Update README.md

AyanSinhaMahapatra · AyanSinhaMahapatra · commit 8cace2c8e7e0 · 2023-02-22T03:04:25.000+05:30
* clarify early this is a umbrella repo, to see projects section for links to the repositories
* update content
* update new projects

Signed-off-by: Ayan Sinha Mahapatra &lt;ayansmahapatra@gmail.com&gt;
diff --git a/README.md b/README.md
@@ -2,13 +2,25 @@
 
 ### What is AboutCode?
 
-AboutCode is a suite of tools to uncover data ... about software:
+AboutCode is a family of FOSS projects to uncover data ... about software:
 
- - Where does it come from?
- - What is its license?
- - Is it secure, maintained, well coded?
+- where does the code come from? which software package?
+- what is its license? copyright?
+- is the code vulnerable, maintained, well coded?
+- what are its dependencies, are there vulneribilities/licensing issues?
 
-These are important questions when there are millions of free and open source software components and packages available on the web.
+All these are questions that are important to answer: there are millions
+of free and open source software components available on the web for reuse.
+
+Knowing where a software package comes from, what its license is and whether it is
+vulnerable should be a problem of the past such that everyone can safely consume
+more free and open source software. We support not only open source software, but
+also open data, generated and curated by our applications.
+
+> **_NOTE:_** This is a repository with information on aboutcode open source activities and not
+  the actual code repository. See the [projects section](https://github.com/nexB/aboutcode#projects)
+  below for links to all the code repositories of our projects with a brief overview and our
+  [wiki](https://github.com/nexB/aboutcode/wiki) if you are looking to participate.
 
 ### Documentation Build Status
 
@@ -20,15 +32,9 @@ Our homepage is at http://aboutcode.org
 
 Our documentation (in progress) is at https://aboutcode.readthedocs.io/en/latest/ 
 
-AboutCode Documentation Group Email Addresses:
-
-- Join: https://groups.io/g/AboutCode/join
-- Post: AboutCode@groups.io
-- Subscribe: AboutCode+subscribe@groups.io
-- Unsubscribe: AboutCode+unsubscribe@groups.io
-- Group Owner: AboutCode+owner@groups.io
-
-If you want to get in touch with the team with issues other than documentation, head to the gitter channel [here](https://gitter.im/aboutcode-org/discuss).
+Join the chat online at [app.gitter.im : aboutcode-org#discuss](https://app.gitter.im/#/room/#aboutcode-org_discuss:gitter.im)
+or if you're using the element app set the homeserver to `gitter.im` and then join the [aboutcode-org#discuss](https://matrix.to/#/#aboutcode-org_discuss:gitter.im)
+chatroom. Introduce yourself and start the discussion!
 
 Look at our [wiki](https://github.com/nexB/aboutcode/wiki) for information about our participation
 in the GSoC and GSoD programs.
@@ -39,35 +45,77 @@ We have a weekly meeting, see more details [here](https://github.com/nexB/aboutc
 
 Each AboutCode project has its own repository:
 
-- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series of scan-related tools in one process flow. This is the most popular project and is used by 100's of software teams . The lead maintainer is @pombredanne
+- **[ScanCode Toolkit](https://github.com/nexB/scancode-toolkit)**: a set of code scanning tools to detect
+  the origin and license of code and dependencies. ScanCode now uses a plug-in architecture to run a series
+  of scan-related tools in one process flow. This is the most popular project and is used by 100's of software
+  teams . The lead maintainer is @pombredanne
+
+- **[Scancode.io](https://github.com/nexB/scancode.io)**: is a web-based and API to run and review scans in
+  rich scripted pipelines, on different kinds of containers, docker images, package archives, manifests etc,
+  to get information on licenses, copyrights, source, vulneribilities. The lead maintainer is @tdruez
 
-- **[Scancode.io](https://github.com/nexB/scancode.io)**: a web-based and
-API to run and review scans in rich scripted ScanPipe pipelines.
+- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: is a web-based API and 
+  database to collect and track all the known software package vulnerabilities, with
+  affected and fixed packages, references and a standalone tool Vulntotal to compare
+  this vulneribility information across similar tools. This is maintained by @tg1999 and @pombredanne
 
-- **[VulnerableCode](https://github.com/nexB/vulnerablecode)**: an emerging server-side application to collect and track known package vulnerabilities.
+- **[univers](https://github.com/nexB/univers)** is a package to parse and compare
+  all the package versions and all the ranges.
 
-- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application (based on Electron) to review the results of a scan and document your conclusions about the origin and license of software components and packages. 
+- **[purlDB](https://github.com/nexB/purldb)** consists of tools to create and expose
+  a database of purls (Package URLs) and also has package data for all of these
+  packages created from scans. This is maintained by @jyang
 
-- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document the provenance of your code and generate attribution notices.  AboutCode Toolkit uses small yaml files to document code provenance inside a codebase. The lead maintainer is @chinyeungli
+- **[FetchCode](https://github.com/nexB/fetchcode)** is a library
+  to reliably fetch any code via HTTP, FTP and version control systems such as git.
 
-- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your deployment or distribution packages back to their origin in a development codebase or repository.  The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct a build graph from syscalls to show which files are used to build a binary. We are contributors to strace. Maintained by @pombredanne
+- **[python-inspector](https://github.com/nexB/python-inspector)** and **[nuget inspector](https://github.com/nexB/nuget-inspector/)**
+  inspects manifests and code to resolve dependencies (vulnerable and non-vulnerable) for
+  python and nuget packages respectively.
 
-- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure and provenance of software components in Docker images using static analysis. Maintained by @pombredanne
+- **[Scancode Workbench](https://github.com/nexB/scancode-workbench)**: a desktop application
+  based on typescript and react to visualize and review scan results from scancode scans. 
 
-- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine. See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is. See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne
+- **[AboutCode Toolkit](https://github.com/nexB/aboutcode-toolkit)**: a set of command line tools to document
+  the provenance of your code and generate attribution notices.  AboutCode Toolkit uses small yaml files to
+  document code provenance inside a codebase. The lead maintainer is @chinyeungli
 
-- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the AboutCode tools can understand and use to exchange data. The details are at [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html). ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit) are also using these conventions. 
+- **[TraceCode Toolkit](https://github.com/nexB/tracecode-toolkit)**: a set of tools to trace files from your
+  deployment or distribution packages back to their origin in a development codebase or repository.
+  The primary tool uses strace https://github.com/strace/strace/ to trace system calls on Linux and construct
+  a build graph from syscalls to show which files are used to build a binary. We are contributors to strace.
+  Maintained by @pombredanne
 
-- **[DeltaCode](https://github.com/nexB/deltacode)**: a command line tool to compare scans and determine if and where there are material
-differences that affect licensing. 
+- **[container-inspector](https://github.com/nexB/container-inspector)**: a tool to analyze the structure
+  and provenance of software components in Docker images using static analysis. Maintained by @pombredanne
+
+- **[license-expression](https://github.com/nexB/license-expression/)**: a library to parse, analyze, compare
+  and normalize SPDX and SPDX-like license expressions using a boolean logic expression engine.
+  See https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60 to understand what an expression is.
+  See https://github.com/nexB/license-expression for the code. The underlying boolean engine is live at
+  https://github.com/bastikr/boolean.py . Both are co-maintained by @pombredanne
+
+- **ABCD aka AboutCode Data**: a simple set of conventions to define data structures that all the
+  AboutCode tools can understand and use to exchange data. The details are at
+  [AboutCode Data](https://aboutcode.readthedocs.io/en/latest/aboutcode-data/abcd.html).
+  ABOUT files and ScanCode Toolkit data are examples of this approach. Other projects such as
+  https://libraries.io and and [OSS Review Toolkit](https://github.com/heremaps/oss-review-toolkit)
+  are also using these conventions. 
+
+- **[DeltaCode](https://github.com/nexB/deltacode)**: a command line tool to compare scans and
+  determine if and where there are material differences that affect licensing. 
 
 
 We also co-started and worked closely with other FOSS orgs and projects:
 
-- [Package URL](https://github.com/package-url): an emerging standard to reference software packages of all types with simple, readable and
-concise URLs.
+- [Package URL](https://github.com/package-url): an emerging standard to reference software packages of all types with simple,
+  readable and concise URLs.
 
 - [SPDX](http://SPDX.org): aka. Software Package Data Exchange, a spec to document the origin and licensing of packages.
 
-- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing and documentation clarity. This project is incubating
-with https://opensource.org
+- [CycloneDX](https://cyclonedx.org) aka. OWASP CycloneDX is a full-stack
+  Bill of Materials (BOM) standard that provides advanced supply chain
+  capabilities for cyber risk reduction
+
+- [ClearlyDefined](https://ClearlyDefined.io): a project to review and help FOSS projects improve their licensing
+  and documentation clarity. This project is incubating with https://opensource.org
