FOSSology SCA Integration...The FOSSology Project –FOSDEM –Virtual Event 2021 CC-BY-SA 4.0 1...

CC-BY-SA 4.0The FOSSology Project – FOSDEM – Virtual Event 2021 1

FOSSology SCA Integration

Presenters:

Gaurav Mishra <gmishx@gmishx.in>

Shaheem Azmal M MD <shaheem.azmal@gmail.com>

Anupam Ghosh <anupamghosh.ind@gmail.com>

• 2008 initial publication by HP

• 2015 Linux Foundation Collaboration Project

• It is a Linux Application

• Different tasks for OSS license compliance

• Scanning for licenses

• Copyright, authorship, e-mails

• ECC statements

• Generation of documentation

• Export and import SPDX files

www.fossology.org

FOSSology – Linux Foundation Collaboration Project

Features: Two License Scanners: Nomos and Monk

• Good for finding actual

licenses

• Identifies also derivatives

of licenses

• Finds all kind of license

relevant texts

• Finds unknown Licenses

• Certainty that known

license text is actually

found and wording is

exactly reproduced

• Finds most license

relevant texts

• Identifies also derivatives

of licenses

Bulk Phrase Matches Monk Full text MatchesNomos Reg. ExpressionsNomos Keywords

• Limited to known

phrases only

• Does not provide

certainty about original or

derivative

• Very imprecise

• Does not identify license

• High number of false

positives

• Only limited precision for

identifying actual

licenses

• False positives

Flexibility

Precision

• Works only on known

license texts

• Actual occurrences are

minority

Ojo, a scanner to detect SPDX-License-IDs

#include<stdio.h>

* Written by John Doe

* SPDX-License-Identifier: Apache-2.0

int main() {

printf("Hello World\n");

return 0;

Gets detected as Apache-2.0 – reuse.software

Combine Ojo results with the other scanners

Automatize

• The Ojo information can be combined with the other findings

• If no other scanner found a contradicting statement, the result can be concluded

• New agent Spasht, works with ClearlyDefined.io

• PostgreSQL 12 support

• Ability to specify GIT branch in Upload from VCS

• Reuse of deactivated copyrights

• Remove OpenSSL dependency, use libgcrypt

• Support for Ubuntu Focal Fossa (20.04)

• Obligations now refer to license conclusions

• Auto deactivation of copyrights for irrelevant files

• Display time in browser's timezone

• Ability to export Copyright CSV

https://github.com/fossology/fossology/releases

FOSSology Updates – What is new in 3.9.0

• Manage folders, uploads

• Trigger scans and options

• Download reports

• More info at:

https://www.fossology.org/get-

started/basic-rest-api-calls/

• https://github.com/fossology/fo

ssology/wiki/FOSSology-

REST-API

• (complete flow explained)

REST API

FOSSology – Of course you can automate!

• Available in many languages• Python (fossology-python)

• C# (FOSSology.REST.dotnet)

• Shell (FOSSology.REST.shell)

• FOSSdriver

• Not only what REST API

can do

• … but also manage

bulk scans

• More info at:

https://github.com/fossology

• Write your own Python workflow

REST Clients

• Many functions and agents have

command line interfaces

• Nomos an Monk license

scanners

• Copyright scanner

• License listings

• …

• Upload and download tools

Command line tools

Uploading a package

Upload using REST Clients

Shell Client Python Client

Upload using CLI Tool

cp2foss Upload sources

• All the methods supports upload from

• From file

• From URL

• From GIT

• From SVN

• From Server

Scanning a package

Scanning upload using REST Clients

Scanning upload using CLI Tool

fossjobs Scanning options

• Analysis

• Various agents

• Decider

• Automatic conclusions

• nomos-monk, ojo, new scanner

• Bulk reuse

• Reuse

• Copy clearings from existing upload

Analysing the results

Analysing results using cURL

Upload summary Upload licenses

Analysing results using REST Client

Upload summary Upload licenses

Analysing results using CLI tools

Nomos Licenses Other tools

• fo_nomos_license_list

• All findings by nomos scanner

• Can exclude file paths

• fo_monk_license_list

• All findings by monk scanner

• Can exclude file paths

• fo_copyright_list

• All copyright findings

• Can filter copyright content

Generating reports

Generating reports using REST Clients

Report formats available: dep5, spdx2, spdx2tv, readmeoss, unifiedreport

• Standalone license scanner

• Written in Python

• Implement multiple text

statistics and information

retrieval algorithms

• More info at:

/atarashi

Atarashi

There is more at github.com/fossology

• Slides for Presenting

FOSSology

• Make your presentation with

FOSSology

• Material for a 1-day training

• More info at:

/FOSSologySlides

FOSSologySlides

• Python library and tool

• Extract source code and

comments

• Supports 25 languages

• Differentiate single line, multiline

and continued single line

comments

• More info at:

/Nirjas

Nirjas

Questions? – Consider to “Star Us”!

FOSSology links

https://www.fossology.org/

https://github.com/fossology/fossology

Gaurav Mishra

Siemens AG

gmishx@gmishx.in

Shaheem Azmal

Siemens AG

shaheem.azmal@gmail.com

Anupam Ghosh

Siemens AG

anupamghosh.ind@gmail.com

FOSSology - YouTube

https://www.youtube.com/channel/UCZGPJnQZVnEPQWxOuNamLpw

FOSSology SCA Integration...The FOSSology Project –FOSDEM –Virtual Event 2021 CC-BY-SA 4.0 1...

Documents

Transcript of FOSSology SCA Integration...The FOSSology Project –FOSDEM –Virtual Event 2021 CC-BY-SA 4.0 1...

SCA conference2014

Committee Draft 02 2 February 2010 - OASISdocs.oasis-open.org/opencsa/sca-j/sca-ejbbinding-1.1-spec.pdf · 21 specification and is described in the Java EE integration specification

Test Assertions for the SCA Policy FW Specification 1docs.oasis-open.org/opencsa/sca-policy/sca-policy-1.1-test-assertions.pdfthat are designed to check that an SCA runtime conforms

Sca Folding

SCA JMS Binding 1 - OASISdocs.oasis-open.org/opencsa/sca-bindings/sca-jms... · 1 1 Introduction 2 This document specifies the means by which SCA composites and components, as defined

FOSSology License Compliance and Automation - bitkom.org · Page 15 September 2018 M. C. Jaeger, Corporate Technology, T. Graf, Building Technologies FOSSology – Bereit für Automatisierung

SCA Service Component Architecture - XMLxml.coverpages.org/OSOA-SCA-JAVA-EE-IntegrationV09.pdf · SCA Service Component Architecture Java EE Integration Specification Draft 0.5 1

Antibiosis to SCA in Pl 550610 and SCA-Greenbug Interactions

SCA GROUP LIMITED COMPANY PORTFOLIO · SCA Group 7 Crane Way Woolsbridge Industrial Park Three Legged Cross Wimborne Dorset BH21 6FA 01202 820820 sales@sca-group.com SCA GROUP LIMITED

THE SCA THE - Silver Caduceus Association · SCA THE Oct 2012 Table of Contents - SCA New Members - SCA Excellence In Leadership Award ... COL Jim Van Straten, and COL George Waters

SCA PACKAGING INTEGRATION - DS Smith...SCA PACKAGING INTEGRATION 100-day update 11 October 2012 2 KEY THEMES Miles Roberts, Group Chief Executive OUR MARKETS AND CUSTOMERS Gary Saunders,

SCA Assembly 1.1 - OASISdocs.oasis-open.org/opencsa/sca-assembly/sca-assembly-1... · Web viewService Component Architecture Assembly Model Specification Version 1.1

Using containers and Continuous Packaging to Build native FOSSology packages

FOSSology: Feature Overview

ORACLE SOA INTEGRATION FOR - nlOUG€¦ · oracle soa integration for healthcare – 12c ... what about oracle soa suite – sca/osb? ... soa server 2 port 8011

Service Service ComponentComponent ArchitectureArchitecture · Agenda Einführung Service Component Architecture (SCA) JavaBusinessIntegration(JBI)Java Business Integration (JBI)

SCA Cocaina

HP Fossology v5.3

€¦ · INTRODUCING THE NEW ATECH TECHANGLE TORQUE WRENCH g 5napan Secti Sca . e Secti Sca . e Secti Sca *PROPS I *cas Secti Sca *PROPS I *cas Secti Sca . Secti Sca …

SCA Overview

€¦ · INTRODUCING THE NEW ATECH TECHANGLE TORQUE WRENCH g 5napan Secti Sca . e Secti Sca . e Secti Sca PROPS I cas Secti Sca PROPS I cas Secti Sca . Secti Sca …