Tools for developers to ensure legal       integrity of their codeFreddy Munoz, PhD              freddy.munoz@antelink.com...
The context
The problemare you sure that you                        In your productknow everything…?                                  ...
Available compliance tools                                       (non-exhaustive list)           Antepedia                ...
Antepedia Tool Suite                       5
Antepedia Tool Suit                                                    Antepedia       940 000 projects                   ...
Antepedia SearchSingle  file   Cloud service                                            Web-browser report                ...
Antepedia Reportermy.antepedia.com      Antepedia — the world’s                     Largest Knowledge Base of             ...
9
Antepedia Notifier                           Antepedia, the world’smy.antepedia.com            largest database of        ...
FOSSology - GoalFOSS-ology : The study of FOSSThe goal of the FOSSology project is createtools and a framework to reduce f...
A Simple FOSSology Process Flowo Scan every single file in a package (or distro, or …)o Fuzzy match against a library of >...
File upload screenshot
Queue management screenshot
License analysis screenshot
Meta data analysis screenshot
Bucket browser screenshot
Architecture
Web Resources FOSSOlogy main site http://www.fossology.org Mailing Lists, contacts http://fossology.org/contact_us Plume d...
SPDX: Handling Heterogeneous         Licenses                               20
21
Inconsistent                                                   License                                              Inform...
InconsistentSource http://sourceforge.net/projects/winpenpack/                                                          Li...
24
SPDX: StandardizationSPDX™ - A standard format forcommunicating the components,licenses and copyrightsassociated with a so...
26
???      27
Upcoming SlideShare
Loading in …5
×

Tools for developers to ensure legal integrity of their code - Antelink OWF

1,464 views
1,428 views

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,464
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Tools for developers to ensure legal integrity of their code - Antelink OWF

  1. 1. Tools for developers to ensure legal integrity of their codeFreddy Munoz, PhD freddy.munoz@antelink.comProduct Manager, Antelink. @drfmunozBruno CornecOpen Source & Linux Profession Bruno.Cornec@hp.comLead EMEA, HPIntelCo.
  2. 2. The context
  3. 3. The problemare you sure that you In your productknow everything…? ??? compile test analysis integration test package Product Build Engineer Final product ??? In your BoM license? version? project? are you sure that you are license compliant? 3
  4. 4. Available compliance tools (non-exhaustive list) Antepedia Antepedia Antepedia Notifier Notifier Reporter Source code Binary packageSource http://www.linuxfoundation.org/programs/legal/compliance/tools 4
  5. 5. Antepedia Tool Suite 5
  6. 6. Antepedia Tool Suit Antepedia 940 000 projects Knowledge 210 000 000 files Base Public APIAntepedia* Antepedia*Notifier Reporter Antepedia** Search ** free public access 6 * free for non-profit projects and organizations
  7. 7. Antepedia SearchSingle file Cloud service Web-browser report Original project License information Release date and location 7
  8. 8. Antepedia Reportermy.antepedia.com Antepedia — the world’s Largest Knowledge Base of open source projects 1. HTML file Export Antepedia Reporter 2. CSV File Analysis Automated On-demand Detection of Open Source Components 8
  9. 9. 9
  10. 10. Antepedia Notifier Antepedia, the world’smy.antepedia.com largest database of open source projects Continuous detection 1. By MAIL Notification 2. Through Antepedia Notifier Atlassian JIRA Automated Continuos Detection of Open Source Components 10
  11. 11. FOSSology - GoalFOSS-ology : The study of FOSSThe goal of the FOSSology project is createtools and a framework to reduce fear,uncertainty, and doubt in the use,development, and distribution of open sourcesoftware.FOSSology is a static analysis framework tolearn what we can by scanning FOSS itself.Analyze the code, save the results in adatabase, report results through a Web (orscripted) interface.
  12. 12. A Simple FOSSology Process Flowo Scan every single file in a package (or distro, or …)o Fuzzy match against a library of > 400 known licenses.o Examine the non-matching portions looking for text that could be an unknown license.o Nomos, the now GPLed license analysis tool, is the result of 10+ years of scanning @HP
  13. 13. File upload screenshot
  14. 14. Queue management screenshot
  15. 15. License analysis screenshot
  16. 16. Meta data analysis screenshot
  17. 17. Bucket browser screenshot
  18. 18. Architecture
  19. 19. Web Resources FOSSOlogy main site http://www.fossology.org Mailing Lists, contacts http://fossology.org/contact_us Plume details http://www.projet-plume.org/fiche/fossology Project-Builder http://trac.project-builder.org Open Source at HP http://opensource.hp.com ProLiant & Linux http://www.hp.com/go/proliantlinuxFOSSology users: HP, ALU, Siemens, “The evolution of FLOSS INRIA, OW2 and the Internet are tightly coupled”
  20. 20. SPDX: Handling Heterogeneous Licenses 20
  21. 21. 21
  22. 22. Inconsistent License Information (1/2)http://sourceforge.net/projects/jwebmail/ http://jwebmail.sourceforge.net/about.html http://jwebmail.sourceforge.net/news.html 22
  23. 23. InconsistentSource http://sourceforge.net/projects/winpenpack/ License Information (2/2) Source http://www.winpenpack.com/en/page.php?5 23
  24. 24. 24
  25. 25. SPDX: StandardizationSPDX™ - A standard format forcommunicating the components,licenses and copyrightsassociated with a softwarepackage. 25
  26. 26. 26
  27. 27. ??? 27

×