First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, using different tools freely available to the open source communities like FOSSology and Antepedia Tools Suite. Secondly, we will give some example of license data that can be collected from many open source projects and show how it can be useful for communities to adopt standard like SPDX (Software Package Data Exchange), which will be presented briefly.
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
1. Tools for developers to ensure legal
integrity of their code
Freddy Munoz, PhD freddy.munoz@antelink.com
Product Manager, Antelink. @drfmunoz
Bruno Cornec
Open Source & Linux Profession Bruno.Cornec@hp.com
Lead EMEA, HPIntelCo.
3. The problem
are you sure that you In your product
know everything…?
???
compile
test
analysis
integration test
package Product
Build Engineer Final product
???
In your BoM
license?
version?
project? are you sure that you
are license compliant?
3
6. Antepedia Tool Suit
Antepedia 940 000 projects
Knowledge
210 000 000 files
Base
Public API
Antepedia* Antepedia*
Notifier Reporter
Antepedia**
Search
** free public access 6
* free for non-profit projects and organizations
7. Antepedia Search
Single
file Cloud service
Web-browser report
Original project
License information
Release date and location
7
8. Antepedia Reporter
my.antepedia.com Antepedia — the world’s
Largest Knowledge Base of
open source projects
1. HTML file
Export
Antepedia Reporter 2. CSV File
Analysis
Automated On-demand Detection of Open
Source Components
8
10. Antepedia Notifier
Antepedia, the world’s
my.antepedia.com largest database of
open source projects
Continuous detection
1. By MAIL
Notification
2. Through
Antepedia Notifier
Atlassian JIRA
Automated Continuos Detection of
Open Source Components
10
11. FOSSology - Goal
FOSS-ology : The study of FOSS
The goal of the FOSSology project is create
tools and a framework to reduce fear,
uncertainty, and doubt in the use,
development, and distribution of open source
software.
FOSSology is a static analysis framework to
learn what we can by scanning FOSS itself.
Analyze the code, save the results in a
database, report results through a Web (or
scripted) interface.
12. A Simple FOSSology Process Flow
o Scan every single file in a package (or distro, or …)
o Fuzzy match against a library of > 400 known
licenses.
o Examine the non-matching portions looking for text
that could be an unknown license.
o Nomos, the now GPLed license analysis tool, is
the result of 10+ years of scanning @HP
19. Web Resources
FOSSOlogy main site
http://www.fossology.org
Mailing Lists, contacts
http://fossology.org/contact_us
Plume details
http://www.projet-plume.org/fiche/fossology
Project-Builder
http://trac.project-builder.org
Open Source at HP
http://opensource.hp.com
ProLiant & Linux
http://www.hp.com/go/proliantlinux “The evolution of FLOSS
FOSSology users: HP, ALU, Siemens, and the Internet are
INRIA, OW2
tightly coupled”