Compliance Tools

Introduction

This page highlights compliance tools developed by or sponsored by The Linux Foundation and encourages community involvement in the tools' evolution. The tools developed by The Linux Foundation that are described below are licensed under the MIT license. A copy of the license is included as part of the source code package.

Secondarily, this page will list other open source tools of value to the compliance process and commercial tools that may be of interest. If your company or organization has a tool you would like listed, please contact the Open Compliance Program at compliance@linuxfoundation.org.

FOSS Bar Code Tracker

The FOSS Bar Code Tracker, available under the MIT license, simplifies the way FOSS components are tracked and reported in a commercial product.  The tool allows companies to easily generate a custom QR code for each product containing FOSS. The QR code contains important information on the FOSS stack contained in a product, such as component names, version numbers, license information and links to download the source code, among other details.

Access source code via git: http://git.linuxfoundation.org/foss-barcode.git
Subscribe to the mailing list: http://lists.linuxfoundation.org/mailman/listinfo/foss-barcode
File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org

Dependency Checker Tool

Initiated by the Linux Foundation as an open source project, this tool identifies source code combinations at the dynamic and static link levels and provides a license policy framework that enables FOSS Compliance Officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.

Access source code via git: http://git.linuxfoundation.org/dep-checker.git
Subscribe to the mailing list: https://lists.linux-foundation.org/mailman/listinfo/dep-checker-dev
File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org
For more information: Download the Dependency Checker Tool Overview

Code Janitor Tool

Initiated by the Linux Foundation as an open source project, this Code Janitor tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, etc. The tool maintains a database of keywords that are scanned for in the source code files to ensure source code comments are sanitized and ready for public consumption.

Access source code via git: http://git.linuxfoundation.org/janitor.git
Subscribe to the mailing list: https://lists.linux-foundation.org/mailman/listinfo/code-janitor-dev
File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org
For more information: Download the Code Janitor Tool Overview

Other Open Source Compliance Tools

1) Binary Analysis Tool The Binary Analysis Tool is a modular framework that assists with auditing the contents of compiled software. It helps to discover what components were used to create compiled code. The tool is available from: http://www.binaryanalysis.org/en/content/show/download

2) FOSSology FOSSology is a source code scanning tool which provides a framework for software analysis that allows you to discover licenses, parse RPM spec files, determines file types, and unpacks input files (such as .tar, .gz and .iso) into their component files. FOSSology is available from: http://www.fossology.org/


For more information: Download the FOSSology Overview

 

3) OSS Discovery is a free, open source scanning tool that helps enterprises find the open source software included in their internal applications and installed on corporate workstations and servers. OSS Discovery is available from: http://www.openlogic.com/products/scanners.php#oss-discovery.

4) Antepedia is a open source projects search engine that allows everyone to find where jar, files, icons, etc. come from, and check issues regarding license identification, new upgrades, dedicated support, etc. Antepedia is available from: http://www.antepedia.com/

Vendors of Commercial Compliance Tools

Antelink

Black Duck Software

nexB

OpenLogic

Palamida

Protecode