Feature: back2source: Find binary’s corresponding source repositories and commits

[DennisClark]

This feature includes creating a Python library to effectively find the binary’s corresponding source code Git repositories and commits for a package version, and integrating this in the PurlDB. This is a surprisingly difficult task because in many cases the information is not directly available in a package archive metadata. The outcome is also to group the binary and sources of a package in a "package set" for a given version of a package. Then, we will design output data structures to report discrepancies between deployment to development. The deliverables are a data model in ScanCode.io to track these issues and incorporate in the binary to source pipelines.

• [ ] nexB/purldb#374
• [ ] nexB/scancode.io#1148