modify report to accommodate suggested changed

Signed-off-by: 404-geek <pranayd61@gmail.com>

Author: 404-geek

docs/source/archive/gsoc-toc.rst

@@ -15,7 +15,7 @@ GSoC 2024
    :maxdepth: 2
 
    gsoc/reports/2024/scancode_toolkit_swastkk
-   gsoc/reports/2024/scancode_scorecode_pranay
+   gsoc/reports/2024/scancodeio_scorecode_pranay
 
 GSoC 2022
 ---------

docs/source/archive/gsoc/reports/2024/scancode_scorecode_pranay.rst renamed to docs/source/archive/gsoc/reports/2024/scancodeio_scorecode_pranay.rst

@@ -1,12 +1,13 @@
-====================================================================================
-Integrating OpenSSF Scorecard into Scancode.io for Enhanced Vulnerability Analysis
-====================================================================================
+==================================================
+Enrich SBOM data based on OSSF Security Score Card
+==================================================
 
 
 **Organization:** `AboutCode <https://aboutcode.org>`_
 
-**Projects:** `Scancode.io <https://github.com/aboutcode-org/scancode.io>`_,
-`Scorecode <https://github.com/aboutcode-org/scorecode>`_
+**Projects:**
+- `Scancode.io <https://github.com/aboutcode-org/scancode.io>`_
+- `Scorecode <https://github.com/aboutcode-org/scorecode>`_
 
 **Mentee:** `Pranay Das (404-geek) <https://github.com/404-geek>`_
 
@@ -22,25 +23,30 @@ Integrating OpenSSF Scorecard into Scancode.io for Enhanced Vulnerability Analys
 Overview
 --------
 
-The primary objective of this project was to integrate the OpenSSF Scorecard into the
-Scancode.io platform, thereby enhancing its capabilities for vulnerability analysis.
-The project involved work on two key repositories: `Scorecode`,which was developed as a
-PyPI package, and `Scancode.io`, where the integration with Scorecard data was
-implemented within scanning pipelines.
+The primary objective of this project was to fetch and integrate the OpenSSF Scorecard
+data into the Scancode.io platform for all detected packages, thereby enhancing its
+capabilities for security and community health metrics analysis. The project
+involved work on two key repositories: `Scorecode`,which was developed as a PyPI
+package, and `Scancode.io`, where the integration with Scorecard data was implemented
+within scanning pipelines.
 
 **Scorecode**
 
-`Scorecode` serves as a PyPI package that encapsulates the business logic for fetching
-OpenSSF Scorecard data using the OpenSSF API. It also includes Django mixin models that
-can be extended and integrated into other platforms with databases, such as Scancode.io
-and PurlDB, ensuring seamless utilization of Scorecard data across various projects.
+`scorecode package <https://pypi.org/project/scorecode/>`_ serves as a PyPI package
+that has the functions to fetch and store OpenSSF Scorecard data using the OpenSSF
+public API. It also includes Django mixin models that can be extended and integrated
+into other platforms with databases, such as Scancode.io and PurlDB, ensuring seamless
+utilization of Scorecard data across various projects.
+
+
 
 **Scancode.io**
 
-In the `Scancode.io` project, I developed a pipeline that interacts with the `Scorecode`
+In the `Scancode.io` project, I added a pipeline that interacts with the `scorecode`
 package to fetch and store Scorecard data in the Scancode.io database. The data can then
-be exported into Bill of Materials (BOM) files in formats like CycloneDX and SPDX,
-providing comprehensive security insights in standardized formats.
+be exported into various outputs like the Software Bill of Materials (SBOM)
+CycloneDX format (and SPDX too in the future), providing comprehensive security
+insights in standardized formats.
 
 --------------------------------------------------------------------------------
 
@@ -50,50 +56,86 @@ Implementation
 **1. Scorecode Repository:**
 
    - Developed a PyPI package to interact with the OpenSSF API and fetch Scorecard data
-     for various software packages.
+     to be used in other software packages and store it in appropriate objects.
    - Created Django mixin models to enable easy extension and integration of Scorecard
      data into platforms with databases like Scancode.io.
 
+For more information, you can visit the
+`scorecode package on PyPI <https://pypi.org/project/scorecode/>`_.
+
+
 **2. Scancode.io Integration:**
 
    - Developed a pipeline within Scancode.io to call `Scorecode` functions, retrieve
      Scorecard data, and save it in the Scancode.io database.
-   - Enhanced the existing BOM export functionality to include Scorecard data, allowing
-     for detailed security posture analysis in CycloneDX and SPDX formats.
+   - Enhanced the existing SBOM export functionality to include Scorecard data, allowing
+     for detailed security posture and community health metrics analysis in CycloneDX
+     format.
 
 **4. Testing:**
 
-   - Conducted comprehensive testing in both repositories to ensure accurate fetching,
-     storage, and export of Scorecard data.
-   - Verified seamless integration across different package ecosystems supported by
-     Scancode.io.
+   - Conducted comprehensive testing across two primary repositories hosted on GitHub
+     and GitLab to ensure accurate fetching, storage, and export of Scorecard data:
+
+     - **GitHub**:
+
+          - `nexB/scancode-toolkit <https://github.com/nexB/scancode-toolkit>`_
+          - `tensorflow/tensorflow <https://github.com/tensorflow/tensorflow>`_
+          - `apache/spark <https://github.com/apache/spark>`_
+
+     - **GitLab**: `gitlab-org/gitlab <https://gitlab.com/gitlab-org/gitlab>`_
+
+   - Verified seamless integration and accurate data retrieval across different package
+     ecosystems supported by Scancode.io, ensuring that the Scorecard data aligns with
+     the expected structure and content.
+
+   - Implemented and executed automated test cases using `pytest`, which include:
+
+     - Validation of key fields such as ``scoring_tool``, ``scoring_tool_version``,
+       ``score_date``, ``score``, ``scoring_tool_documentation_url``, and ``checks``.
+
+     - Type checks for each field to ensure data integrity.
+
+     - URL validation to confirm that the documentation links are correctly formatted
+       and point to the expected resources.
+
+   - Added additional test cases for edge scenarios such as non-existent repositories,
+     private repositories, and invalid input formats to ensure robustness and
+     reliability.
+
 
 --------------------------------------------------------------------------------
 
 Linked Pull Requests
 --------------------
 
 .. list-table::
-   :widths: 10 60 30
+   :widths: 10 40 20 30
    :header-rows: 1
 
    * - Sr. no
+     - Name
      - Link
      - Status
    * - 1
+     - Scorecard Integration
      - https://github.com/aboutcode-org/scancode.io/pull/1294
      - Open
    * - 2
+     - Models integration
      - https://github.com/aboutcode-org/scorecode/pull/5
      - Merged
-   * - 2
+   * - 3
+     - Scorcard api call integration
      - https://github.com/aboutcode-org/scorecode/pull/1
      - Merged
-   * - 2
+   * - 4
+     - Mixin models for storing scorecard data
      - https://github.com/aboutcode-org/scorecode/pull/4
      - Merged
 
 
+
 Related Issues
 --------------
 
@@ -106,20 +148,20 @@ Related Issues
      - Link
    * - 1
      - Store OSSF scorecard data in scancode.io models
-     - `#1283 <https://github.com/aboutcode-org/scancode.io/issues/1283>`_
+     - `aboutcode-org/scancode.io#1283 <https://github.com/aboutcode-org/scancode.io/issues/1283>`_
    * - 2
      - Show OSSF scorecard data in the UI as quality data
-     - `#1284 <https://github.com/aboutcode-org/scancode.io/issues/1284>`_
+     - `aboutcode-org/scancode.io#1284 <https://github.com/aboutcode-org/scancode.io/issues/1284>`_
    * - 3
      - Export OSSF scorecard data in SBOMs
-     - `#1285 <https://github.com/aboutcode-org/scancode.io/issues/1285>`_
+     - `aboutcode-org/scancode.io#1285 <https://github.com/aboutcode-org/scancode.io/issues/1285>`_
    * - 4
      - Compute summary and clarity for EACH package in a codebase
-     - `#3 <https://github.com/aboutcode-org/scorecode/issues/3>`_
+     - `aboutcode-org/scorecode#3 <https://github.com/aboutcode-org/scorecode/issues/3>`_
    * - 5
      - Provide data values in scan results to correspond with license_clarity_score
        elements
-     - `#2 <https://github.com/aboutcode-org/scorecode/issues/2>`_
+     - `aboutcode-org/scorecode#2 <https://github.com/aboutcode-org/scorecode/issues/2>`_
 
 
 Project Reference Links