Codescoop is a team of about 30 people, all with a strong connection to the promotion and use of open source. Part of the team has been working with tool makers over the past 12+ years to establish and standardize open source scanners in development organizations while the others contributed significantly to existing open source projects, including Nokia's MeeGo project.
Together, Codescoop understands that
● The benefits of open source can be best harnessed with the widest possible awareness
● The supply of ever new projects and components can no longer be mastered without systems and processes that help. This applies to the overview and analysis as well as the volatility and vitality within the projects
● There is a need to be able to judge open source components as part of their own software projects from the outset across all dimensions (not only limited to license compliance and security).
● Proactive access to information across all aspects of open source projects is required to always stay up to date as key issues change
This has resulted in a Codescoop project that
● Collects and consolidates data about open source offerings from different sources
● Establishes correlations between data from (very) different sources to develop new insights and make them available and actionable
● Leverages methods of machine learning and other methods of artificial intelligence tools to develop forecasts and make suggestions for action
● Is focused on users - where developers, architects, and others involved in creating complex software have access to both the data and analysis capabilities to better evaluate their own software
As a subproject, a platform will be created that will consolidate existing software composition analysis (SCA) tools under a common open source project. Codescoop leads and orchestrates the contributors and developers to create a platform that meets the needs of small, medium and very large development teams while pursuing a developer-centric approach. This project focuses on giving the developer a 360-degree viewpoint because the decision for the best available open source components is made as early in the lifecycle which avoids later (and therefore expensive) component structure changes and decisions. To accomplish this, a real-time approach is taken to give developers and architects information for consideration that may imply or suggest the use of a specific component. This extends to aspects such as
● Maintainability
● Available support
● Safety & Security Classification
● Suitability in connection with user’s own guidelines (policies)
● License restrictions
● Ranking of developers
The recommendations are not limited to offers of the open source community, but also include offers of their own development. This promotes reuse and self-developed software. Own developers slip into the role of community members, their own projects in the role of open source projects (under self-defined or common licenses)
Access to this information information occurs where it best suits, including:
● development environment (IDE)
● CI / CD
● Project Dashboards
● Dedicated applications
● Direct access via API / SDK