A library for AboutCode PURL-based federated identifiers
Project description
aboutcode.federated
This is a library of utilities to compute ids and file paths for AboutCode federated data based on Package URL
Federated data utilities goal is to handle content-defined and hash-addressable Package data keyed by PURL stored in many Git repositories. This approach to federate decentralized data is called FederatedCode.
Overview
The main design elements for these utilities are:
1. Data Federation: A Data Federation is a database, representing a consistent, non-overlapping set of data kind clusters (like scans, vulnerabilities or SBOMs) across many package ecosystems, aka. PURL types. A Federation is similar to a traditional database.
2. Data Cluster: A Data Federation contains Data Clusters, where a Data Cluster purpose is to store the data of a single kind (like scans) across multiple PURL types. The cluster name is the data kind name and is used as the prefix for repository names. A Data Cluster is akin to a table in a traditional database.
3. Data Repository: A DataCluster contains of one or more Git Data Repository, each storing datafiles of the cluster data kind and a one PURL type, spreading the datafiles in multiple Data Directories. The name is data-kind +PURL- type+hashid. A Repository is similar to a shard or tablespace in a traditionale database.
4. Data Directory: In a Repository, a Data Directory contains the datafiles for PURLs. The directory name PURL-type+hashid
5. Data File: This is a Data File of the DataCluster’s Data Kind that is stored in subdirectories structured after the PURL components:
namespace/name/version/qualifiers/subpath:
Either at the level of a PURL name: namespace/name,
Or at the PURL version level namespace/name/version,
Or at the PURL qualifiers+PURL subpath level.
A Data File can be for instance a JSON scan results file, or a list of PURLs in YAML.
For example, a list of PURLs as a Data Kind would stored at the name subdirectory level:
gem-0107/gem/random_password_generator/purls.yml
Or a ScanCode scan as a Data Kind at the version subdirectory level:
gem-0107/npm/file/3.24.3/scancode.yml
License
Copyright (c) AboutCode and others. All rights reserved.
SPDX-License-Identifier: Apache-2.0
See https://github.com/aboutcode-org/vulnerablecode for support or download.
See https://aboutcode.org for more information about AboutCode OSS projects.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aboutcode_federated-0.1.0.tar.gz.
File metadata
- Download URL: aboutcode_federated-0.1.0.tar.gz
- Upload date:
- Size: 20.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd58fbd77d4f8c24536822c0d969a0af7f44da59a7fa3cf3b9baa3943e4c1392
|
|
| MD5 |
6b09f5d54aa108dd202cf8a062ad487d
|
|
| BLAKE2b-256 |
ced8e46773bbb8df82b09863fe8204504d2f0094f2cec36449b7ce1a8c76e4e3
|
File details
Details for the file aboutcode_federated-0.1.0-py3-none-any.whl.
File metadata
- Download URL: aboutcode_federated-0.1.0-py3-none-any.whl
- Upload date:
- Size: 23.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
25068ae0cefbc2cf80fab35bf97d4e9b89d9b297f2dc016cd98f013f9ada9a4c
|
|
| MD5 |
08529322968bf12220bb0236ddc2f4e0
|
|
| BLAKE2b-256 |
7e9b04924ad8dd97c375ba84a00fbf17822e61380a3518a15c8f436f4ca034d6
|
