SoftwareUnderstanding · francoto · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026
diff --git a/.github/actions/create-issues/action.yml b/.github/actions/create-issues/action.yml
@@ -29,6 +29,8 @@ runs:
   steps:
     - name: Checkout code
       uses: actions/checkout@v4
+      with:
+        clean: false
 
     - name: Set up Python
       uses: actions/setup-python@v5

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -17,4 +17,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
-    open-pull-requests-limit: 5
+    groups:
+      actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/run-bot-analysis.yml b/.github/workflows/run-bot-analysis.yml
@@ -2,8 +2,8 @@ name: Run Bot Analysis and Issues Generation on ESCAPE-OSSR
 
 on:
   schedule:
-    # Run every Monday at 00:00 UTC
-    - cron: '0 0 * * 1'
+    # Run every first day of the month at 00:00 UTC
+    - cron: '0 0 1 * *'
   workflow_dispatch:
   pull_request:
     paths:

diff --git a/assets/existing_metacheck_analysis/example_pitfall_1.jsonld b/assets/existing_metacheck_analysis/example_pitfall_1.jsonld
@@ -0,0 +1,130 @@
+{
+  "@context": "[IN PROCESS]",
+  "@type": "SoftwareQualityAssessment",
+  "name": "Quality Assessment for Unknown",
+  "description": "LOFAR Pipeline System",
+  "creator": {
+    "@type": "schema:Person",
+    "name": "Anonymous",
+    "email": "example@email.com"
+  },
+  "dateCreated": "2026-03-05T15:57:06Z",
+  "license": {
+    "@id": "https://opensource.org/license/mit"
+  },
+  "commit_id": "Unknown",
+  "assessedSoftware": {
+    "@type": "schema:SoftwareApplication",
+    "name": "Unknown",
+    "softwareVersion": "Before-Remove-TMSS",
+    "url": "https://git.astron.nl/ro/lofar/",
+    "commit_id": "Unknown"
+  },
+  "checks": [
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/metadatafile"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Compares the version found in the metadata file with the latest repository release tag.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P001",
+      "output": "true",
+      "evidence": "P001 detected: pom.xml version '2.22.0-SNAPSHOT' does not match release version 'Before-Remove-TMSS'",
+      "suggestion": "Ensure the version in your metadata matches the latest official release. Keeping these synchronized avoids confusion for users and improves reproducibility.",
+      "checkId": "8036a85b58a90340eee71682b743c6e47e8455f37d47414278e12121c86c3715"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/license"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Searches for common template placeholders (e.g., <program>, <year>) within the LICENSE file.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P002",
+      "output": "true",
+      "evidence": "P002 detected: LICENSE file contains unreplaced template placeholders",
+      "suggestion": "Update the copyright section with accurate names, organizations, and the current year. Personalizing this section ensures clarity and legal accuracy.",
+      "checkId": "8454f0d79563a0ecd16bd6e439d5a76d282cc8071ca936f496d2c8fa8073ec6f"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/metadatafile"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Checks if the codeRepository field points to a project homepage rather than the actual source code repository.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P009",
+      "output": "true",
+      "evidence": "P009 detected: setup.py codeRepository points to homepage instead of repository: http://www.transientskp.org/",
+      "suggestion": "You need to update the codeRepository field to point directly to your repository's source code instead of a homepage. Accurate links improve traceability and user access.",
+      "checkId": "30d666820d2e730be4ba5c7261cb2d893bb81f3c4b20044c517a891d78af0000"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/metadatafile"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Analyzes software requirements in metadata to see if they lack explicit version constraints.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W001",
+      "output": "true",
+      "evidence": "W001 detected: pom.xml contains software requirements without versions: django, psycopg2-binary, djangorestframework, django-polymorphic, django-rest-polymorphic, requests, gunicorn, fabric, invocations, beautifultable, blessings, celery, django-filter, coreapi, matplotlib",
+      "suggestion": "Add version numbers to your dependencies. This provides stability for users and allows reproducibility across different environments.",
+      "checkId": "5a28a7a1d78554975164d60957f31f2601eaf60dfa9ebe9b2835e585853f075e"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Detects if multiple distinct licenses are found in the repository but only a single license is declared in codemeta.json.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W003",
+      "output": "true",
+      "evidence": "W003 detected: Repository has multiple licenses but codemeta.json only lists one. Found in: https:///ro/lofar/-/blob/master/LICENSE",
+      "suggestion": "Make sure you are using the correct licenses. This avoids confusion about terms of use and ensures full transparency.",
+      "checkId": "efe9bf2946d3bba4dc5eae8f3f425cfe06a05172953e95284eb8db3c18792811"
+    }
+  ]
+}
diff --git a/assets/existing_metacheck_analysis/example_pitfall_2.jsonld b/assets/existing_metacheck_analysis/example_pitfall_2.jsonld
@@ -0,0 +1,112 @@
+{
+  "@context": "[IN PROCESS]",
+  "@type": "SoftwareQualityAssessment",
+  "name": "Quality Assessment for Unknown",
+  "description": "This is a container to extract Gravitational Wave (GW) data from the datalake using Rucio and feed 1 second GW frames to the GW pipelines.",
+  "creator": {
+    "@type": "schema:Person",
+    "name": "Anonymous",
+    "email": "example@email.com"
+  },
+  "dateCreated": "2026-03-05T15:55:32Z",
+  "license": {
+    "@id": "https://opensource.org/license/mit"
+  },
+  "commit_id": "Unknown",
+  "assessedSoftware": {
+    "@type": "schema:SoftwareApplication",
+    "name": "Unknown",
+    "softwareVersion": "Unknown",
+    "url": "https://git.ligo.org/rhys.poulton/escape-datalake-shared-volume-writer/",
+    "schema:identifier": {
+      "@id": "https://doi.org/10.5281/zenodo.5742053"
+    },
+    "commit_id": "Unknown"
+  },
+  "checks": [
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/license"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Searches for common template placeholders (e.g., <program>, <year>) within the LICENSE file.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P002",
+      "output": "true",
+      "evidence": "P002 detected: LICENSE file contains unreplaced template placeholders",
+      "suggestion": "Update the copyright section with accurate names, organizations, and the current year. Personalizing this section ensures clarity and legal accuracy.",
+      "checkId": "8454f0d79563a0ecd16bd6e439d5a76d282cc8071ca936f496d2c8fa8073ec6f"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Checks the identifier field in codemeta.json to see if it uses a bare DOI string instead of a full HTTPS URL.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P014",
+      "output": "true",
+      "evidence": "P014 detected: codemeta.json Identifier uses bare DOI instead of full URL: '10.5281/zenodo.5742053'",
+      "suggestion": "You should include the full DOI URL form in your metadata (e.g., https://doi.org/XX.XXXX/zenodo.XXXX)",
+      "checkId": "5332af69762b78de21b8b3f64a63a6fc781cc390029bc18fab5adbd4e1565953"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Detects if multiple distinct licenses are found in the repository but only a single license is declared in codemeta.json.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W003",
+      "output": "true",
+      "evidence": "W003 detected: Repository has multiple licenses but codemeta.json only lists one. Found in: https:///rhys.poulton/escape-datalake-shared-volume-writer/-/blob/main/LICENSE",
+      "suggestion": "Make sure you are using the correct licenses. This avoids confusion about terms of use and ensures full transparency.",
+      "checkId": "3dbc3727e714a3623407acc90516150321adddd8b06d7552db68a1356e88dbc8"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Checks programming language declarations in codemeta.json to see if they lack specific version numbers.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W004",
+      "output": "true",
+      "evidence": "W004 detected: codemeta.json Programming languages without versions: Python, bash",
+      "suggestion": "Include version numbers for each programming language used. Defining these helps ensure reproducibility and compatibility across systems.",
+      "checkId": "79c379cb7ed9ae82341ac78424c44cb61bbafca03f7142d9da9c69e1017b964d"
+    }
+  ]
+}
diff --git a/assets/existing_metacheck_analysis/example_pitfall_3.jsonld b/assets/existing_metacheck_analysis/example_pitfall_3.jsonld
@@ -0,0 +1,109 @@
+{
+  "@context": "[IN PROCESS]",
+  "@type": "SoftwareQualityAssessment",
+  "name": "Quality Assessment for AMIGA-IAA/hcg-16",
+  "description": "HCG-16 Project",
+  "creator": {
+    "@type": "schema:Person",
+    "name": "Anonymous",
+    "email": "example@email.com"
+  },
+  "dateCreated": "2026-03-05T15:57:03Z",
+  "license": {
+    "@id": "https://opensource.org/license/mit"
+  },
+  "commit_id": "3e46b026f96b30c4b7d69546720bdb9debb07f99",
+  "assessedSoftware": {
+    "@type": "schema:SoftwareApplication",
+    "name": "AMIGA-IAA/hcg-16",
+    "softwareVersion": "v1.2.3",
+    "url": "https://github.com/AMIGA-IAA/hcg-16",
+    "commit_id": "3e46b026f96b30c4b7d69546720bdb9debb07f99"
+  },
+  "checks": [
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/metadatafile"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Compares the version found in the metadata file with the latest repository release tag.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#P001",
+      "output": "true",
+      "evidence": "P001 detected: codemeta.json version '1.2.1' does not match release version '1.2.3'",
+      "suggestion": "Ensure the version in your metadata matches the latest official release. Keeping these synchronized avoids confusion for users and improves reproducibility.",
+      "checkId": "36bc1bbaee0838ae68e47514b4ad7ef566f44f66ee3e3175a1168277ac4326d3"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/metadatafile"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Analyzes software requirements in metadata to see if they lack explicit version constraints.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W001",
+      "output": "true",
+      "evidence": "W001 detected: codemeta.json contains software requirements without versions: https://github.com/AMIGA-IAA/hcg-16/blob/master/conda-linux-64.lock",
+      "suggestion": "Add version numbers to your dependencies. This provides stability for users and allows reproducibility across different environments.",
+      "checkId": "c7bc3040b51b441ad9224cabe8a9f65cf6473a0ad2ddfa26386894fd3a526d5e"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Compares the dateModified field against the last updated date of the actual repository.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W002",
+      "output": "true",
+      "evidence": "W002 detected: codemeta.json dateModified '2021-09-28T00:00:00' is outdated compared to repository date '2023-06-14T17:26:23'",
+      "suggestion": "The data in the metadata file should be updated to be aligned with the date of the latest release. Automating this synchronization as part of your release process is highly recommended.",
+      "checkId": "9899b42e1ee09c93bf269e81574db71daca18a345e1f9f5bd43f6022fcf39fba"
+    },
+    {
+      "@type": "CheckResult",
+      "assessesIndicator": {
+        "@id": "https://w3id.org/example/metacheck/i/indicators/codemeta"
+      },
+      "checkingSoftware": {
+        "@type": "schema:SoftwareApplication",
+        "name": "metacheck",
+        "@id": "https://w3id.org/example/metacheck/tools/",
+        "softwareVersion": "0.2.0"
+      },
+      "process": "Checks programming language declarations in codemeta.json to see if they lack specific version numbers.",
+      "status": {
+        "@id": "schema:CompletedActionStatus"
+      },
+      "pitfall": "https://w3id.org/rsmetacheck/catalog/#W004",
+      "output": "true",
+      "evidence": "W004 detected: codemeta.json Programming languages without versions: Python",
+      "suggestion": "Include version numbers for each programming language used. Defining these helps ensure reproducibility and compatibility across systems.",
+      "checkId": "9afd141924d0a42df9c1b53a6552790dccf6bd40886d704cb8699191578eb846"
+    }
+  ]
+}