Brussels / 3 & 4 February 2018

schedule

FOSSology - OSS Project for License Compliance


FOSSology is a popular tool for the end-to-end analysis of software components in a single Web server application. It can scan source code for: a) License information, b) Copyright notices, c) Export control relevant statements. It makes software analysis more efficient by offering high precision, greatly reducing overhead costs. FOSSology lets users generate compliance documentation according to the organization's needs, in a variety of data formats, emphasizing SPDX tag-value and RDF documents.

FOSSology is Open Source Software licensed under GPL-2.0 and a Linux Foundation collaboration project. In the past year, FOSSology has improved in many areas such as reporting, license management and data exchange capabilities. This talk provides and update about The SPDX Import and Export Functionality.

License proliferation, the growing number of open source components and the heterogeneity within large open source components require thorough license analysis. Text or regular expression scanners are often not enough to get a precise picture of the licensing situation. Precise license analysis can occur when legal cases arise as well as when important product decisions must be made. The trade-off is the effort to invest in order to achieve a precise analysis.

FOSSology is a component analysis for license, copyright and ECC statements analysis, offering a high recognition precision. It allows for capturing exact license text wording for SPDX reporting. At the same time, aggregated views provide efficiency. Automation functionality enables effective workflows. Most recent points are the SPDX export functionality and the recently added the SPDX import.

FOSSology is an open source project since 2008, originally contributed by HP. It is licenses under the GPL-2.0 and is freely available for all, companies, organization and open source projects.

Speakers

Michael Jaeger
Photo of Maximilian Huber Maximilian Huber

Attachments

Links