Week 10 was the last week of the coding phase 2 and a lot happened in this week. We completed wrapping up the Libyear program as a worker and it is working perfectly!

Week 10 summary

We have discussed in previous blogs about the libyear worker, how it is being build and advantages of our libyear worker over other existing libyear calculating tools listed on Libyear website. I did mention in my last blog that we have built our own parsers and functions to calculate libyear. This week we made it into a complete worker and added function to identify the file type…

You must have read in the previous blogs that we are currently working on a new worker for augur to calculate Libyear. Weeks 8 and 9 have been really productive as we have made good progress in that direction.

Working of the Worker-

We can divide Worker into 3 parts —

1- Parsers — Parsers parse the package files and get the list of dependencies and their version representations. Currently, we have only build parsers for the PYPI package manager and supporting file formats are — system.py, requirement.txt, pipfile, pipfile.lock, and poetry. I would be adding the support for conda soon. For these parsers…

Week 6 was the start of Phase 2 of our Google Summer of Code. As I mentioned in my previous blogs, we are now working to build a new Worker in Augur for calculating the libyear which is a measure of dependency freshness. These weeks were a lot about researching and deciding on the architecture for the worker.

But what is Libyear and dependency freshness?

This is a good question, dependency freshness is a fancy way of telling how updated are your dependencies. Dependencies have a version, all developers keep updating them which fixes bugs, makes it more stable and…

Before getting into my progress for weeks 4 and 5, I would brief you about my first 3 weeks so that it gets you in the flow. I was working on extending the dependency worker to collect scorecard data. We had a bug in which it didn’t generate any logs and I figured it might be because the Deps worker not working at all. Well yes, we did resolve the bugs, and the Scorecard model is completely working now.

But how did we solve the buggy situation?

This bug led to another bug which led to another bug and so on. At first, we only had to figure…

My week 3 was a lot about bugs, but before getting into the bugs I would brief about my work from week 1 and 2 so that it gets you in the flow. In my Week 1 as I mentioned in my first blog, it started by extending the current Deps Worker to collect OSSF- Scorecard data. By the end of the week 1, it was working for me and my week 2 was about making it work for everyone.

In my week 2 most of the issues were resolved yet there was one particular about setting the environment variables…

Before getting to what I worked on , it would make more sense if I explained my project in brief. My project is about building a shared data resource focused on Dependencies, Risk and Vulnerabilities. Dependencies are basically piece of code that your project depends on. So, if there is something wrong with the dependency, then that would mean there might be something wrong with your project too.

So my Week 1 was mostly about design discussion with my Mentor and getting started. I started by extending the current Dependency Worker in Augur to collect OSSF Scorecard data. Scorecard is…

Dhruv Sachdev

Open Source Enthusiast and a Computer Science Student

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store