User Tools

Site Tools


Sidebar

Welcome to DIDO WIKI

dido:public:ra:xapend:xapend.e_tools:license-scan

Tools: Source Code Scanning and License Compliance

Return to Tools Area

Source: Tools for managing open source programs

  • Black Duck Hub – The commercial Hub service scans code to identify all embedded open source components, and then automatically searches for known vulnerabilities for remediation. It can send alerts when new vulnerabilities are found in your code. https://www.blackducksoftware.com/products/hub
  • FOSSA – This is a commercial tool that automatically performs code dependency tracking, license compliance scanning in the background. http://fossa.io/
  • FOSSology – A Linux Foundation project, FOSSology is an open-source license compliance software toolkit that can run license, copyright and export control scans from the command line. A database and web UI are also available to create compliance workflows. https://www.fossology.org/
  • LicenseFinder – An open-source tool that detects the licenses of the code being used in your projects, compares those licenses against a user-defined whitelist and then provides an actionable report. https://github.com/pivotal/LicenseFinder
  • scancode-toolkit – From nexB, the open source ScanCode suite of utilities scans code for licenses, copyright, and dependencies to find, discover and inventory open source and third-party components used in your code. https://github.com/nexB/scancode-toolkit
  • SPDX – The Software Package Data Exchange (SPDX) specification is a standard format used to describe the components, licenses, and Copyrights associated with software packages. The SPDX standard aids compliance with free and open-source software licenses by standardizing the way license information is shared between developers and companies. The SPDX specification is developed by the SPDX workgroup, which is hosted by The Linux Foundation. The group offers open-source tools to help users of SPDX documents. https://spdx.org/tools
  • WhiteSource – Provides licensing, security, code quality, and reporting analysis for managing open source components in real-time by automatically and continuously scanning dozens of open source repositories on a commercial basis. https://www.whitesourcesoftware.com/
dido/public/ra/xapend/xapend.e_tools/license-scan.txt · Last modified: 2021/10/03 15:31 by nick
Translations of this page: