C/C++ Package Registry
Common registry for software written in C/C++
Much of the internet and many devices run on C/C++ code. There are many build and packaging systems for C/C++, but without a common registry, it is difficult to discover, catalog, and identify C/C++ packages used in products, devices, and apps.
The C/C++ Package Registry resolves this by creating an open and distributed registry of C/C++ packages keyed by Package-URL (PURL), with associated metadata, but neutral towards any build system. It will also maintain open source tools to discover and detect C/C++ code commonly vendored and patched in software codebases. This will be combined with a database of known security vulnerabilities that affect these C/C++ packages, also keyed by PURL.
This enables C/C++ software teams to more efficiently and reliably manage and automate their C/C++ software supply chain and vulnerability management operations. Using open data and open source code, the C/C++ Package Registry strengthens security postures and helps teams meet regulatory compliance requirements. Our goal is to develop the foundational data formats, build the core infrastructure for collecting and indexing C/C++ packages, and create comprehensive documentation that will nurture and sustain a thriving community around this initiative.
- The project's own website: https://aboutcode.org
Run by AboutCode Europe ASBL
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
