SPDX Announces New Tools to Further Simplify Open Source License Compliance
Samsung contributes two new tools to Linux Foundation SPDX workgroup, increasing efficiency in compliance automation
SAN FRANCISCO, May 13, 2014 – SPDX®, the Software Package Data Exchange standard and a workgroup at The Linux Foundation, today announced new open source tools that will further simplify license compliance automation: Auto IdentifieR functionality for SPDX (AIRS) and a new Open Source Self Inspect Tool (OSIT) for developers. Samsung is contributing both under the Apache 2.0 license and will continue to be maintainers of the projects.
AIRS helps with compliance by enabling scanning tools to more efficiently and automatically identify open source in software packages. Samsung developed AIRS for use with the Protex scanner but it can be modified to work with other tools. With AIRS, a user can export both the Bill of Materials for a package and the identification data to an SPDX file. Once the next party in the supply chain modifies the package, they can import the identification data from the SPDX document and automatically identify all of the unchanged elements from the original package.
The new OSIT allows developers to scan, self-verify their source code and report during development. Developers can import or export SPDX documents with the tool to automatically identify potential issues (AIRS is embedded in OSIT).
Together AIRS and OSIT help further reduce time, complexity and overall cost of managing open source components across the supply chain. Both tools can be accessed, along with other SPDX tools, from the SPDX site: http://spdx.org/spdx-tools/tools-from-the-spdx-workgroup
“As a leader in consumer electronics and a major contributor to and consumer of Linux and other open source projects, Samsung has deep expertise in managing open source licenses and components,” said Black Duck’s Phil Odence, Chair, SPDX workgroup. “It is fantastic that they are so willing to share that expertise with others. The company’s collaboration with the SPDX workgroup and these generous contributions really help to advance the state-of-the-art in open source compliance throughout the community.”
“Linux and open source software are core to our technology strategy at Samsung,” said Ibrahim Haddad, Head of Open Source, Samsung Research America. “By contributing these tools to SDPX and the open source community, we hope to help many companies around the world and that AIRS/OSIT can be supported by other commercial and open source scanning tools in the future.”
SPDX enables any party in a software supply chain, from the original author to the final end user, to accurately communicate the licensing information for the software they distribute, and to make such information available in a consistent, understandable, and re-usable fashion. The aim is to facilitate communication between software supply chain partners and reduce the overall effort involved with license compliance.
SPDX is developed with participation by a wide range of industry and open source community heavyweights, including: Alcatel-Lucent, Antelink, Black Duck Software, Cisco, HP, Linaro, Micro Focus, nexB, OpenLogic, Palamida, Protecode, Samsung, Source Auditor, Texas Instruments, University of Nebraska Omaha, University of Victoria, and Wind River.
To learn more about SPDX and how to participate, please visit: http://spdx.org
About The Linux Foundation
The Linux Foundation is a nonprofit consortium dedicated to fostering the growth of Linux and collaborative software development. Founded in 2000, the organization sponsors the work of Linux creator Linus Torvalds and promotes, protects and advances the Linux operating system and collaborative software development by marshaling the resources of its members and the open source community. The Linux Foundation provides a neutral forum for collaboration and education by hosting Collaborative Projects, Linux conferences, including LinuxCon and generating original research and content that advances the understanding of Linux and collaborative software development. More information can be found at http://www.linuxfoundation.org.
# # #
The Linux Foundation, Linux Standard Base, MeeGo, Tizen and Yocto Project are trademarks of The Linux Foundation. OpenBEL is a trademark of OpenBEL Consortium. OpenDaylight is a trademark of the OpenDaylight Project. Linux is a trademark of Linus Torvalds