federatedcode 0.1.0

Share software metadata and vulnerabilities in a federated manner over ActivityPub and git

FederatedCode is a decentralized, federated metadata system for open source software code and security information.

Quick Installation

Run with Docker

Clone FederatedCode:

git clone https://github.com/aboutcode-org/federatedcode.git
cd federatedcode

Build and run:

docker compose build
docker compose up

Local development installation

On a Debian system, use this:

sudo apt-get install python3-venv python3-dev postgresql libpq-dev build-essential
git clone https://github.com/aboutcode-org/federatedcode.git
cd federatedcode
make dev envfile postgresdb
make test
source venv/bin/activate
make run

Note that we support Python 3.10 and up only.

Configuration

The configuration of FederatedCode depends on environment variables:

• FEDERATEDCODE_WORKSPACE_LOCATION: Directory location of the workspace where we store local Git repos and content. Default to var/ in current directory in development

• These are generated id and secrets stored in a .env file when running make envfile - SECRET_KEY: Django’s secret key - FEDERATEDCODE_CLIENT_ID: Client UUID - FEDERATEDCODE_CLIENT_SECRET: Own secret key

Acknowledgements, Funding, Support and Sponsoring

This project is funded, supported and sponsored by:

• Generous support and contributions from users like you!

• the European Commission NGI programme

• the NLnet Foundation

• the Swiss State Secretariat for Education, Research and Innovation (SERI)

• Google, including the Google Summer of Code and the Google Seasons of Doc programmes

• Mercedes-Benz Group

• Microsoft and Microsoft Azure

• AboutCode ASBL

• nexB Inc.

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

https://nlnet.nl/project/VulnerableCode/

This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.

https://nlnet.nl/project/vulnerabilitydatabase/

This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.

https://nlnet.nl/project/VulnerableCode-enhancements/

This project is funded through the NGI0 Entrust Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101069594.

https://nlnet.nl/project/FederatedSoftwareMetadata/

This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).

https://nlnet.nl/project/FederatedCodeNext/