ unknown license detection

additional clue detection

• ✅ URLs, emails, authors

UI

• ✅ improved scans GUI now its own project: https://github.com/nexB/aboutcode-manager
• ✅ License summary
• ✅ Copyright summary
• ⬜ built-in help

Other

• Data exchange ✅ conversion of scan results to CSV: https://github.com/nexB/scancode-toolkit/blob/bfb8e0037ffa983913f0739cc8fcdb2521e58077/etc/scripts/json2csv.py
• ✅ improved error handling, verbose and diagnostic output

speed! and controlled resources usage

• ✅ accelerate license detection indexing and scanning; include caching
• ✅ scan using multiple processes to speed up overall scan
• ✅ cache per-file scan to disk and stream final results

---

Other work in progress

UI

• ✅ Enhanced scan results navigation: Spawned as its own project: https://github.com/nexB/aboutcode-manager
• 🕥 ScanCode server

packaged code metadata details scans

• 🕥 Java Maven POM : parsing complete
• 🕥 RPMs : parsing complete
• 🕥 Docker images : parsing complete
• ✅ npm : parsing complete
• 🕥 RubyGems : parsing complete
• 🕥 Windows Nuget, PE : parsing complete

license detection

• ⬜ support and detect license expressions

additional file information

• 🕥 File classification. For now, flags are returned with each file.

---

Beyond

Scan summarization

• ⬜ summarize and aggregate data

packaged code metadata details scans

• 🕥 Python
• 🕥 CRAN
• 🕥 Debian
• ⬜ Plain packages

license detection

• 🕥 sync with external sources (DejaCode, SPDX, etc.)
• ⬜ web ui for easier license rules contribution

copyrights

• ⬜ improved detected lines range
• ⬜ streamline grammar
• ⬜ normalized holders and authors for summarization

documentation

• ⬜ integration in a build/CI loop
• ⬜ end to end guide to analyze a codebase
• ⬜ hacking guides

CI integration

• ⬜ Plugins for CI (Jenkins, etc)
• ⬜ Integration for CI (Travis, Appveyor, Drone, etc)
• 🕥 Integration / webhooks for Github, Bitbucket

Package mining and matching

• 🕥 exact matching
• 🕥 attribute-based matching
• 🕥 fuzzy matching
• ⬜ peer-reviewed meta packages repo
• ⬜ basic mining of package repositories
• ⬜ NVD and CVE lookups

Misc

• ⬜ Crypto code detection

Data exchange

• 🕥 native support for ABC Data
• ⬜ SPDX data conversion #338

core features

• ⬜ transparent archive extraction (as opposed to on-demand with extractcode)
• ⬜ support scan pipelines to organize more complex scans
• 🕥 .scancode configuration file for exclusions, defaults, scan failure conditions, etc.
• 🕥 scan baselining, delta scan and failure conditions (such as license change, etc)
• 🕥 dedupe and similarities to avoid re-scanning. For now identical files are scanned only once.
• ⬜ logging

packaging

• ⬜ simpler installation, automated installer

packaged code and dependencies support

• 🕥 Java Maven POM.XML files, Ivy, Graddle, etc.
• 🕥 RPMs
• 🕥 debs
• 🕥 Windows Nuget, PE
• 🕥 Gems
• ⬜ Perl, CPAN
• 🕥 npm and other JavaScript (jspm, bower, etc.)
• 🕥 Python
• 🕥 Go : parsing complete for Godep
• 🕥 Docker images
• ⬜ PHP
• ⬜ AttributeCode and ABC Data
• ⬜ other Linux distro packages

source code support

• 🕥 symbols : parsing complete
• 🕥 metrics
• ⬜ classification

compiled code support

• 🕥 ELFs : parsing complete
• 🕥 Java byte code : parsing complete
• 🕥 Windows PE : parsing complete
• 🕥 Mach-O : parsing complete
• ⬜ Dalvik/dex

---

Completed features

• ✅ exact license detection
• ✅ copyright detection
• ✅ archive extraction with extractcode
• ✅ simple command line with outputs in:
• ✅ JSON
• ✅ plain HTML tables, also usable in a spreadsheet
• ✅ fancy HTML 'app' with a file tree navigation, and scan results filtering, search and sorting
• ✅ provide basic file information in results (size, type, etc.)
• ✅ common model for packages data
• ✅ basic support for common packages format
• ✅ scan summaries
• ✅ improved scans GUI now as its own project: https://github.com/nexB/aboutcode-manager