HP Fossology v5.3
-
Upload
fossa-free-open-source-software-academia-conference -
Category
Technology
-
view
368 -
download
0
description
Transcript of HP Fossology v5.3
![Page 1: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/1.jpg)
Bruno Cornec HP, EMEA Open Source Profession Lead
The FOSSology project
September 2013Version 5.3
![Page 2: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/2.jpg)
Introducing Myself● Software engineering and Unices since 1988
● Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems
● Discover Open Source & Linux (OSL) & first contributions in 1993● Full time on OSL since 1995, first as HP reseller then @HP
● Currently:● Master Technology Architect on OSL for the HP/Intel Solution Center,
Grenoble● OSL HP Advocate● EMEA OSL HP Profession Lead● Solutions Linux Conference and OWF board member● MondoRescue, Dploy.org, Project-Builder.org project lead● LinuxCOE, mrepo, tellico, rinse, fossology, collectl contributor● FOSSBazaar and OSL Governance enthusiast● Mandriva, Mageia, Fedora packager
![Page 3: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/3.jpg)
FOSSology.org
FOSSology's etymology: ΦΟΣΣ: Free Open Source Softwareλογος: science, study
So FOSSology == FOSS study
![Page 4: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/4.jpg)
Goal
The goal of the FOSSology project is to create tools and a framework to reduce fear, uncertainty, and doubt in the use, development, and distribution of FOSS.FOSSology is a static analysis framework to learn what we can by scanning FOSS itself.Analyze the code, save the results in a database, report results through a Web (or scripted) interface.Focus now on License Management
![Page 5: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/5.jpg)
FOSSology & the Linux Foundation
![Page 6: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/6.jpg)
License Discovery
Scan every single file in a tar file (or package, or ISO, distro or …)
Fuzzy match against a library of > 400+ known licenses.
Examine the non-matching portions looking for text that could be an unknown license.
Nomos, the now GPLed license analysis tool, is the result of 10+ years of scanning @HP
![Page 7: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/7.jpg)
FOSSology Process Flow
![Page 8: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/8.jpg)
File upload screenshot
![Page 9: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/9.jpg)
Let’s Use FOSSology
![Page 10: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/10.jpg)
Job queue screenshot
![Page 11: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/11.jpg)
Benefit from FOSSology results
![Page 12: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/12.jpg)
License browser screenshot
![Page 13: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/13.jpg)
Architecture
![Page 14: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/14.jpg)
Requirements
- Linux System- Apache Web Server 2.x- PHP 5.x- PostgreSQL > 8.3- Some libraries (libmagic, libxml2, libextractor)- Some commands (ar, bzcat, cabextract, fls cpio, dpkg, icat, isoinfo, pdftotext, rpm, rpm2cpio, tar, upx-ucl, unrar, unzip, wget, zcat)- Disk Space- CPU resources
![Page 15: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/15.jpg)
Disturbing Image
![Page 16: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/16.jpg)
Know Thy Licenses
![Page 17: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/17.jpg)
Timeline
![Page 18: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/18.jpg)
Meta data
![Page 19: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/19.jpg)
Buckets
![Page 20: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/20.jpg)
Comparisons
![Page 21: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/21.jpg)
What's new in fossology 2.x2.0 Announced Jun 7, 2012 : Restructure, few new features.New more robust batch scheduler (redesigned)More modularity in code (ease contributions for agents and allow module release independantly). Improved tags management, code documentation, testingScan logs independant from scheduler logs. UI viewable
Future 2.x:- SPDX support http://spdx.org/ The goal of this specification is to enable companies and organizations to share license and component information (metadata) for software package and related content with the aim of facilitating license and other policy compliance.
- Binary analysis
- Dependency analysis
![Page 22: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/22.jpg)
Fossology and SPDX
![Page 23: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/23.jpg)
Other uses for FOSSologyo Copyright geneology
o Trademark search
o Vulnerability tracking
o Dependency graphs
o Distro, package, file diffs
o Localization reports
o Code Plagiarism
o Vulnerability tracking
o ?
o Your input here
An Open Source project.
=>
Contributions are encouraged.
![Page 24: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/24.jpg)
Public repositoryAvailability as of August 2012, 30 of a public FOSSology instance, hosted by the University of Nebraska, Omaha as part of their UNO project.
FOSSology 2.0Ubuntu 10.04.4 LTS
2GB RAM50GB HD (92% free)
1x Intel Xeon 2.8 GHz w/ 128K cache
https://fossology.ist.unomaha.edu/
Contact: Matt Germonprez
"Now freely available to open source projects, corporate users, and academic institutions that wish to analyze open source software for licensing and copyright, as well as educate students on these important issues.“
Also working on an SPDX 1.1 agent
![Page 25: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/25.jpg)
06/09/13 29
FLOSS Governance Workshop
Open Source BaselineBusiness DriversVarious open source touch points in your company Awareness, responsibilities , risks, processes
Legal Aspects of Open Source GovernanceAssessment of Free and Open source software phenomenonDetailed discussion of Open Source Licenses Bridging the legal and technical communities Other considerations: WEB-based services, mergers and acquisitions, other
Automating Open Source ComplianceOpen Source discoveryLicense detection and analysis
Open Source Policy Best Practices
Use of open source – when appropriate,
when not appropriate for your business
Review of licenses, product distribution
considerations
Considerations for employee contribution to
open source community
Company relationship with community
Open Source Governance Processes Best practices for open source tracking, review and management Open Source Compliance Lifecycle, workflow Building Internal Open Source Communities
Workshop designed to guide through the top issues around management of Open Source in the enterprise. Targeted at a cross-organizational audience, including auditing, legal, procurement, operational risk management, technology strategy, and line-of-business departments
![Page 26: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/26.jpg)
“The evolution of FLOSSand the Internet are
tightly coupled”
Web ResourcesFOSSOlogyhttp://www.fossology.orgMailing Lists, contacts http://fossology.org/contact_us [email protected]#fossology on irc.oftc.net :6667Public FOSSOlogy instancehttps://fossology.ist.unomaha.edu/ Plume details http://www.projet-plume.org/fiche/fossologyProject-Builderhttp://trac.project-builder.orgOpen Source at HPhttp://opensource.hp.comProLiant & Linuxhttp://www.hp.com/go/proliantlinuxLinux Foundation Open Compliance Program
http://www.linuxfoundation.org/programs/legal/compliance
FOSSology users:
HP, ALU, Siemens, INRIA, OW2
![Page 27: HP Fossology v5.3](https://reader034.fdocuments.us/reader034/viewer/2022052410/55592586d8b42a3d028b54d0/html5/thumbnails/27.jpg)
”Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be.”
Bill Hewlett
(Open Source and Linux Technology Architect at the HP/Intel Solution Center)
http://www.hp.com/linux
http://opensource.hp.com
http://fossology.org
Thanks goes to:
Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Mary Laser, Gallig Renaud, Vincent Ma, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-)
Contact – Thanks - Questions