diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..cb39ee85 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.DS_Store +**/.DS_Store +Gemfile.lock +_site/ diff --git a/README.md b/README.md index 227d8eef..8878c737 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,38 @@ -# FOSSLight +# FOSSLight Hub +[FOSSLight Hub](https://github.com/fosslight/fosslight)는 오픈소스와 라이선스를 관리하고, 오픈소스 컴플라이언스 프로세스를 순차적으로 처리할 수 있는 통합 시스템이자 보안 취약점, Supply Chain 관리 및 SBOM(Software Bill of Materials) 관리 등 오픈소스와 관련된 모든 것을 관리할 수 있는 올인원 시스템입니다. +본 가이드 페이지는 FOSSLight Hub 기본 사용 방법과 tutorial, 개발 환경 세팅 방법 및 maintenance 팁 등 고급 기능들에 대해 설명하고 있습니다. -FOSSLight 프로젝트는 오픈소스를 통합적으로 관리할 수 있는 시스템인 [FOSSLight Hub](#fosslight-hub)와 오픈소스 분석을 수행하는 [FOSSLight Scanner](#fosslight-scanner)로 구성되어 있습니다. +## Contents -## FOSSLight Hub -[FOSSLight Hub](https://github.com/fosslight/fosslight)는 오픈소스와 라이선스를 관리하고, 오픈소스 컴플라이언스 프로세스를 순차적으로 처리할 수 있는 통합 시스템이자 보안 취약점, Supply Chain 관리 및 Software BOM(Bill of Materials) 관리 등 오픈소스와 관련된 모든 것을 관리할 수 있는 올인원 시스템입니다. -본 가이드 페이지는 FOSSLight Hub 기본 사용 방법과 tutorial, 개발 환경 세팅 방법 및 maintenance 팁 등 고급 기능들에 대해 설명하고 있습니다. [FOSSLight Hub 목차](about) 페이지에서 해당 내용 확인하실 수 있습니다. +### FOSSLight Hub 메뉴 +- [로그인 및 계정 등록](menu/1_sign.md) +- [License 정보](menu/2_license.md) +- [Open Source 정보](menu/3_oss.md) +- [Project](menu/4_project.md) +- [3rd Party](menu/5_third-party.md) +- [Binary DB](menu/10_binarydb.md) +- [Vulnerability](menu/7_vulnerability.md) +- [Self-Check](menu/6_self-check.md) +- [(LGE Only)Compliance Status](menu/11.compliance_status.md) +- [System](menu/9_system.md) -## FOSSLight Scanner -[FOSSLight Scanner](scanner)는 Prechecker, Dependency Scanner, Source Scanner, Binary Scanner 4가지의 스캐너로 구성되어 있으며, FOSSLight Scanner를 통해 4개 스캐너의 통합 결과를 생성하도록 수행할 수 있습니다. -![](about/images/fosslight_scanner.png) +### FOSSLight Hub 기본 Tutorial +- [Project Tutorial](tutorial/1_project/README.md) : Project를 등록하여 Open Source Compliance 순차적으로 수행하기 +- [Self-check Tutorial](tutorial/2_self_check/README.md) : Self-check로 Open Source 의무 사항 및 보안취약점 간단히 확인하기 -각 Scanner에 대한 설치 및 사용 방법에 대한 가이드는 FOSSLight Scanner 하위 가이드 페이지에서 확인하실 수 있습니다. -#### FOSSLight Prechecker -[FOSSLight Prechecker](scanner/1_prechecker.md)는 소스 코드 내에 저작권 및 라이선스 규칙을 준수했는지 확인하고 또 저작권 및 라이선스, Download Location 정보를 쉽게 추가할 수 있도록 도와주는 도구로, 잘 활용할수록 불필요한 오픈소스 스캐닝을 막을 수 있습니다. 예를 들어 개발 초기부터 FOSSLight Prechecker를 활용하여 직접 개발한 소스 코드와 오픈소스 코드에 대하여 저작권 및 라이선스, Download Location 정보를 명확하게 표기하도록 관리한다면 별도의 스캐닝 작업 없이도 오픈소스 사용을 정확하게 파악할 수 있습니다. +### FOSSLight Hub 고급 기능 +- [개발 환경 세팅](advanced/1_developer.md) +- [REST API](advanced/2_rest_api_2.md) +- [Maintenance](advanced/3_maintenance.md) -#### FOSSLight Source Scanner -[FOSSLight Source Scanner](scanner/2_source.md)는 소스 코드 스캐닝을 수행하는 도구로, 소스 코드의 문자열을 검색하여 저작권과 라이선스 문구를 검출하는 ScanCode 와 코드 조각 스캐닝을 지원하는 scanoss 를 이용하여 오픈소스 분석을 수행합니다. +### CONTRIBUTION +- [Report an issue](contribution/1_contribution.md) -#### FOSSLight Dependency Scanner -[FOSSLight Dependency Scanner](scanner/3_dependency.md)는 여러 패키지 매니저에 대한 종속성 분석을 통하여 오픈소스 정보를 추출하는 도구로, 패키지 매니저의 Manifest 파일을 자동으로 감지하고 각 패키지 매니저별로 종속성을 분석한 후 오픈소스 정보가 포함된 보고서 파일을 생성합니다. 이때 재귀적으로 종속성 분석을 해주기 때문에, 1차 종속성만 분석하는 디펜던시 스캐너에 비해 실제 사용된 모든 오픈소스 정보를 추출할 수 있습니다. +### LEARN MORE +- [FOSSLight Report](learn/2_fosslight_report.md) -#### FOSSLight Binary Scanner -[FOSSLight Binary Scanner](scanner/4_binary.md)는 바이너리 형태의 파일을 찾아서 바이너리 파일 목록을 추출한 후, 연계된 데이터베이스에 검출한 바이너리의 오픈소스 정보가 있다면 자동으로 오픈소스 정보를 출력해주는 도구입니다. 이는 바이너리 자체를 분석하는 방법이 아니기 때문에, 데이터베이스 정보가 많아야 바이너리 분석이 잘 수행될 수 있으니 참고하시기 바랍니다. +## License +FOSSLight Hub는 Open Source License인 [AGPL-3.0][agpl]로 배포되고 있습니다. + +[agpl]: https://github.com/fosslight/fosslight/blob/main/LICENSE diff --git a/_config.yml b/_config.yml index 72e4c29e..8f516fdb 100644 --- a/_config.yml +++ b/_config.yml @@ -1,18 +1,18 @@ -base_url: /fosslight-guide -title: FOSSLight Guide +base_url: /hub-guide +title: FOSSLight Hub Guide lang: ko -description: FOSSLight Korean Guide +description: FOSSLight Hub Korean Guide remote_theme: fosslight/guide_theme -top_link: "https://fosslight.github.io/fosslight-guide-en" +top_link: "https://fosslight.github.io/hub-guide-en" top_link_word: "English" addons_title: "FOSSLight Homepage" -addons_url: "https://fosslight.org/ko" +addons_url: "https://fosslight.org" google: - gtag: UA-196813776-3 + gtag: G-7EHWGTQYDY readme_index: with_frontmatter: true diff --git a/_includes/extra/styles.scss b/_includes/extra/styles.scss index 527cc3ac..8eed3640 100644 --- a/_includes/extra/styles.scss +++ b/_includes/extra/styles.scss @@ -279,4 +279,271 @@ body { margin: 0 0 40px; padding: 0; font-size: 16px; +} + +//style 추가 +$border-color: #DDDDDD; // 테두리 색상 +$highlight-color: #0066CC; // 강조 색상 +$font-family: 'Courier New'; // 폰트 패밀리 +$padding: 2px 6px; // 패딩 +$border-radius: 4px; // 테두리 반경 + +// 테이블 스타일 +table { + width: 100%; + border-collapse: collapse; +} + +// 강조 스타일 +.highlight { + font-family: $font-family; + font-weight: 600; + color: $highlight-color; + border: 1px solid $border-color; + padding: $padding; + border-radius: $border-radius; +} + +.highlight-black { + font-family: $font-family; + font-weight: 600; + border: 1px solid $border-color; + padding: $padding; + border-radius: $border-radius; +} + +.highlight_table { + font-weight: bold; /* 글씨 굵게 */ + padding: 6px 12px; /* 여백 추가 */ + display: inline-block; +} + +.gray-text { + color: gray; +} + +// 도트 및 화살표 스타일 +.large-dot { + font-size: 1em; // 도트 크기 조정 + color: inherit; // 기본 텍스트 색상으로 설정 +} + + +// 설명 스타일 +.description { + padding-left: 20px; // 왼쪽 여백 추가 +} + +//h3 제목 스타일 +.specific-title { + font-size: 16px !important; + color: #000000; + text-align: left; + margin-top: 5px; + margin-bottom: 0; // 제목 아래의 간격을 없앰 + padding: 7px; + border: none; + background: linear-gradient(to bottom, #ffe4e1, #fff3f3); /* 회색에서 핑크로 그라데이션 */ + //background-color: #ffe4e1; + border-radius: 5px; + display: inline-block; + border-left: 3px solid #f8a8a8; + /*width: 100%; */ +} + +//h2 제목 스타일 +.left-bar-title { + color: #000000; + text-align: left; + padding: 10px 2px; /* 패딩으로 높이를 조절 */ + padding-left: 15px; + //border-left: 10px solid #413f3f; + border-left: 5px solid #444444; + border-radius: 5px; + display: block; + background-color:#E6E6E6; + background: linear-gradient(to bottom, #797979, #ffffff); + width: 100%; + margin: 150px 0 20px 0; +} + +//h4 제목 스타일 +.under-bar-title { + position: relative; // 위치 설정 + display: inline-block; + font-size: 0.9rem !important; + // 헤더 아래에 선 추가 + &::after { + content: ""; // 가상 요소 생성 + display: block; // 블록 요소로 설정 + width: calc(100% - 10px); // 텍스트 너비에서 오른쪽 여백을 줄임 + height: 2px; // 선의 두께를 2px로 설정 (현재의 2배) + background: linear-gradient(to right, #413f3f, #ffe4e1 ); // 그라데이션 색상 + margin-top: 5px; // 헤더와 선 사이의 여백 + position: absolute; // 절대 위치 + left: 0; // 왼쪽 정렬 + bottom: -5px; // 헤더 아래 위치 + } +} + + +// h5 제목 스타일 +.under-2bar-title { + position: relative; // 위치 설정 + display: inline-block; + font-size: 0.85rem !important; + text-indent: 20px; // 텍스트 첫 번째 줄에 20px 들여쓰기 추가 + + // 첫 번째 파란색 선 + &::after { + content: ""; // 가상 요소 생성 + display: block; // 블록 요소로 설정 + width: 100%; // 전체 너비 + height: 2px; // 선의 두께 + background-color: #0000ff; // 파란색 + margin-top: 5px; // 제목과 선 사이의 간격 + position: absolute; + left: 0; // 왼쪽 정렬 + bottom: -5px; // 첫 번째 선의 위치 + } + + // 두 번째 파란색 선 + &::before { + content: ""; // 가상 요소 생성 + display: block; // 블록 요소로 설정 + width: 100%; // 전체 너비 + height: 2px; // 선의 두께 + background-color: #0000ff; // 파란색 + margin-top: 2px; // 첫 번째 선과 두 번째 선 사이의 간격 + position: absolute; + left: 0; // 왼쪽 정렬 + bottom: -7px; // 두 번째 선의 위치 (첫 번째 선보다 아래로) + } +} + + +.markdown-body p, +.markdown-body ul li, +.markdown-body ol li, +.markdown-body details summary, +.markdown-body table th, +.markdown-body table td { + font-size: 0.85rem; /* 폰트 크기 설정 */ + color: inherit; /* 부모의 색상 상속 */ + padding: 1px; /* 셀 안의 여백 조정 */ + line-height: 1.4; /* 줄 간격 줄이기 (기본은 보통 1.5~1.6) */ + margin-top: 2px; /* 요소 위 간격 살짝 */ + margin-bottom: 2px; /* 요소 아래 간격도 살짝 */ +} + + +.note { + background-color: #faf9f4; /* 연한 노란색 배경 */ + border: 1px solid #ffeeba; /* 노란색 테두리 */ + color: #5e4701; /* 어두운 노란색 글자 */ + padding: 10px; /* 내부 여백 */ + border-radius: 4px; /* 모서리 둥글게 */ + font-size: 0.85rem; /* 폰트 크기 설정 */ +} + +.youtube-container { + text-align: left; // 왼쪽 정렬 + margin-top: 0; // YouTube 비디오 위 간격 + margin-bottom: 0; // YouTube 비디오 아래 간격 + position: relative; + display: block; // display를 block 새로운 줄에 배치 + background-color: #f5f5f5; // 배경 색상 + padding: 10px; // 여백을 줄여서 비디오 주변 공간을 최소화 + border-radius: 8px; + width: 560px; // 고정된 YouTube iframe의 너비 + height: 315px; // 고정된 YouTube iframe의 높이 + margin-left: 0; // 왼쪽 정렬을 확실하게 적용하기 위해서 margin-left 추가 + margin-right: 0; // 오른쪽 여백을 없애기 + + iframe { + width: 100%; // iframe을 div 크기에 맞게 조정 + height: 100%; // iframe 높이를 부모 요소의 높이에 맞게 설정 + display: block; // 블록 요소로 설정 + margin: 0; // 여백을 0으로 설정하여 왼쪽으로 정렬 + border-radius: 8px; + } +} + + +.styled-image { + max-width: 100%; /* 화면 크기에 맞게 이미지를 크기 조정 */ + height: auto; /* 비율을 유지하면서 높이 자동 설정 */ + display: block; /* 블록 요소로 설정하여 새로운 줄에 배치 */ + float: none; /* <-- 명시적으로 float 제거 */ + clear: both; + margin: 0; /* 여백을 0으로 설정 */ + margin-right: 20px; /* 이미지와 텍스트 사이에 간격 추가 */ + margin-bottom: 20px; + border: 2px solid #ddd; /* 얇은 테두리 추가 */ + border-radius: 8px; /* 둥근 테두리 */ + box-shadow: 0px 4px 6px rgba(0, 0, 0, 0.1); /* 부드러운 그림자 */ +} + + +.styled-image_nofloat { + max-width: 100%; /* 화면 크기에 맞게 이미지를 크기 조정 */ + display: block; /* 블록 요소로 설정하여 새로운 줄에 배치 */ + margin: 0; /* 여백을 0으로 설정 */ + margin-right: 20px; /* 이미지와 텍스트 사이에 간격 추가 */ + margin-bottom: 20px; /* 이미지 아래에 20px의 마진 추가 */ + border: 2px solid #ddd; /* 얇은 테두리 추가 */ + border-radius: 8px; /* 둥근 테두리 */ + box-shadow: 0px 4px 6px rgba(0, 0, 0, 0.1); /* 부드러운 그림자 */ + clear: both; /* float된 요소 아래로 텍스트가 내려가도록 처리 */ +} + +.list-with-dot { + padding-left: 10px; + margin: 0; + list-style-type: disc; +} + +.oss-warning-table { + table { + width: 100%; + border-collapse: collapse; + table-layout: fixed; // 열 너비 고정을 위해 추가 + font-family: Arial, sans-serif; + + th, td { + border: 1px solid #ccc; + padding: 10px 10px; // 원래보다 간결한 여백 + text-align: left; + vertical-align: top; + background-color: white; + word-break: keep-all; // ★ 단어 기준 줄바꿈 + white-space: normal; + } + + th { + background-color: #f2f2f2; + font-weight: bold; + text-align: center; + } + // 2번째 컬럼(Warning message) 너비 고정 + th.warning-col { + width: 250px; + } + + // 커스텀 도트가 붙는 줄 정의 + .dot-line { + position: relative; + padding-left: 1em; + + &::before { + content: "●"; + position: absolute; + left: 0; + top: 0; + color: #000; // 도트 색상 + font-size: 0.75em; + line-height: 1.4; + } + } + } } \ No newline at end of file diff --git a/_site/tips/images/project/bom_compare/bom_compare_how.png b/_site/tips/images/project/bom_compare/bom_compare_how.png new file mode 100644 index 00000000..1380e21a Binary files /dev/null and b/_site/tips/images/project/bom_compare/bom_compare_how.png differ diff --git a/_site/tips/images/project/bom_compare/bom_compare_result.png b/_site/tips/images/project/bom_compare/bom_compare_result.png new file mode 100644 index 00000000..29483a4e Binary files /dev/null and b/_site/tips/images/project/bom_compare/bom_compare_result.png differ diff --git a/about/README.md b/about/README.md deleted file mode 100644 index f1762799..00000000 --- a/about/README.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -sort: 1 -published: true -title: 🚩FOSSLight Hub ---- -# Contents -FOSSLight Hub에 대한 가이드 목차입니다. - -## FOSSLight Hub 시작 가이드 -- [Quick Start](../started/1_install.md) -- FOSSLight Hub 메뉴 - - [로그인 및 계정 등록](../started/2_try/1_sign.md) - - [OSS(Open Source Software) 정보](../started/2_try/2_oss.md) - - [License 정보](../started/2_try/3_license.md) - - [Project](../started/2_try/4_project.md) - - [3rd Party](../started/2_try/5_third-party.md) - - [Self-Check](../started/2_try/6_self-check.md) - - [Vulnerability](../started/2_try/7_vulnerability.md) - - [Configuration](../started/2_try/8_configuration.md) - - [System](../started/2_try/9_system.md) - -## FOSSLight Hub 기본 Tutorial -- [Project Tutorial](../tutorial/1_project.md) : Project를 등록하여 OSC Process를 순차적으로 수행하기 -- [Self-check Tutorial](../tutorial/2_self_check.md) : Self-check로 Open Source 정보 간단히 확인하기 - -## FOSSLight Hub 고급 기능 -- [개발 환경 세팅](../features/1_developer.md) -- [REST API](../features/2_rest_api.md) -- [Maintenance](../features/3_maintenance.md) - -## License -FOSSLight Hub는 Open Source License인 [AGPL-3.0][agpl]로 배포되고 있습니다. - -[agpl]: https://github.com/fosslight/fosslight/blob/main/LICENSE diff --git a/about/images/3rdparty1.png b/about/images/3rdparty1.png deleted file mode 100644 index a137a77d..00000000 Binary files a/about/images/3rdparty1.png and /dev/null differ diff --git a/about/images/3rdparty2.png b/about/images/3rdparty2.png deleted file mode 100644 index 99c6a75b..00000000 Binary files a/about/images/3rdparty2.png and /dev/null differ diff --git a/about/images/3rdparty3.png b/about/images/3rdparty3.png deleted file mode 100644 index 1c9e53cd..00000000 Binary files a/about/images/3rdparty3.png and /dev/null differ diff --git a/about/images/check1.png b/about/images/check1.png deleted file mode 100644 index dde74873..00000000 Binary files a/about/images/check1.png and /dev/null differ diff --git a/about/images/check2.png b/about/images/check2.png deleted file mode 100644 index cbf39b52..00000000 Binary files a/about/images/check2.png and /dev/null differ diff --git a/about/images/check3.png b/about/images/check3.png deleted file mode 100644 index 43c3aa60..00000000 Binary files a/about/images/check3.png and /dev/null differ diff --git a/about/images/data1.png b/about/images/data1.png deleted file mode 100644 index 60fc9945..00000000 Binary files a/about/images/data1.png and /dev/null differ diff --git a/about/images/data2.png b/about/images/data2.png deleted file mode 100644 index d1a1dc06..00000000 Binary files a/about/images/data2.png and /dev/null differ diff --git a/about/images/data3.png b/about/images/data3.png deleted file mode 100644 index cde29943..00000000 Binary files a/about/images/data3.png and /dev/null differ diff --git a/about/images/fosslight_scanner.png b/about/images/fosslight_scanner.png deleted file mode 100644 index 58ec95d8..00000000 Binary files a/about/images/fosslight_scanner.png and /dev/null differ diff --git a/about/images/lock2.png b/about/images/lock2.png deleted file mode 100644 index b19205c2..00000000 Binary files a/about/images/lock2.png and /dev/null differ diff --git a/about/images/process1.png b/about/images/process1.png deleted file mode 100644 index 570cc6d0..00000000 Binary files a/about/images/process1.png and /dev/null differ diff --git a/about/images/process1_2.png b/about/images/process1_2.png deleted file mode 100644 index bd8ebd54..00000000 Binary files a/about/images/process1_2.png and /dev/null differ diff --git a/about/images/process2.png b/about/images/process2.png deleted file mode 100644 index 7525a4f3..00000000 Binary files a/about/images/process2.png and /dev/null differ diff --git a/about/images/process3.png b/about/images/process3.png deleted file mode 100644 index 0ee701c6..00000000 Binary files a/about/images/process3.png and /dev/null differ diff --git a/about/images/process4.png b/about/images/process4.png deleted file mode 100644 index 4741d6a8..00000000 Binary files a/about/images/process4.png and /dev/null differ diff --git a/about/images/vul1.png b/about/images/vul1.png deleted file mode 100644 index d26732b0..00000000 Binary files a/about/images/vul1.png and /dev/null differ diff --git a/features/1_developer.md b/advanced/1_developer.md similarity index 93% rename from features/1_developer.md rename to advanced/1_developer.md index 649aee49..ef84396e 100644 --- a/features/1_developer.md +++ b/advanced/1_developer.md @@ -39,7 +39,7 @@ docker-compose up --build 1. JAVA를 설치합니다.: [https://openjdk.java.net][java] 2. DDL : [fosslight_create.sql][sql] 3. MariaDB 또는 Mysql 설치합니다. : [https://mariadb.org/download][maria] -4. Database 생성 및 초기 Data 등록 +4. Database 생성 및 초기 Data 등록 ``` mysql -u root -p < fosslight_create.sql ``` @@ -48,6 +48,15 @@ mysql -u root -p < fosslight_create.sql mysql -u root -p < fosslight_create.sql ``` 접속 계정이 이미 존재하거나, 다른 계정을 사용하는 경우 CREATE USER 및 GRANT 부분을 삭제(또는 변경) 합니다. +5. 시스템에 tree package를 설치합니다. : +- Ubuntu +``` +sudo apt-get install tree +``` +- MacOS +``` +brew install tree +``` ### IDE Configuration @@ -151,6 +160,7 @@ docker-compose restart fosslight_web ``` ### NVD Data 세팅 -서버 세팅 후 최초 1회 NVD Data를 2002년 Data부터 다운로드 받도록 설정합니다. : [NVD Data 다운로드](https://fosslight.org/fosslight-guide/features/3_maintenance.html#nvd-data%EB%A5%BC-2002%EB%85%84-data%EB%B6%80%ED%84%B0-%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C-%EB%B0%9B%EA%B8%B0) +서버 세팅 후 최초 1회 NVD Data를 2002년 Data부터 다운로드 받도록 설정합니다. : [NVD Data 다운로드](https://fosslight.org/hub-guide/advanced/3_maintenance.html#nvd-data%EB%A5%BC-2002%EB%85%84-data%EB%B6%80%ED%84%B0-%EB%8B%A4%EC%9A%B4%EB%A1%9C%EB%93%9C-%EB%B0%9B%EA%B8%B0) [local]: http://localhost:8180 + diff --git a/features/2_rest_api.md b/advanced/2_rest_api.md similarity index 97% rename from features/2_rest_api.md rename to advanced/2_rest_api.md index db447c5e..b8e56dec 100644 --- a/features/2_rest_api.md +++ b/advanced/2_rest_api.md @@ -1,7 +1,8 @@ -# REST API -```note -FOSSLight Hub의 기능을 REST API로 호출할 수 있습니다. -``` +# (Deprecated) REST API v1 +
+FOSSLight Hub의 기능을 REST API로 호출할 수 있습니다.
+REST API V1은 25년 3월까지 지원됩니다. 4월부터는 REST API v2를 이용해 주시기 바랍니다. +
## 시작하기 ### TOKEN 발행 diff --git a/advanced/2_rest_api_2.md b/advanced/2_rest_api_2.md new file mode 100644 index 00000000..ed16f2e7 --- /dev/null +++ b/advanced/2_rest_api_2.md @@ -0,0 +1,660 @@ +# REST API v2 +FOSSLight Hub의 기능을 REST API로 호출할 수 있습니다. +

+ +## 시작하기 +{: .left-bar-title } +REST API를 호출하기 위해서는 **Token**을 발급이 필요합니다. +**Token**은 Admin 계정에서만 발급 가능하며, 일반 사용자는 Admin에게 발급 요청 후 사용하실 수 있습니다. +### Admin +{: .specific-title } +1. **Admin 계정**으로 로그인합니다. +2. **System > User Management** 탭에서 각 **User**별로 **Token**을 발급할 수 있습니다. + +### 일반 사용자 +{: .specific-title } +1. Admin에게 **Token** 발급을 요청합니다. +2. 발급된 **Token**은 [User Settings](https://fosslight.org/hub-guide/tips/5_etc/1_user_settings.html)에서 확인할 수 있습니다. + +


+ + +## REST API 종류 +{: .left-bar-title } +API 동작 확인은 하기 링크에서 가능합니다. +- 운영 서비스용(LGE Only) : https://osc.lge.com/swagger-ui/index.html?urls.primaryName=v2 (연동 서버 : http://osc.lge.com)
+- 테스트용(LGE Only) : http://osc-dev.lge.com/swagger-ui/index.html?urls.primaryName=v2 (연동 서버 : http://osc-dev.lge.com)
+- 엔터프라이즈 : https://enterprise.fosslight.org/swagger-ui/index.html?urls.primaryName=v2 (연동 서버 : http://enterprise.fosslight.org)
+ +### 0. Header +{: .specific-title } +Swagger UI 사용 시 Token 입력은 인증을 편리하게 하기 위해 제공되는 기능으로, Curl이나 별도의 API 테스트를 진행할 경우 API마다 token 정보를 header에 포함해야 합니다.
+ + + + + + + + + + + + + + +
KeyRequiredTypeValue
AuthorizationOString발급받은 토큰 정보
+ +- **Swagger UI 사용 시 Token 입력 방법** + - Authorize 버튼을 클릭합니다. + ![OpenAPI](images/rest_api_authorize.png){: style="width:500px; height:150px;" .styled-image} + - 팝업에서 Value에 token 정보를 입력한 후, Authorize 버튼을 클릭합니다. + ![Authorize](images/rest_api_authorize_detail.png){: style="width:500px; height:250px;" .styled-image} + + +### 1. OSS & License 정보 조회 +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/licenseJSON + License 정보를 조회합니다.

+
    +
  • licenseName: 조회할 라이선스 이름
    • +
  • licenseNameExact: true로 설정하면 정확히 일치하는 라이선스만 조회 (default=Y)
    • +
  • couterPerPage: 한 번에 조회할 아이템의 개수 (default = 10000)
    • +
  • page: 조회할 페이지 번호 (default = 1)
    • +
+
GET /api/v2/ossJSON + Open Source 정보를 조회합니다.

+
    +
  • downloadLocation: 조회할 download location 값
    • +
  • downloadLocationExact: true로 설정하면 정확히 일치하는 Open Source만 조회 (default = Y)
    • +
  • ossName: 조회할 Open Source 이름
    • +
  • ossNameExact: true로 설정하면 정확히 일치하는 Open Source만 조회 (default = Y)
    • +
  • ossVersion: 조회할 오Open Source 버전
    • +
  • couterPerPage: 한 번에 조회할 아이템의 개수 (default = 10000)
    • +
  • page: 조회할 페이지 번호 (default = 1)
    • +
+
POST /api/v2/ossJSON + (Admin only) Open Source를 등록합니다.

+
    +
  • ossMaster포맷에 맞춰 데이터 입력
    • +
+
GET /api/v2/refine-download-locationJSON + (Admin only) OSS 정보를 정제합니다.

+
    +
  • UPDATE DOWNLOAD LOCATION FORMAT: Download location을 업데이트
    • +
  • REMOVE DUPLICATED DOWNLOAD LOCATION: 중복 제거
    • +
  • PUT PURL: PURL 업데이트
    • +
  • REMOVE DUPLICATED PURL: 중복된 PURL 삭제
    • +
  • REORDER GITHUB PRIORITY: "github.com" 포함된 download location 우선순위 변경
    • +
  • REFINE ALL: 위 사항을 순서대로 실행
    • +
+
+ +### 2. 3rd Party 정보 조회 +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/partnersJSON + 3rd Party의 정보를 조회합니다.

+
    +
  • createDate: 3rd party 생성 날짜 기준으로 조회 (fromDate-toDate)
    • +
  • creator: 3rd party 생성자 정보 기준으로 조회
    • +
  • division: division 정보 기준으로 조회
    • +
  • partnerIdList: 3rd party ID 기준으로 조회. 리스트 형태로 여러 개 입력 가능
    • +
  • status: 3rd party의 상태 기준으로 조회
    • +
  • updateDate: 3rd party 수정 날짜 기준으로 조회 (fromDate-toDate)
    • +
  • couterPerPage: 한 번에 조회할 아이템의 개수 (default = 1000)
    • +
  • page: 조회할 페이지 번호 (default = 1)
    • +
+
GET /api/v2/partners/{id}/sbom/fileFILE + 3rd party SBOM export - 파일 형태로 다운로드

+
    +
  • (required) format: 추출할 파일 포맷
    • +
  • (required) id: 조회할 대상인 3rd party ID
    • +
+
GET ​/api​/v2​/partners​/{id}​/sbom/json-dataJSON + 3rd party SBOM export - JSON 형태로 받음

+
    +
  • (required) id: 대상 3rd party ID
    • +
+
POST /api/v2/partners/{id}/editorsJSON + 3rd party에 editor를 추가함

+
    +
  • (required) emailList: 추가할 editor의 이메일 정보
    • +
  • (required) id: 대상 3rd party ID
    • +
+
+ +### 3. Project 정보 조회, 생성, FOSSLight Report 등록, Packaging 파일 업로드, SBOM Export, Project 비교 +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/projectsJSON + 아래 항목을 포함한 Project의 정보를 조회합니다.

+
    +
  • createDate: Project 생성한 날짜 기준으로 조회 (fromDate-toDate)
    • +
  • creator: 생성한 사람 정보 기준으로 조회
    • +
  • division: division 정보 기준으로 조회
    • +
  • modelName: model 이름 기준으로 조회
    • +
  • modelNameExactYn: true로 설정하면 model name에 입력한 값과 정확히 일치하는 프로젝트만 조회
    • +
  • prjIdList: project ID 기준으로 조회. list형태로 여러개 입력 가능
    • +
  • prjName: project 이름 기준으로 조회
    • +
  • prjNameExactYn: true로 설정하면 project name에 입력한 값과 정확히 일치하는 프로젝트만 조회
    • +
  • status: Project의 status기준으로 조회
    • +
  • updateDate: Project의 수정한 날짜 기준으로 조회 (fromDate-toDate)
    • +
  • couterPerPage: 한 번에 조회할 아이템의 개수 (default = 1000, max = 1000)
    • +
  • page: 조회할 페이지 번호 (default = 1)
    • +
+
POST /api/v2/projectsJSON + Project 생성을 위한 API. 생성된 project ID가 리턴됨

+
    +
  • additional Information: 프로젝트의 추가 정보
    • +
  • distributionSite: 배포 사이트 선택 (/api/v2/codes 값으로 입력)
    • +
  • distributionType: 배포 타입 선택 (/api/v2/codes 값으로 입력)
    • +
  • networkServerType: 네트워크 서버 여부 선택
    • +
  • noticeType: 고지문 타입 선택 (/api/v2/codes 값으로 입력)
    • +
  • noticeTypeEtc: Platform-generate인 경우 타입 선택 (/api/v2/codes 값으로 입력)
    • +
  • (required) osType: OS 타입 선택 (/api/v2/codes 값으로 입력)
    • +
  • osTypeEtc: 추가적인 OS 타입 정보
    • +
  • priority: 프로젝트의 긴급 여부에 따라 우선순위 선택 (/api/v2/codes 값으로 입력)
    • +
  • (required) prjName: 프로젝트 이름
    • +
  • prjVersion: 프로젝트 버전
    • +
  • publicYn: View Permission 정보 (Y: Everyone, N: Creator & Editor) (default = Y)
    • +
  • userComment: 유저 커맨트
    • +
+
GET /api/v2/projects/models>JSON + Project의 모델 정보 조회

+
    +
  • (required) prjIdList: 조회할 대상인 project ID 정보. list형태로 입력 가능
    • +
+
DELETE /api/v2/projects/{id}JSON + Project를 삭제함 (Distribution 진행되지 않은 프로젝트만 삭제 가능)

+
    +
  • (required) id: 기준 project ID
    • +
+
GET /api/v2/projects/{id}/sbom/compare-with/{compareId}JSON + Project SBOM Compare

+
    +
  • (required) compareId: 비교할 project ID
    • +
  • (required) id: 기준 project ID
    • +
+
GET /api/v2/projects/{id}/sbom/fileJSON + Project SBOM export - 파일 형태로 다운로드

+
    +
  • (required) format: 추출할 파일 포맷
    • +
  • (required) id: 대상 project ID
    • +
  • saveFlag: API 실행 시점의 정보로, SBOM을 최신화 할지 여부 선택 (default = Y)
    • +
+
GET /api/v2/projects/{id}/sbom/json-dataJSON + Project SBOM export - JSON 형태로 받음

+
    +
  • (required) id: 대상 project ID
    • +
  • saveFlag: API 실행 시점의 정보로, SBOM을 최신화 할지 여부 선택 (default = Y)
    • +
+
POST /api/v2/projects/{id}/editorsJSON + Project에 editor를 추가함

+
    +
  • (required) emailList: 추가할 editor의 이메일 정보
    • +
  • (required) id: 대상 project ID
    • +
+
POST /api/v2/projects/{id}/modelsJSON + Model 정보 문자열 목록을 통해 Project의 Model 정보를 업데이트합니다.
+ (단, Model을 추가할 뿐 Distribute 되지는 않습니다. Model 정보를 추가 후 Distribute가 필요한 경우 Distribution탭으로 이동 후 Distribute 진행해주시기 바랍니다.)

+
    +
  • (required) id: 대상 project ID
    • +
  • (required) modelListToUpdate: Model 정보 문자열 목록 (format: MODEL_NAME|Category|Release Date)
    - ex. MODEL_NAME|ETC > Etc|20220428
    • +
+
POST ​/api​/v2​/projects​/{id}​/models​/uploadJSON + Model List 엑셀 파일을 통해 Project의 Model 정보를 업데이트합니다.
+ (단, Model을 추가할 뿐 Distribute 되지는 않습니다. Model 정보를 추가 후 Distribute가 필요한 경우 Distribution탭으로 이동 후 Distribute 진행해주시기 바랍니다.)

+
    +
  • (required) id: 대상 project ID
    • +
  • (required) modelReport: Model List의 엑셀 파일 : Project > Project Information 탭 > Download 버튼 클릭
    • +
+ 모델 리스트 엑셀 파일 +
GET /api/v2/projects/{id}/noticeJSON + Notice 파일을 받을 project ID

+
    +
  • (required) id: 대상 project ID
    • +
+
POST /api/v2/projects/{id}/packagesJSON + Project에 package 파일 업로드

+
    +
  • packageFile: 업로드할 패키지 파일
    • +
  • (required) id: 대상 project ID
    • +
  • verifyFlag: 업로드 한 파일에 대해 verify 진행 여부 (default = N)
    • +
+
POST /api/v2/projects/{id}/security-mail- + 해당 프로젝트에 대한 Vulnerability 메일 수신 여부를 업데이트 합니다.

+
    +
  • (required) id: 대상 project ID
    • +
  • (required) secMailYn: Security Enable (Y: Enable, N: Disable)
    • +
  • secMailDesc: Disable로 설정하는 사유 (secMailYn이 N일때 필수 입력)
    • +
+
POST /api/v2/projects/{id}/security-person- +
Creator, Editor와 함께 FOSSLight Hub에서 발송되는 Security 메일을 받을 사람을 업데이트 합니다.
+ (LGE Only) PSMS에서 생성되는 이슈의 assignee를 업데이트 합니다.

+
    +
  • (required) id: 대상 project ID
    • +
  • (required) userId: 대상 담당자 ID (FOSSLight Hub에 등록된 사람에 한하여 입력 가능함)
    • +
+
GET /api/v2/projects/{id}/security/json-dataJSON + Project에서 검출된 보안취약점 정보를 JSON 형태로 받음

+
    +
  • (required) id: 대상 project ID
    • +
+
POST /api/v2/projects/{id}/{tab_name}/oss-load- + Project에 이전 프로젝트에서 리뷰된 Open Source 정보를 로드함 (Identification confirm 된 프로젝트만 로드 가능)

+
    +
  • (required) id: 대상 project ID
    • +
  • prjToLoad: 로드할 프로젝트 ID (search condition이 id인 경우 입력)
    • +
  • prjNameToLoad: 로드할 프로젝트 이름 (search condition이 name인 경우 입력)
    • +
  • prjVersionToLoad: 로드할 프로젝트 버전 (search condition이 name인 경우 입력)
    • +
  • resetFlag: 로드 할 때, 기존 입력된 정보들을 Reset할지 여부 (default = Y)
    • +
  • (required) searchCondition: 로드할 프로젝트를 검색하는 기준
    • +
  • (required) tab_name: 대상 탭 이름 (bin/dep/src)
    • +
+
POST /api/v2/projects/{id}/{tab_name}/reports- + Project에 Open Source 분석된 리포트 파일을 업로드함

+
    +
  • ossReport: 업로드할 리포트 파일
    • +
  • sbomSave: SBOM탭 Save 여부
    • +
  • comment: 사용자 comment
    • +
  • (required) id: 대상 project ID
    • +
  • resetFlag: 파일 업로드 시, 기존 입력된 정보들을 Reset할지 여부 (default = Y)
    • +
  • sheetNames: 업로드할 리포트 파일에서 특정 sheet name을 업데이트 하고자 하는 경우 입력. 입력하지 않는 경우 기본으로 DEP, SRC, BIN prefix에 맞춰서 정보를 불러옴. , 로 구분하여 여러 Sheet를 입력 가능
    • +
  • (required) tab_name: 대상 탭 이름
    • +
+
POST /api/v2/projects/{id}/{tab_name}/reset- + Project > Identification에서 선택한 탭을 reset함

+
    +
  • (required) id: 대상 project ID
    • +
  • (required) tab_name: 대상 탭 이름
    • +
+
+ + +### 4. Vulnerability 정보 조회 +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/max-vulnerabilitiesJSON + OSS Name, Version별 max score와 CVE ID를 확인할 링크 조회

+
    +
  • (required) OSS Name: 조회할 Open Source 이름
    • +
  • OSS Version: 조회할 Open Source 버전
    • +
+
GET /api/v2/vulnerabilitiesJSON + CVE ID별 또는 OSS Name, Version별 CVE ID, CVSS Score, CVE ID Link, OSS 정보(OSS name, OSS version, Nickname)를 조회합니다.

+
    +
  • cveId: 조회할 CVE ID
    • +
  • ossName: 조회할 Open Source 이름
    • +
  • ossVersion: 조회할 Open Source 버전
    • +
+
+ + +### 5. Self-Check 생성, FOSSLight Report 등록 +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
POST /api/v2/selfchecksJSON + Self-Check Project를 생성하고, 생성된 Self-Check ID를 return 받음

+
    +
  • (required) prjName: Self check project 이름
    • +
  • prjVersion: Self check project 버전
    • +
+
GET /api/v2/selfchecks/{id}JSON + Self-Check project 조회

+
    +
  • (required) id: 조회할 self check project ID
    • +
+
GET /api/v2/selfchecks/{id}/sbom/fileFILE + Self-Check에서 Export한 결과 파일을 다운로드

+
    +
  • (required) id: 조회할 self check project ID
    • +
+
POST /api/v2/selfchecks/{id}/editors- + Self-Check에 Editor를 추가

+
    +
  • (required) emailList: 추가할 editor의 이메일 정보
    • +
  • (required) id: 대상 project ID
    • +
+
POST /api/v2/selfchecks/{id}/report- + Self-Check에 Open Source 분석된 리포트 파일을 업로드함

+
    +
  • ossReport: 업로드할 리포트 파일
    • +
  • (required) id: 대상 self check project ID
    • +
  • resetFlag: 파일 업로드 시, 기존 입력된 정보들을 Reset할지 여부. N - 기존 OSS Table에 입력된 사항을 유지한 채 append (default = Y)
    • +
  • sheetNames: 업로드할 리포트 파일에서 특정 sheet name을 업데이트 하고자 하는 경우 입력. 입력하지 않는 경우 기본으로 DEP, SRC, BIN prefix에 맞춰서 정보를 불러옴. ,로 구분하여 여러 Sheet를 입력 가능
    • +
+
+ +### 6. API 활용시, Code 값 확인 +{: .specific-title } + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/codesJSON + Project, 3rd Party 조회, Project 생성 시 사용할 Parameter의 값 List를 조회합니다.

+
    +
  • (required) codeType: 코드를 조회하고 싶은 카테고리에 대해 약어로 입력합니다.
    • +
      +
    • Division: DIV
      • +
    • OS Type: OS
      • +
    • Distribution Type: DSTT
      • +
    • Distribution Site: DSTS
      • +
    • Notice Type: NOTI
      • +
    • Notice Platform: NP
      • +
    • Priority: PRI
      • +
    +
  • detailValue: codeType에 입력한 category 내의 상세값 입력
    • +
+
+ + + +### 7. Binary DB 정보 조회 +{: .specific-title } + + + + + + + + + + + + + + + + +
API응답 형식설명
GET /api/v2/binariesJSON + Binary DB에서 하기 정보를 기준으로 조회합니다.

+
    +
  • Binary Name
    • +
  • Checksum
    • +
  • TLSH
    • +
  • License
    • +
  • Download Location
    • +
  • OSS Name
    • +
  • OSS Version
    • +
  • Project Name
    • +
+
+ + +### 8. Compliance Status +{: .specific-title } + + + + + + + + + + + + + + + + + + + + + +
API응답 형식설명
(LGE only)POST /api/v2/compliance/3rdparty-statusJSON + Compliance Status > 3rd Party Status 검색 기능으로 3rd Party 생성 날짜와 Division으로 조회합니다.

+
    +
  • division: (/api/v2/codes 값으로 입력)
    • +
  • schEndDate: 검색할 범위 (생성날짜 기준)
    • +
  • schStartDate: 검색할 범위 (생성날짜 기준)
    • +
+
(LGE only)POST /api/v2/compliance/product-statusJSON + Compliance Status > Product Status 검색 기능으로 Project 생성 날짜, Model release date와 Division으로 조회합니다.

+
    +
  • division: (/api/v2/codes 값으로 입력)
    • +
  • modelDistributedEndDate: 검색할 범위 (배포 날짜 기준)
    • +
  • modelDistributedStartDate: 검색할 범위 (배포 날짜 기준)
    • +
  • modelListInfo: 검색할 모델 정보
    • +
  • schEndDate: 검색할 범위 (생성날짜 기준)
    • +
  • schStartDate: 검색할 범위 (생성날짜 기준)
    • +
+
+


+ +## 오류코드 +{: .left-bar-title } +Error 발생 시 HTTP Response Code가 2xx 이외의 값이 리턴 됩니다. diff --git a/features/3_maintenance.md b/advanced/3_maintenance.md similarity index 67% rename from features/3_maintenance.md rename to advanced/3_maintenance.md index ccd995d1..9515f0a6 100644 --- a/features/3_maintenance.md +++ b/advanced/3_maintenance.md @@ -18,7 +18,7 @@ $ mysqldump -ufosslight -pfosslight fosslight --no-create-info > fosslight_backu ### 2. 복구 1. 버전에 따른 Table 구조를 반영하기 위해 빈 DB를 새로 만들고 기본 값을 설정합니다. -[Developer Documentation - 다운로드 & 설치 - 4. Database 생성 및 Data 초기 등록](https://fosslight.org/fosslight-guide/features/1_developer.html#다운로드--설치) +[Developer Documentation - 다운로드 & 설치 - 4. Database 생성 및 Data 초기 등록](https://fosslight.org/hub-guide/features/1_developer.html#다운로드--설치) 2. 백업한 파일로 복구합니다. mysql -u[아이디] -p[패스워드] [데이터베이스명] < [백업파일명].sql @@ -50,6 +50,7 @@ $ mysql -ufosslight -pfosslight fosslight < fosslight_backup.sql username=fosslight password=fosslight ``` + 2. fosslight/migration/mybatis-migrations-3.3.11 폴더를 MIGRATIONS_HOME로 export합니다. ``` $ cd fosslight @@ -59,7 +60,8 @@ $ mysql -ufosslight -pfosslight fosslight < fosslight_backup.sql $ export MIGRATIONS=$MIGRATIONS_HOME/bin $ export PATH=$MIGRATIONS:$PATH ``` -3. migrate status를 확인 후 업그레이드합니다. + +3. migrate status를 확인 후, 적용할 migration script만 남기고, 나머지 script는 삭제합니다. ``` $ cd /home/test/fosslight/migration/migration $ migrate status @@ -69,18 +71,48 @@ $ mysql -ufosslight -pfosslight fosslight < fosslight_backup.sql ID Applied At Description ================================================================================ 20230322085317 ...pending... create changelog - 20230322091138 ...pending... update v1.4.9 - 20230322092534 ...pending... update v1.5.0 - + 20230322092534 ...pending... update v1.6.0 + 20230818004358 ...pending... update v1.6.1 + 20240401085317 ...pending... update 2.0.0-beta + 20240702085317 ...pending... update v2.0.0.pre-release + 20240724045922 ...pending... update v2.0.0.pre-release version oss components table + 20240725150921 ...pending... update v2.0.0 + ------------------------------------------------------------------------ -- MyBatis Migrations SUCCESS -- Total time: 0s - -- Finished at: Wed Mar 22 20:12:07 KST 2023 + -- Finished at: Mon Oct 07 10:22:07 KST 2024 -- Final Memory: 7M/500M + ------------------------------------------------------------------------ + + $ cd scripts/ + $ rm 20230322092534_update_v1.6.0.sql + $ rm 20230818004358_update_v1.6.1.sql + ``` +4. migrate up 명령어를 통해 업그레이드 합니다. + ``` $ migrate up + ------------------------------------------------------------------------ + -- MyBatis Migrations - up + ------------------------------------------------------------------------ + ========== Applying: 20230322085317_create_changelog.sql ======================= + -- // Create Changelog + -- Default DDL for changelog table that will keep + -- a record of the migrations that have been run. + -- You can modify this to suit your database before + + ... + + ------------------------------------------------------------------------ + -- MyBatis Migrations SUCCESS + -- Total time: 2s + -- Finished at: Mon Oct 07 10:22:47 KST 2024 + -- Final Memory: 8M/500M + ------------------------------------------------------------------------ ``` -4. 버전 업이 적용되었는지 확인합니다. + +5. 버전 업이 적용되었는지 확인합니다. ``` $ migrate status ------------------------------------------------------------------------ @@ -88,23 +120,24 @@ $ mysql -ufosslight -pfosslight fosslight < fosslight_backup.sql ------------------------------------------------------------------------ ID Applied At Description ================================================================================ - 20230322085317 2023-03-22 20:12:35 create changelog - 20230322091138 2023-03-22 20:12:35 update v1.4.9 - 20230322092534 2023-03-22 20:12:36 update v1.5.0 - + 20230322085317 2024-10-07 10:22:45 create changelog + 20240401085317 2024-10-07 10:22:45 update 2.0.0-beta + 20240702085317 2024-10-07 10:22:45 update v2.0.0.pre-release + 20240724045922 2024-10-07 10:22:45 update v2.0.0.pre-release version oss components table + 20240725150921 2024-10-07 10:22:47 update v2.0.0 + ------------------------------------------------------------------------ -- MyBatis Migrations SUCCESS -- Total time: 0s - -- Finished at: Wed Mar 22 20:12:39 KST 2023 + -- Finished at: Mon Oct 07 10:24:19 KST 2024 -- Final Memory: 7M/500M ------------------------------------------------------------------------ - ``` ✏️참고. 자세한 command는 [MyBatis Migrations](https://mybatis.org/migrations/migrate.html)를 참조하세요. ## NVD Data를 2002년 Data부터 다운로드 받기 -FOSSLight Hub는 일 1회 NVD(NATIONAL VULNERABILITY DATABASE) 에서 제공되는 [NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds)를 다운로드하여 Database에 저장하며 저장된 NVD Data는 [Vulnerability List](../started/2_try/7_vulnerability.md)에서 조회할 수 있습니다. +FOSSLight Hub는 일 1회 NVD(NATIONAL VULNERABILITY DATABASE) 에서 제공되는 [NVD Data Feeds](https://nvd.nist.gov/vuln/data-feeds)를 다운로드하여 Database에 저장하며 저장된 NVD Data는 [Vulnerability List](../menu/7_vulnerability.md)에서 조회할 수 있습니다. 이 때, 2002년 Data부터 NVD Data를 다운로드 받을 경우 하기와 같이 세팅합니다. (최초 1회만 세팅하면 이후 Data는 누적되므로 추가적으로 세팅할 필요가 없습니다.) diff --git a/features/README.md b/advanced/README.md similarity index 97% rename from features/README.md rename to advanced/README.md index b8388698..3eb40bfa 100644 --- a/features/README.md +++ b/advanced/README.md @@ -1,5 +1,5 @@ --- -sort: 4 +sort: 6 published: true --- # FOSSLight Hub Advanced diff --git a/advanced/images/Model_list_excel.png b/advanced/images/Model_list_excel.png new file mode 100644 index 00000000..20d4fe21 Binary files /dev/null and b/advanced/images/Model_list_excel.png differ diff --git a/advanced/images/rest_api_authorize.png b/advanced/images/rest_api_authorize.png new file mode 100644 index 00000000..db4f840f Binary files /dev/null and b/advanced/images/rest_api_authorize.png differ diff --git a/advanced/images/rest_api_authorize_detail.png b/advanced/images/rest_api_authorize_detail.png new file mode 100644 index 00000000..ac6e688f Binary files /dev/null and b/advanced/images/rest_api_authorize_detail.png differ diff --git a/features/images/sql_backup.png b/advanced/images/sql_backup.png similarity index 100% rename from features/images/sql_backup.png rename to advanced/images/sql_backup.png diff --git a/learn/1_contribution.md b/contribution/1_contribution.md similarity index 70% rename from learn/1_contribution.md rename to contribution/1_contribution.md index c0402972..82ba0902 100644 --- a/learn/1_contribution.md +++ b/contribution/1_contribution.md @@ -3,13 +3,7 @@ ## Report an issue 개선 사항이나 버그는 Git Repository에 이슈를 생성하여 리포트해주시기 바랍니다. 이슈 리포트는 FOSSLight 업그레이드에 많은 도움이 됩니다. - [FOSSLight Hub](https://github.com/fosslight/fosslight/issues) -- [FOSSLight Dependency Scanner](https://github.com/fosslight/fosslight_dependency_scanner/issues) -- [FOSSLight Source Scanner](https://github.com/fosslight/fosslight_source_scanner/issues) -- [FOSSLight Binary Scanner](https://github.com/fosslight/fosslight_binary_scanner/issues) -- [FOSSLight Yocto Scanner](https://github.com/fosslight/fosslight_yocto_scanner/issues) -- [FOSSLight Android Scanner](https://github.com/fosslight/fosslight_android_scanner/issues) -- [FOSSLight Prechecker](https://github.com/fosslight/fosslight_prechecker/issues) -- [FOSSLight Guide](https://github.com/fosslight/fosslight-guide-en/issues) +- [FOSSLight Hub Guide](https://github.com/fosslight/hub-guide/issues) ## Contributing @@ -31,8 +25,8 @@ 다음은 pull 요청이 수락 될 가능성을 높이기 위해 수행 할 수있는 몇 가지 작업입니다. -- 가능한 한 집중적으로 변경하십시오. 서로 의존하지 않는 변경 사항이 여러 개있는 경우 별도의 풀 요청으로 제출하는 것이 좋습니다. -- [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)를 작성합니다. +- 가능한 한 집중적으로 변경하십시오. 서로 의존하지 않는 변경 사항이 여러 개 있는 경우 별도의 풀 요청으로 제출하는 것이 좋습니다. +- [Conventional Commits](https://www.conventionalcommits.org/ko/) 포맷으로 Commit message를 작성합니다. Work in Progress pull request는 초기에 피드백을 받거나 차단된 것이 있는 경우 환영합니다. @@ -53,7 +47,7 @@ Signed-off-by: Your name git commit에 -s 또는 --signoff 플래그를 사용하여 sign-off를 커밋에 자동으로 추가 할 수 있습니다. 이름과 연락 가능한 이메일 주소를 사용해야합니다. ``` -git commit -s -m "Write the commit message" +git commit -s -m "ci(github action): Write the commit message" ``` ### Resources @@ -63,4 +57,4 @@ git commit -s -m "Write the commit message" - [GitHub Help](https://help.github.com) ### FOSSLight Guide의 License -별도로 표기된 것이 없다면 [FOSSLight Guide 페이지](https://fosslight.org/fosslight-guide)에 작성된 콘텐츠는 [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0), Sample Code는 [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) License하에 이용하실 수 있습니다. +별도로 표기된 것이 없다면 [FOSSLight Guide 페이지](https://fosslight.org/hub-guide)에 작성된 콘텐츠는 [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0), Sample Code는 [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) License하에 이용하실 수 있습니다. diff --git a/scanner/etc/README.md b/contribution/README.md similarity index 55% rename from scanner/etc/README.md rename to contribution/README.md index fe0c9dc3..48bd562c 100644 --- a/scanner/etc/README.md +++ b/contribution/README.md @@ -1,8 +1,8 @@ --- +sort: 7 published: true -title: Etc +title: Contribution --- - -# Other guides to FOSSLight Scanner +# Contribution {% include list.liquid all=true %} diff --git a/learn/2_fosslight_report.md b/learn/2_fosslight_report.md index f3992738..ee940fce 100644 --- a/learn/2_fosslight_report.md +++ b/learn/2_fosslight_report.md @@ -1,61 +1,221 @@ -# FOSSLight Report +# FOSSLight Report +- FOSSLight Report는 FOSSLight Hub와 FOSSLight Scanner에서 사용되는 템플릿으로, 프로젝트별 Open Source 사용 현황을 파악하기 위해 작성되며, 'OSS 보고서'라는 용어로도 사용됩니다. +- 3.4 버전 : [Fosslight_Report.xlsx](https://github.com/fosslight/fosslight/blob/develop/src/main/resources/template/ProjectReport.xlsx?raw=1) -```note -FOSSLight Hub와 FOSSLight Scanner에서 사용하는 Template으로 Project별 포함하는 Open Source 현황을 파악하기 위해 작성하는 문서입니다. -``` - -## 양식 - -2.0 버전 : [fosslight_report.xlsx](https://github.com/fosslight/fosslight/raw/main/src/main/resources/template/ProjectReport.xlsx) - -## Sheet 별 설명 +## Sheet 구성 +{: .left-bar-title } ### Project Info Sheet -![info](./images/project_info.png) -- About the report - 작성자/부서, 작성일을 작성합니다. - -- About the project - 개발 Project에 대한 정보를 작성합니다. - -- About OSC Process - OSC Process에 대한 정보를 작성합니다. - -### 3rd Party Sheet -배포하는 Project에 3rd Party로부터 제공받은 Software가 포함되어 있다면, 3rd party로부터 OSS Checklist를 입수하여 사용한 Open Source 현황을 파악해야 합니다. (참고 : [3rd Party OSS Checklist](https://github.com/fosslight/fosslight/raw/main/src/main/resources/static/sample/FOSSLight-OSS-Checklist-for-3rdParty_Eng_1.0.xlsx)) -파악한 사항은 OSC System의 [3rd Party](../started/2_try/5_third-party.md) 메뉴에 등록하고 Identification > 3rd Party 탭에서 취합합니다. -FOSSLight Report를 Identification > BOM 탭에서 Export하면 3rd Party 탭에 등록된 사항이 "3rd party" sheet에 채워집니다. 따라서, "3rd party" sheet는 임의로 작성하지 않습니다. - -![info](./images/3rd_party.png) +{: .specific-title} +- Project 정보를 작성합니다. +project_info + + +### 3rd Party Sheet +{: .specific-title} +- 배포하는 Project에 3rd Party로부터 제공받은 Software가 포함되어 있는 경우, 해당 3rd party로부터 OSS Checklist를 입수하여 사용된 Open Source 현황을 파악해야 합니다. +- 파악된 Open Source 정보는 FOSSLight Hub의 [3rd Party](../menu/5_third-party.md) 메뉴에 등록하며, 해당 정보는 Project > Identification > [3rd Party 탭](../tutorial/1_project/2_Identification/1_3rd_Party_Tab.md)에서 취합됩니다. +- FOSSLight Hub > Project > Identification에서 FOSSLight Report를 Export하면, [3rd Party 탭](../tutorial/1_project/2_Identification/1_3rd_Party_Tab.md)에 등록된 정보가 자동으로 "3rd party" sheet에 채워집니다. 따라서, "3rd party" sheet는 임의로 작성하지 않습니다. +![3rd_Party](./images/3rd_party.png) ### DEP Sheet -Dependency 분석 결과를 업로드합니다. -- [FOSSLight Dependency Scanner](https://github.com/fosslight/fosslight_dependency_scanner)를 이용하면 자동으로 Dependency 분석 결과를 생성할 수 있습니다. +{: .specific-title} +- Dependency 분석 결과를 업로드합니다. +![Dependency](./images/dependency.png) + - [FOSSLight Dependency Scanner](https://fosslight.org/fosslight-guide/scanner/3_dependency.html)를 이용하면 "DEP" sheet를 자동으로 생성할 수 있습니다. -### SRC Sheet -Source Code 별 포함되는 Open Source 정보를 작성합니다. -![info](./images/src.png) -- 사용한 Open Source 파일 내 License Text는 존재하지만, Open Source 이름이나, 출처가 불명확할 경우, OSS Name란에 하이픈("-")으로 작성합니다. -- 하나의 Open Source에 여러 License가 적용된 경우, License를 ,로 구분하여 작성합니다. -- 참고. [FOSSLight Source Scanner](https://github.com/fosslight/fosslight_source_scanner)를 이용하면 "SRC" sheet를 자동 생성할 수 있습니다. +### SRC Sheet +{: .specific-title} +- Source Code 별로 포함되는 Open Source 정보를 작성합니다. +![src](./images/src.png) + - [FOSSLight Source Scanner](https://fosslight.org/fosslight-guide/scanner/2_source.html)를 이용하면 "SRC" sheet를 자동으로 생성할 수 있습니다. ### BIN Sheet -Binary 별 포함되는 Open Source 정보를 작성합니다. - -![info](./images/bin.png) -- Binary를 생성하기 위해 사용한 Open Source 파일 내 License Text는 존재하지만, Open Source 이름이나, 출처가 불명확할 경우, OSS Name란에 하이픈("-")으로 작성합니다. -- 하나의 Open Source에 여러 License가 적용된 경우, License를 ,로 구분하여 작성합니다. - - - -### BOM Sheet -"BOM" (Bill of Materials) sheet는 FOSSLight 보고서 내 작성한 Open Source 내역을 취합한 내용을 보여주게 됩니다. - -이 sheet는 임의로 작성하지 않고, FOSSLight Hub의 Project에서 다운로드한 FOSSLight 보고서에 자동으로 채워집니다. +{: .specific-title} +- Binary 별로 포함되는 Open Source 정보를 작성합니다. +![bin](./images/bin.png) + - [FOSSLight Binary Scanner](https://fosslight.org/fosslight-guide/scanner/4_binary.html)를 이용하면 "BIN" sheet를 자동으로 생성할 수 있습니다. + + +### BIN(Android) Sheet +{: .specific-title} +- Android Platform Project 및 Yocto Project의 Open Source 정보를 작성합니다. +![bin_android](./images/bin_android.png) + - [FOSSLight Android Scanner](https://fosslight.org/fosslight-guide/scanner/6_android.html) 및 [FOSSLight Yocto Scanner](https://fosslight.org/fosslight-guide/scanner/5_yocto.html)를 이용하면 "BIN(Android)" or "BIN(Yocto)" sheet를 자동으로 생성할 수 있습니다. + - Android Platform 및 Yocto 기반 모델(Phone, TV 등)의 경우, DEP / SRC / BIN sheet를 작성하지 않아도 됩니다. + + +### SBOM Sheet +{: .specific-title} +- SBOM(Bill of Materials)은 FOSSLight Report에 작성된 각 Sheet의 Open Source 내역을 취합하여 생성됩니다. +- SBOM은 FOSSLight Hub의 Project에서 Export한 FOSSLight Report에 자동으로 채워지므로 수동으로 작성하지 않습니다. +![SBOM](./images/bom.png) + + +## Sheet 내용 작성 +{: .left-bar-title } +[FOSSLight Scanner](https://fosslight.org/fosslight-guide/scanner/)를 이용하면 DEP,SRC,BIN Sheet를 동시에 자동으로 생성할 수 있습니다. 단, 누락되거나 부정확한 정보가 있을 수 있으므로 반드시 직접 확인하고 필요한 내용을 보완해야 합니다. + +### 공통 +{: .specific-title} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Column NameDescription
OSS Name + • Open Source를 다운로드한 Website에서 명시한 이름을 기준으로 OSS Name을 작성합니다.
+ • Pre-Review 기능을 이용하면 Download Location 정보를 통해 OSS Name을 확인할 수 있습니다.
+ • License Text는 존재하지만, Open Source의 이름이나 출처가 불명확한 경우, OSS Name은 하이픈("-")으로 작성합니다.
+
+ – License, Copyright 등 다른 정보는 모두 작성합니다.
+ – 단, 이는 License가 Permissive License인 경우에만 해당됩니다. GPL, LGPL 등 Copyleft License의 경우, Source Code 공개 범위를 판단하기 위해 OSS Name과 출처를 정확히 확인해야 합니다. +
+ • Open Source를 전혀 사용하지 않은 경우, OSS Name란에 하이픈("-")을 작성합니다. +
OSS Version• 사용한 Open Source의 버전을 작성합니다.
License + • 하나의 Open Source에 여러 License가 적용된 경우, License를 콤마(",")로 구분하여 작성합니다.
+ • Open Source를 전혀 사용하지 않은 경우, License는 + "LGE Proprietary License"로 작성하되, 3rd Party가 자체 개발한 경우에는 "Other Proprietary License"로 작성합니다. +
Download Location• 기입된 OSS Version의 Open Source를 다운로드할 수 있는 주소를 작성합니다.
Homepage• Open Source 프로젝트의 공식 website 정보를 작성합니다.
Copyright Text• Open Source의 Copyright 정보를 작성합니다.
License Text• FOSSLight Hub에 등록되지 않은 License인 경우, License 원문을 알 수 있는 Link 또는 License text를 작성합니다.
Exclude• 배포하는 Software(제품 포함)에 Open Source가 포함되지 않은 경우, 해당 항목을 체크합니다.
+ +### Sheet 별 내용 작성 +{: .specific-title} +#### Project Info Sheet + - **About the report** : 작성자/부서, 작성일을 작성합니다. + - **About the project** : 개발 Project에 대한 정보를 작성합니다. +
+ 세부 작성 방법 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ItemDescription
Project Name + • Project의 이름을 작성합니다. (모델명과 Project명이 동일할 경우, 모델명을 작성합니다.) +
Project Version + • Project의 Version을 작성합니다. Version 구분이 없는 경우, 공란으로 둡니다. +
Operating System + • Project의 Operating System을 선택합니다. (예: Android 7.0, webOS 3.0, Linux 3.4, iOS Application) +
Distribution Type + • Project의 배포 유형을 선택합니다.
+
+ • General Model : 일반적인 B2C 모델일 경우 선택
+ • Transfer in-house : 사내 이관하는 경우 선택
+ • B2B : B2B 모델일 경우 선택
+ • Preceding Software : 선행 개발을 위한 개발로서, 배포가 예정되지 않은 경우 선택
+ • Self-Check : 외부 배포 목적이 아닌 내부 검토 및 사전 점검하는 경우 선택
+ • Contribution : Open Source 공개 및 기여시 선택 +
+
Network Service Only? + • Network Service 형태(ex, Web Service)의 프로젝트인 경우 'Yes'를 선택합니다. +
+
+ + - **About OSC Process** : Open Source Compliance(OSC) Process에 대한 정보를 작성합니다. + +
+ 세부 작성 방법 + + + + + + + + + + + + + + + + + +
ItemDescription
Distribution Site + • OSS 고지문을 등록할 Open Source 배포 사이트를 선택합니다.
+ (참고: LG Open Source 사이트)
+ • 배포 사이트에 배포하지 않는 경우만 N/A 처리합니다. +
OSS Notice + • OSS 고지문의 유형을 선택합니다.
+ (참고: OSS 고지문)
+ • 대부분의 경우, "General"을 선택합니다.
+ • Project의 개발 Platform에서 자체적으로 OSS 고지문이 생성되는 경우 "Platform-generated"를 선택합니다. +
+
+ + +#### BIN sheet +- 하나의 Binary에 여러 Open Source가 사용된 경우, Open Source 별로 별도의 행을 추가하여 작성합니다. + +#### BIN(Android) sheet +- **Source Path** : Binary의 Source Code 경로를 작성합니다. Source Path 확인이 어려운 경우에는, Comment란에 사유를 작성합니다. +- **NOTICE** : [FOSSLight Android Scanner](https://fosslight.org/fosslight-guide/scanner/6_android.html) 결과를 따르며, 임의로 수정하지 않습니다. +- 하나의 Binary에 여러 Open Source가 사용된 경우, Open Source 별로 별도의 행을 추가하여 작성합니다. -![info](./images/bom.png) diff --git a/learn/README.md b/learn/README.md index 5058ae72..7cd2d2a1 100644 --- a/learn/README.md +++ b/learn/README.md @@ -1,8 +1,8 @@ --- -sort: 6 +sort: 8 published: true -title: 📑 Learn more +title: Learn more --- # Learn more -{% include list.liquid all=true %} +{% include list.liquid all=false %} diff --git a/learn/images/3rd_party.png b/learn/images/3rd_party.png index 3adcf95e..087f888c 100644 Binary files a/learn/images/3rd_party.png and b/learn/images/3rd_party.png differ diff --git a/learn/images/bin.png b/learn/images/bin.png index bf3bd120..69e53861 100644 Binary files a/learn/images/bin.png and b/learn/images/bin.png differ diff --git a/learn/images/bin_android.png b/learn/images/bin_android.png new file mode 100644 index 00000000..2d30c8a7 Binary files /dev/null and b/learn/images/bin_android.png differ diff --git a/learn/images/bom.png b/learn/images/bom.png index c9a779a8..e2322cf6 100644 Binary files a/learn/images/bom.png and b/learn/images/bom.png differ diff --git a/learn/images/dependency.png b/learn/images/dependency.png new file mode 100644 index 00000000..e88d9a13 Binary files /dev/null and b/learn/images/dependency.png differ diff --git a/learn/images/project_info.png b/learn/images/project_info.png index 5901fe54..04b2d3fd 100644 Binary files a/learn/images/project_info.png and b/learn/images/project_info.png differ diff --git a/learn/images/src.png b/learn/images/src.png index 9c158ac8..e0d44577 100644 Binary files a/learn/images/src.png and b/learn/images/src.png differ diff --git a/menu/10_binarydb.md b/menu/10_binarydb.md new file mode 100644 index 00000000..dc776ad7 --- /dev/null +++ b/menu/10_binarydb.md @@ -0,0 +1,112 @@ +--- +sort: 6 +published: true +--- +# Binary DB +이미 분석이 완료된 Base Model의 Binary 정보를 Database화(Binary DB) 하고, 이를 활용하여 파생 Model의 Binary 분석을 자동화할 수 있습니다. +

+ +## Binary 분석 자동화 방법 +{: .left-bar-title } +- **Binary 분석 결과(FOSSLight Report)**를 Upload한 후 Save 버튼을 클릭하면, Binary DB와 비교하여 동일하거나 유사한 Binary의 OSS Name, OSS Version, License 등의 정보를 자동으로 채워줍니다. + - 적용 메뉴 + - **Project > Identification > [BIN](https://fosslight.org/hub-guide/tutorial/1_project/2_Identification/4_BIN_Tab.html), BIN(Android\|Yocto) tab** + - **3rd Party > Identification > 3rd party tab** + - Binary DB 축적을 위하여 [FOSSLight Binary Scanner v4.1.30](https://github.com/fosslight/fosslight_binary_scanner/) 이후 버전 사용을 권장합니다. + ![binarytxt](images/11_upload_binary_txt.PNG){: .styled-image}
+ +- Binary Name 하단에서는 Binary DB 내의 Binary와 동일(또는 유사)한지 여부에 대한 정보를 Warning message로 보여줍니다. + - Warning Message 상세 내용은, [OSS Table Warning Message](https://fosslight.org/hub-guide/tips/1_common/5_warning_message/#bin-binandroid-tab)을 참고하시기 바랍니다. +![binaryafterupload](images/11_after_upload.PNG){: .styled-image}
+ + +- **Binary DB 내 Binary와 일치 여부 확인 방법** + - Binary DB 내의 Binary와 일치하는지 여부는 다음 두 가지 data를 통해 확인합니다. + 1. Binary 이름과 checksum 값이 일치하면 동일한 것으로 간주합니다. + 2. 또는, Binary 이름이 동일하고 두 Binary간의 [TLSH(Trend Micro Locality Sensitive Hash)](https://github.com/trendmicro/tlsh) distance가 120이하면 유사한 것으로 간주합니다. +


+ +## Binary DB에 Data Insert 과정 +{: .left-bar-title } +- 3rd Party, Project의 Identification 단계 Confirm 시, Identification > BIN, BIN(Android\|Yocto), 3rd Party에 기재한 Binary 정보들은 Binary DB에 저장(insert) 되는데, [FOSSLight Binary Scanner v4.1.30](https://github.com/fosslight/fosslight_binary_scanner/) 이후 버전 사용시에만 적용됩니다. +
+
+ Data Insert 시, 상세 내용 +
    +
  • OSS Name이 공백인 경우, 하이픈 "-" 으로 등록됩니다.
    • +
  • TLSH 값이 공백인 경우, 0으로 등록됩니다.
    • +
  • Binary NamePath 정보가 포함되어 있는 경우, Path 정보는 무시하고 파일명만 Binary Name으로 등록됩니다.
    • +
+
+
+ +- 동일한 Binary이지만 OSS 정보가 다를 경우, 기존 정보를 삭제한 후 신규 정보로 업데이트합니다. +- 비슷한 Binary의 경우, 기존 OSS 정보는 유지하고 신규 OSS 정보를 추가 업데이트합니다. +
+
+ 상세 동작 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NoCase동작Description
1Binary DBBinary Name이 같은 Binary가 존재하지 않는 경우신규 Binary로 저장신규 Binary로 저장합니다.
2Binary DBBinary Name이 같고 checksum이 동일한 Binary가 존재하는 경우최신 Binary 정보로 업데이트Binary DB 내 기존 Binary 정보를 삭제하고 최신 Binary 정보로 저장하여 업데이트합니다.
단, 하나의 Binary에 여러 OSS가 사용된 경우하나의 Project 내에 동일한 Binary에 여러 OSS가 사용된 경우, OSS 정보를 모두 저장합니다.
3Binary DBBinary Name이 같지만 checksum이 동일한 Binary가 존재하지 않는 경우 + TLSH distance <= 120인 경우,
+ OSS 정보에 따라 다르게 동작 + 		+
    +
  1. OSS NameOSS Version이 같은 경우
    + ∘ 신규 Binary로 저장합니다. 기존 Binary 정보는 checksum이 같을 때만 활용될 수 있으므로 TLSH distance 값을 0으로 변경합니다. +
    2. +
  2. OSS Name은 동일하지만 OSS Version은 다른 경우
    + ∘ 신규 Binary로 저장합니다. +
    3. +
  3. OSS Name이 다른 경우
    + ∘ 신규 Binary로 저장합니다. 기존 Binary 정보는 checksum이 같을 때만 활용될 수 있으므로 TLSH distance 값을 0으로 변경합니다. +
    4. +
+
TLSH distance > 120인 경우,
신규 Binary로 저장		TLSH distance가 120보다 큰 경우, 동일하지 않은 Binary로 판단하여 신규 Binary로 저장합니다.
+
+
+


+ + +## Binary DB 확인 +{: .left-bar-title } +- Binary DB 메뉴를 통해 Binary DB에 등록된 Binary 현황을 확인할 수 있습니다. +![binarytxt](images/11_binary_db.png){: .styled-image} diff --git a/menu/11.compliance_status.md b/menu/11.compliance_status.md new file mode 100644 index 00000000..352955a5 --- /dev/null +++ b/menu/11.compliance_status.md @@ -0,0 +1,23 @@ +--- +sort: 9 +published: true +--- + +# (LGE Only) Compliance Status +배포된 Software 또는 Model의 Open Source Compliance 이행 현황을 조회할 수 있습니다. + +## Product Status +{: .left-bar-title} +![Project_Status](images/11_project_status.png){: .styled-image} +- Project 생성 날짜, Model release 날짜, Division으로 검색 가능합니다. +- (선택) Product List Template: Product List sheet > Product Name을 입력 후 업로드시, Product Name으로 등록된 Project 또는 Model 검색 결과가 추가됩니다. + - FOSSLight Hub에서 검색되지 않는 product name은 LG Open Source Site에서 검색합니다. +- 검색 결과 : Project 생성 날짜, Model release 날짜, Division으로 FOSSLight Hub에서 검색한 결과. + - 단, Product List Template이 첨부된 경우, 해당 파일에 작성된 Product name을 찾은 결과가 추가됩니다. + - Status : Complete 또는 Drop인 경우만 조회됩니다. + + +## 3rd Party Satus +{: .left-bar-title} +![Project_Status](images/11_project_status.png){: .styled-image} +- 3rd Party 생성 날짜와 Division으로 검색 가능합니다. \ No newline at end of file diff --git a/menu/1_sign.md b/menu/1_sign.md new file mode 100644 index 00000000..2d93ad86 --- /dev/null +++ b/menu/1_sign.md @@ -0,0 +1,28 @@ +--- +sort: 1 +published: true +--- +# Sign In & Sign Up +FOSSLight Hub 로그인 및 계정 등록 방법을 설명합니다. +

+ +## Sign In +{: .left-bar-title } +- 처음 접속하는 경우, Sign Up 버튼을 클릭하여 계정을 등록합니다. +![SignIn](images/1_sign_in.PNG) + + +### (LGE Only) +{: .specific-title} + - AD계정으로 로그인 할 수 있습니다.(Sign Up 불필요) + - 최초 로그인 시, Division 입력 안내 popup 창이 뜹니다. + - OK를 선택 시, User Setting 화면으로 이동하여 Division 정보를 설정할 수 있습니다. + ![SignIn](images/1_sign_in_first_popup.PNG) + +


+ +## Sign Up +{: .left-bar-title } +- FOSSLight Hub에 처음 접속하는 경우 계정을 등록합니다. +![SignUp](images/1_sign_up.PNG) + diff --git a/menu/2_license.md b/menu/2_license.md new file mode 100644 index 00000000..9b783905 --- /dev/null +++ b/menu/2_license.md @@ -0,0 +1,318 @@ +--- +sort: 2 +published: true +--- +# License +
+º 등록된 License 정보를 확인하고,License Name을 클릭하면 해당 License의 상세정보를 확인할 수 있습니다.
+º (Admin Only) License를 추가, 수정, 삭제할 수 있습니다.
+
+ +## License List +{: .left-bar-title } +![LicenseList](images/3_lic_list.png) + +### License Name +{: .specific-title} +- License Full name으로 SPDX () 표기 방식을 따르고 있습니다. +- License Name을 클릭하면, License 별 상세정보를 확인할 수 있습니다. + +### Identifier +{: .specific-title} +- Standardized short identifier로 License를 더욱 쉽게 식별할 수 있으며 SPDX () 표기 방식을 따르고 있습니다. + +### License Type +{: .specific-title} +- **Permissive** + - BSD-like 또는 BSD-style License로 불리며 Software 배포시 최소한의 요구사항이 있는 License입니다. + - 통상적으로 Copyright Notice와 보증부인 문구를 유지할 것을 요구합니다. +- **Weak Copyleft** + - 파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. + - 원 저작물과 수정본의 소스 코드를 공개해야 합니다. +- **Copyleft** + - 파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. + - 원 저작물과 수정본뿐만 아니라 이와 link 되거나 함께 동작하는 프로그램 전체 소스 코드를 공개해야 합니다. +- **Proprietary** + - Software 권리자의 허락 없이 사용이 불가능하므로 반드시 소스 코드 사용 여부에 대한 계약 관계를 확인하고 사용하시기 바랍니다. +- **Proprietary Free** + - 추가적인 계약이 필요하지는 않지만 제약된 형태, 특정 이용 약관 또는 조건에서 사용할 수 있습니다. + +### Restriction +{: .specific-title} +Restriction 내용은 [OSORI](https://osori-db.github.io/docs/guide/) 프로젝트를 기반으로 작성되었습니다. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
항목설명 LEVEL 신호등
(제약사항)
Non-Commercial Use +
    +
  • + Software의 상업적 사용 및 배포를 금지합니다. (기업에서 제공하는 무료 소프트웨어 사용 불가) +
    + 예) CC-BY-NC-X.X +
    • +
+ 		5🔴
Internal Use Only +
    +
  • + 사내에서 사용하는 경우에만 허용됩니다. +
    + 예) Additional-Buildcraft-Objects-Mod License +
    • +
+ 		4🔴
No Charge +
    +
  • + 자체 판매를 금지하거나 직접적 사용 비용을 청구하지 않습니다. (기업에서 제공하는 무료 소프트웨어 내 탑재 가능) +
    + 예) Commons Clause License Condition v1.0, SIL Open Font License 1.1 +
    • +
+ 		3🟡
No Modification +
    +
  • + Software의 수정된 버전을 배포할 수 없습니다. 즉 Source code를 수정하지 않고 사용해야 합니다. +
    + 예) CC-BY-ND-X.X +
    • +
+ 		2🟡
No Change the Name +
    +
  • + 이름 변경을 할 수 없습니다. +
    + 예) IPA Font License +
    • +
+ 		1🟢
Platform Limitation +
    +
  • + 특정 플랫폼에서만 사용 가능합니다. +
    + 예) Amazon Software License (Amazon.com 혹은 자회사에서 제공되는 웹서비스, 컴퓨팅 플랫폼 혹은 어플리케이션을 위해 사용해야 함) +
    • +
+ 		2🟡
Purpose Restriction +
    +
  • + Software를 특정 목적(분야)을 위하여 사용할 수 없습니다. +
    + 예) The Happy Bunny License (군사 목적을 위해서 사용할 수 없음) +
    • +
+ 		2🟡
Specification Restriction +
    +
  • + 특정 Specification 또는 Standard와 관련하여 Software를 사용해야 합니다. +
    + 예) ETCPACK Software License Agreement (Khronos standard specifications 의 compression/decompression을 위한 목적을 위해 사용) +
    • +
+ 		2🟡
Redistribution Restriction +
    +
  • + 재배포할 수 있는 Software의 하위 구성 요소(Source Code, Binary file 등)를 제한합니다. +
    + 예) SOFTWARE LICENSE FOR VIVANTE CORPORATION (TM) USER SPACE GRAPHICS DRIVER BINARY (재배포시 Binary form으로만 가능함) +
    • +
+ 		5🟡
Contract Required +
    +
  • + 별도의 계약을 체결해야 합니다. +
    + 예) QT Commercial License, NVIDIA Commercial License +
    • +
+ 		5🔴
Provide Installation Information Required +
    +
  • + 설치 정보를 제공해야 합니다. +
    + 예) GPL-3.0 +
    • +
+ 		4🔴
Patent Warning +
    +
  • + 특허분쟁 가능성이 있으므로 사용시 유의해야 합니다. +
    + 예) Apple Public Source License +
    • +
+ 		4🔴
Network Triggered +
    +
  • + 네트워크 서버 형태로 이용하는 경우에도 의무사항을 준수해야 합니다. +
    + 예) AGPL-3.0, OSL-2.0 +
    • +
+ 		3🟡
Semi-Copyleft +
    +
  • + 저작권자 요구, 배포형태에 따라 다른 요구사항 요구하지만, 코드 공개하면 해결됩니다. +
    + 예) Ruby License +
    • +
+ 		3🟡
+ +### Source Code Disclosure Scope +{: .specific-title} +License 별 배포 시 Source Code 공개 범위를 선택합니다. +- **NONE** : 공개 의무 없음 +- **ORIGINAL** : 원 오픈소스 +- **FILE** : 파일 단위 소스 코드 +- **MODULE** : 모듈 단위 소스 코드 +- **LIBRARY** : 라이브러리 단위 소스 코드 +- **DERIVATIVE WORK** : 법적으로 파생 저작물의 범위 +- **EXECUTABLE** : 실행 파일을 구성하는 부분의 소스 코드 +- **DATA** : 데이터 자체 +- **SOFTWARE USING THIS** : 해당 소프트웨어를 사용하는 모든 소프트웨어 +- **UNSPECIFIED** : 소스 공개해야 하지만, 공개 범위 정확하지 않은 경우 + +### Obligation +{: .specific-title} +License별로 고지 및 소스코드 공개 의무사항을 알 수 있습니다. +- **Notice**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Copyright나 License (혹은 둘 다)에 대한 고지의 의무가 있음을 의미합니다. +- **Source**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Source Code 공개 의무가 있음을 의미합니다. + +### Web site for the license +{: .specific-title} +- License 원문의 web site 정보를 제공합니다. URL 클릭 시 해당 사이트로 이동합니다. + +### User Guide +{: .specific-title} +- License 사용 시 주의 사항을 알 수 있습니다. + +## (Admin Only) License 추가, 수정, 삭제 +{: .left-bar-title } +### License 추가 +{: .specific-title} +![NEW_OSS](images/3_lic_add.PNG){: .styled-image width="829" height="1118"} +1. License List에서 좌측 상단 Add 버튼을 클릭합니다. +2. "New_License" 탭에서 신규 OSS의 정보를 입력합니다. + - **License Name, Nick Name**은 중복될 수 없습니다. + - **Obligation** : + - Notice가 체크된 경우, OSS Notice에 포함됩니다. + - Source Code가 체크된 경우, Packaging 탭에서 소스 코드 취합 OSS 목록으로 표시됩니다. + - **User Guide** : 해당 OSS에 대한 정보를 입력합니다. + - **Attribution** : OSS Notice 발행시 별도로 포함되어야 하는 문구를 기입합니다. +3. 우측 상단의 Save 버튼()을 클릭합니다. + +### License 수정 +{: .specific-title} +1. License List에서 수정할 License Name을 클릭합니다. +2. License 상세정보 탭에서 수정합니다. +3. 우측 상단의 Save 버튼을 클릭합니다. + +### License 삭제 +{: .specific-title} +1. License List에서 삭제할 License Name을 클릭합니다. +2. License 상세정보 탭에서 Comment란에 삭제 사유를 기입합니다. +3. 우측 상단의 Delete 버튼을 클릭합니다. + +### License 공유 +{: .specific-title} +1. Share 버튼을 클릭하여 생성되는 URL을 통해 License를 공유할 수 있습니다. diff --git a/menu/3_oss.md b/menu/3_oss.md new file mode 100644 index 00000000..0474404e --- /dev/null +++ b/menu/3_oss.md @@ -0,0 +1,180 @@ +--- +sort: 3 +published: true +--- +# Open Source +
+ 등록된 OSS(Open Source Software) 정보를 확인하고, OSS를 추가, 수정, 삭제할 수 있습니다.
+ OSS List의 OSS Name Column 내 cell을 클릭하면 상세정보를 확인할 수 있습니다.
+ Deactivate된 Legacy OSS의 경우 회색 Row로 표시됩니다.
+
+ +## Open Source List +{: .left-bar-title } +![OssList](images/2_oss_list.png) + +### ID +{: .specific-title} +- Open Source를 식별하는 숫자입니다. +- Open Source 버전이 여러 개 등록된 경우 '+'가 표시되며 최상위 버전이 표시됩니다. '+' 버튼을 클릭하면 하위 버전의 Open Source 정보를 확인할 수 있습니다. + +### OSS Type +{: .specific-title} +- **Multi** + - Multi License로 하나의 OSS에 여러 License의 Source Code가 포함된 경우입니다. + - 실제 사용한 Source Code에 해당하는 License만 OSS 보고서 또는 Identification의 OSS List에 포함하면 됩니다. + - 예) OSS License : LGPL-2.1 AND GPL-2.0 AND Zlib AND CUPS License Agreement +- **Dual** + - Dual License로 여러 License 중 하나를 선택할 수 있습니다. + - 의무 사항이 상대적으로 적은 License를 선택하는 것이 더 좋습니다. (Obligation 참조) + - 예) OSS License : Apache-2.0 OR LGPL-2.1 +- **V-Diff** + - Version different License로 Open Source 버전 별로 License가 다른 경우입니다. + +### OSS Name +{: .specific-title} +- Nick 표시된 OSS는 하나의 OSS가 여러 개의 Name을 갖고 있습니다. + 예) "bison"의 Nick name은 "Bison parser", "GNU bison" 로 모두 같은 OSS를 표현하고 있습니다. + Identification에서 GNU bison (Nick name)으로 입력된 경우 자동으로 bison (OSS name)으로 변경됩니다. +- 검색 시 자동완성을 지원하며, 세 글자 입력부터 부분 일치하는 OSS Name 목록이 표시됩니다. + +### Version +{: .specific-title} +- OSS 버전을 의미합니다. + +### License Name +{: .specific-title} +- OSS의 Declared License 정보를 알 수 있습니다. +- Multi License는 OSS에 포함되는 모든 License가 AND로 표시됩니다. +- Dual License는 OSS의 License를 복수 개 중 선택할 수 있고 OR로 표시됩니다. +- 입력 키워드에 License Name 또는 SPDX Identifier 와 일치하는 License 입력시 이를 포함하는 모든 Open Source를 검색합니다. + +### License Type +{: .specific-title} +- [License Type](https://fosslight.org/hub-guide/menu/2_license.html#license-type)을 참고하시기 바랍니다. + +### Obligation +{: .specific-title} +- OSS별로 고지와 소스 코드 공개 의무사항을 알 수 있습니다. + - **Notice**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Copyright나 License (혹은 둘 다)에 대한 고지의 의무가 있음을 의미합니다. + - **Source**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Source Code 공개 의무가 있음을 의미합니다. + +### Download Location +{: .specific-title} +- Open Source를 다운로드 받을 수 있는 URL이 Link로 표시되며, 클릭 시 해당 사이트로 이동하거나 파일을 다운로드 받을 수 있습니다. +- 웹 리소스에 대한 고유한 식별자인 Purl 정보를 확인할 수 있습니다. + +### Homepage +{: .specific-title} +- Open Source 공식 Site가 있으면, URL로 표시되며 클릭 시 해당 사이트로 이동합니다. +- URL에 마우스 오버 시 상세주소를 확인할 수 있습니다. + +### Description +{: .specific-title} +- Open Source 사용 시 주의 사항을 확인할 수 있습니다. + +### Vulnerability +{: .specific-title} +- NIST에서 제공하는 NVD DB에서 해당 OSS가 검색되면 취약 정도 (CVE Score)에 따라 Vulnerability 아이콘 색깔로 구분되어 표시됩니다. + +## OSS 상세정보 +{: .left-bar-title } +OSS List에서 OSS Name을 클릭합니다. +![OssList](images/2_oss_user_detail.png) + + +### Vulnerability Info +{: .specific-title} +1. OSS Version Alias : CVE-ID 매핑시, 추가로 매핑된 버전 정보 +2. Include CPE : CVE-ID 매핑시 매핑된 cpe 정보 +3. Exclude CPE : CVE-ID 매핑시 제외된 cpe 정보 + +### Detected License +{: .specific-title} +- OSS에서 추가로 검출된 License 정보 + + +### Restriction +{: .specific-title} +- OSS별 제약 사항 (License의 Restriction과 별개) Level에 따라 Restriction 아이콘 색깔이 다르게 표시됩니다. +상세 내용은 [Restriction](https://fosslight.org/hub-guide/menu/2_license.html#restriction)을 참고하시기 바랍니다. + ![restriction_green](images/2_oss_green.png) : Level 1 + ![restriction_yellow](images/2_oss_yellow.png) : Level 2~3 + ![restriction_red](images/2_oss_red.png) : Level 4~5 + +### Summary Description +{: .specific-title} +- Open Source 사용 시 주의 사항을 확인할 수 있습니다. + +### Important Notes +{: .specific-title} +- OSS 사용 시 반드시 확인해야 할 사항들이 기술되어 있습니다. + + +### Attribution +{: .specific-title} +- OSS Notice 발행시 별도로 포함되는 문구를 확인할 수 있습니다. + + +## (Admin Only) OSS 추가, 수정, 복사, 삭제, 일괄 변경 +{: .left-bar-title } +OSS List에서 OSS Name을 클릭합니다. +Admin 인 경우에만 Editable하게 표시되며 Share, Sync, Copy, Delete, Save 버튼이 표시됩니다. + +
+OSS 상세정보(Admin) +NEW_OSS +
+ +### OSS 추가 +{: .specific-title} +1. OSS List에서 좌측 상단 **Add** 버튼을 클릭합니다. +2. "New_Opensource" 탭에서 신규 OSS의 정보를 입력합니다. + - OSS Name, Nick Name은 중복될 수 없습니다. +3. 우측 상단의 **Save** 버튼을 클릭합니다. + + +### OSS 수정 +{: .specific-title} +- 정보를 수정한 후 우측 상단의 **Save** 버튼을 클릭합니다. + +### OSS 공유 +{: .specific-title} +- **Share** 버튼을 클릭하여 생성되는 URL을 통해 OSS를 공유할 수 있습니다. + +### OSS 복사 +{: .specific-title} +- OSS 복사 기능은 동일한 OSS의 다른 버전을 추가할 때 유용합니다. + 1. 우측 상단의 **Copy** 버튼을 클릭합니다. + 2. 동일한 OSS 정보로 "New_Opensource" 탭이 뜹니다. + 3. 이때, OSS Version에 "_Copied"가 append 되어 있으므로 버전 정보를 수정해야 합니다. + 4. 정보 수정 후 우측 상단의 **Save** 버튼을 클릭하면 OSS가 등록됩니다. + +### OSS 삭제 +{: .specific-title} +1. Comment란에 삭제 사유를 기입합니다. +2. 우측 상단의 **Delete** 버튼을 클릭합니다. + - 📢 해당 OSS가 Identification 단계가 Confirm된 Project에 포함된 경우, Delete 버튼 클릭 시 다른 OSS로 Merge 하는 창이 팝업됩니다. + ![NEW_OSS](images/2_oss_rename.PNG) + - Merge할 OSS를 선택하면, 삭제하는 OSS의 Name과 NickName은 Merge하는 OSS의 Nickname으로 이동됩니다. + + +### OSS 버전별 정보 일괄 변경 기능 +{: .specific-title} +- OSS에 여러 버전이 등록된 경우, 각 버전별 정보를 일괄 업데이트시 사용합니다. 우측 상단의 **Sync** 버튼을 클릭합니다. +![OSS_SYNC](images/2_oss_sync.PNG) + 1. 수정할 OSS 버전을 선택합니다. + - 이미 동일한 OSS 정보를 가진 버전의 경우, 회색으로 표시되며 선택 불가합니다. + 2. 수정할 OSS의 정보를 선택합니다. + 체크된 항목에 대해서만 정보가 업데이트됩니다. + - 표시되는 정보는 i에서 선택된 Row의 해당 버전의 OSS 정보가 표시됩니다. + 3. Comment 입력란 + - OK 클릭시 i에서 선택한 수정할 OSS 버전에 입력한 Comment가 추가됩니다. + +### Project +{: .specific-title} +- 해당 OSS가 사용되는 Project 정보를 확인할 수 있습니다. + + diff --git a/menu/4_project.md b/menu/4_project.md new file mode 100644 index 00000000..069d30a0 --- /dev/null +++ b/menu/4_project.md @@ -0,0 +1,70 @@ +--- +sort: 4 +published: true +--- +# Project +
+ Open Source Software를 포함하는 Software의 개발 및 배포를 위해 수행해야 하는 Process를 순차적으로 수행합니다.
+ 상세 내용은 Project tutorial을 참고하시기 바랍니다.
+ 1. Identification : Open Source 분석 결과(FOSSLight Report)를 작성하여 OSPO에게 리뷰받습니다.
+ 2. Packaging : 공개할 Source Code를 취합하여 OSS Package를 생성합니다.
+ 3. Distribution : OSS Notice와 OSS Package를 배포사이트에 등록합니다. +
+ +## Project List +{: .left-bar-title } +Project를 검색하고, 해당 Project의 전체적인 정보를 확인하고 FOSSLight Report, OSS Notice, OSS Package를 다운로드할 수 있습니다. +![ProjectList](images/4_project_list_main.png){: .styled-image} + +### 1. Project Search +{: .specific-title} +- Project의 Name으로 검색할 수 있습니다. **Advanced Search** 기능을 이용하여 다양한 조건으로 검색 가능합니다. + - Advanced Search + - ID, Creator, Model Name 등 다양한 조건으로 검색 가능합니다. + ![Project_adv_search](images/4_project_search_adv.png){: .styled-image} + + +### 2. Project ID +{: .specific-title} +- 프로젝트를 식별하는 고유 숫자입니다. + +### 3. Project Name (Version) +{: .specific-title} +- 더블 클릭하면 Project 상세 화면으로 이동합니다. + +### 4. Status +{: .specific-title} +- Project의 상태 정보를 표시합니다. + +|Status| Description | +|----|----| +| Progress | · 사용자가 작성하고 있는 상태입니다.| +| Request |· Identification 또는 Packaging 단계에서 사용자가 Review를 요청한 상태입니다.
· Self Reject을 통하여 Progress 상태로 변경할 수 있습니다.| +| Review | · Identification 또는 Packaging 단계에서 리뷰어가 Review 중인 상태입니다.
· 사용자는 프로젝트 정보를 수정할 수 없습니다.
· 수정이 필요한 경우, Reviewer에게 [Comment](#comment)를 남겨 Reject 요청해주시기 바랍니다.| +| Final Review | · OSPO 책임자가 최종 리뷰를 진행하고 있는 상태입니다.| +| Complete | · Project Review가 완료된 상태를 의미합니다.
· 사용자는 프로젝트 정보를 수정할 수 없습니다.
· 수정이 필요한 경우 Reviewer에게 Reopen 요청해주시기 바랍니다.| +| Drop | · 더 이상 OSC Process를 진행하지 않는 상태를 의미합니다.
· Complete가 아닌 경우, Status와 무관하게 사용자가 Drop 설정할 수 있으며, 필요시에는 Reopen을 클릭하여 직접 Open할 수 있습니다.| + + +### 5. OSC Process +{: .specific-title} +- Project의 OSC 프로세스 진행 단계를 나타냅니다. + - Identification -> Packaging -> Distribution +- Status에 따라 Process의 진행 단계의 색도 달라집니다. + + +### 6. Download +{: .specific-title} +- (): Identification에서 입력한 목록을 **FOSSLight Report**로 다운로드할 수 있습니다. +- (): Identification의 SBOM 목록에서 Open Source , License, 보안 취약점 검토 결과 리스크와 주의사항이 있을 경우 이를 요약한 **Review Report**를 다운로드 할 수 있습니다. +- (): Packaging 단계가 완료된 경우 아이콘이 표시되며 **OSS Notice**를 다운로드할 수 있습니다. +- (): Packaging에서 공개할 Source Code가 업로드된 경우 아이콘이 표시되며 **OSS Package 파일**을 다운로드할 수 있습니다. + + + + +### 7. Security +{: .specific-title} +Project의 Identification에 포함된 전체 Open Source List의(Exclude 제외) Vulnerability 정보에 대해 나타냅니다. +- () : Vulnerability score가 기준 점수 이상인 경우 +- () : Vulnerability score가 기준 점수 미만인 경우 diff --git a/menu/5_third-party.md b/menu/5_third-party.md new file mode 100644 index 00000000..2cd2408d --- /dev/null +++ b/menu/5_third-party.md @@ -0,0 +1,74 @@ +--- +sort: 5 +published: true +--- +# 3rd Party +```note +- 3rd Party Software를 전달받는 경우, 3rd party에게 3rd Party OSS Checklist 작성 및 제출을 요청하고, 전달 받은 Software의 Open Source 정보를 등록하고 관리합니다. +- Status: Confirm인 3rd Party에 한하여 Project > Identification - 3rd Party 탭에서 Load할 수 있습니다. +``` + + +## 3rd Party SW 등록 과정 +{: .left-bar-title } +### 1. 사전 준비 사항 +{: .specific-title} + +- **Open Source Software List** + - 3rd party로부터 3rd Party OSS Checklist를 요청하여 취합합니다. + +### 2. 3rd Party SW 등록 +{: .specific-title} +![3rd_party_list](images/5_third_party_list.PNG) +1. 왼쪽 메뉴에서 3rd Party를 클릭합니다. +2. 3rd Party 왼쪽 상단의 **Add** 버튼을 클릭합니다. +3. 아래와 같이 New_3rdParty 탭에서 3rd Party 정보를 입력하고 준비한 **3rd Party OSS Checklist** 파일을 업로드 합니다. + ![3rd_party_new](images/5_third_party_new.PNG) + + ★ **3rd Party Field 별 Description** + + |Field| Description | + |:---|:---| + |**3rd Party Name**|3rd Party Name을 기입합니다.| + |**3rd Party Software Name**|3rd Party로부터 전달받은 Software 명을 기입합니다.| + |**3rd Party Software Version**|3rd Party로부터 전달받은 Software의 Version을 기입합니다.
(하나의 Software에 동일한 version 중복 불가)| + |**Delivery Form**|전달받은 Software의 형태를 선택합니다. (Source Code Form, Binary Form 중 선택)| + |**View Permission**| Everyone : 모든 사용자가 해당 3rd Party SW 정보를 조회할 수 있습니다.
Creator/Editor: Creator와 Editor 외에는 해당 3rd Party SW를 조회할 수 없게 합니다.| + |**OSS Checklist (Open Source List)**| 미리 준비한 3rd Party OSS Checklist를 업로드합니다.
(업로드 시, apply할 sheet는 'Open Source Software List' 선택.)| + |**Related Documents**|3rd Party로부터 제공 받은 관련 문서를 업로드 합니다.| + |**Description**| Open Source Compliance에 필요한 부가 정보가 있을 경우, 기재합니다.| + |**Edit Permission**|해당 3rd Party SW 정보 및 현황을 공유하고자 하는 사용자를 등록합니다.| + +### 3. Request +{: .specific-title} +1. 3rd Party SW 정보를 입력 후 상단의 **Save** 버튼()을 클릭합니다. + ![3rd_party_save](images/5_third_party_save_1.PNG) + +2. Identification > 3rd party 탭에서 **Pre-Review**를 진행합니다. (Open Source, License 모두) + ![3rd_party_save](images/5_third_party_save_2.PNG) + +3. 수정된 내용이 있다면 Save 버튼()을 한 번 더 클릭합니다. + +4. BOM 탭의 우측 상단에 Save 버튼()을 클릭하여 저장한 후 **Request** 버튼을 클릭하여 리뷰를 요청합니다. + ![3rd_party_save](images/5_third_party_save_3_request.PNG) + + + +## 참고 +{: .left-bar-title } +### Create Project for OSS Notice +{: .specific-title} +배포하는 Software가 3rd Party Software로만 구성된다면, Confirm 된 3rd Party Software에서 **Project > Project**(Identification Confirm 상태)를 바로 생성할 수 있습니다. +단, Identification Confirm 불가인 경우 Identification request 상태의 Project가 생성됩니다. + + +## (Admin Only) 3rd Party Review +{: .left-bar-title } +1. 3rd Party에서 Status가 Request인 3rd Party의 Identification을 클릭합니다. +2. 우측 상단의 **Review Start**를 클릭합니다. + - Status: Review로 변경됩니다. +3. OSS Table의 빨간색 Warning message에 대하여 검토합니다. + - OSS Table에 빨간색 Warning message가 있을 경우, Confirm이 불가합니다. + - 신규 OSS로 등록하기 위해서는 해당 Row를 더블 클릭하면 해당 Row의 정보로 기입된 신규 OSS 등록 팝업이 뜹니다. +4. 확인이 완료되면 Confirm 버튼을 클릭합니다. + - 사용자에게 다시 확인 요청할 경우 Reject 버튼을 클릭합니다. diff --git a/menu/6_self-check.md b/menu/6_self-check.md new file mode 100644 index 00000000..92c8d81c --- /dev/null +++ b/menu/6_self-check.md @@ -0,0 +1,27 @@ +--- +sort: 8 +published: true +--- +# Self-Check +
+Self-Check에서는 검토할 OSS에 대한 License, 보안 취약점 등의 정보를 리뷰 과정 없이 간편하게 확인할 수 있습니다. +
+ + + +## Self-Check를 통해 확인할 수 있는 정보 +{: .left-bar-title} +Self-Check Project를 생성하고 검토할 OSS를 입력하면 아래 정보를 확인할 수 있습니다. +- **OSS 상세 정보** : 등록된 Version, Version별 License, Copyright, Homepage, Download Location 등 +- **License 상세 정보** : License의 종류, 의무사항, 제한사항, License 전문 등 +- **User Guide** : 해당 OSS 사용 시 주의사항 등 +- **Vulnerability** : NVD(National Vulnerability Database)에서 제공하는 보안 취약점 정보 + +## Self-Check을 통한 확인 절차 +{: .left-bar-title} +Self-Check는 아래와 같은 절차를 통해 진행할 수 있습니다. +1. [Self-Check Project 생성 및 OSS 정보 입력](https://fosslight.org/hub-guide/tutorial/2_self_check/1_create_project.html) +2. [OSS 및 License 정보 확인](https://fosslight.org/hub-guide/tutorial/2_self_check/2_verify_oss_license.html) +3. [Vulnerability 정보 확인](https://fosslight.org/hub-guide/tutorial/2_self_check/3_verify_vulnerability.html) +4. [추천 OSS Name 확인](https://fosslight.org/hub-guide/tips/1_common/2_pre_review/2_how_to_check_oss.html) +5. [Declared License 확인](https://fosslight.org/hub-guide/tips/1_common/2_pre_review/1_how_to_check_license.html) diff --git a/menu/7_vulnerability.md b/menu/7_vulnerability.md new file mode 100644 index 00000000..be95941a --- /dev/null +++ b/menu/7_vulnerability.md @@ -0,0 +1,101 @@ +--- +sort: 7 +published: true +--- +# Vulnerability +Open Source의 보안 취약점 존재 여부 및 관련 정보(CVE ID, CVSS Score)를 확인할 수 있습니다. + +## Vulnerability YouTube 영상 가이드 +{: .left-bar-title} + +


+ +## Vulnerability List +{: .left-bar-title} +- **[NVD(National Vulnerability Database)](https://nvd.nist.gov/)**의 NVD Data Feeds에서 제공되는 Open Source의 버전별 최고 보안 취약점 정보를 확인하고 검색할 수 있습니다. +![VulList](images/7_vul_list_main.PNG){: .styled-image} + +### 1. 검색 조건 +{: .specific-title} +**OSS Name, OSS Version, CVE ID** 등을 설정하여 검색할 수 있습니다. +- OSS Name과 OSS Version은 OSS List에 등록된 OSS와는 무관하며, NVD Data Feeds Product Name과 Version을 의미합니다. +- Exact match 체크 후 검색시, OSS Name 란의 검색어와 완전 일치되는 결과만 조회합니다. +- CVE ID의 경우, 완전 일치되는 결과만 조회합니다. + +### 2. 검색 결과 +{: .specific-title} +- **OSS Name 링크 클릭 시** : 해당 Row(행)의 OSS Name, nickname의 해당 버전별 검색된 모든 CVE 결과가 팝업으로 표시됩니다. + - OSS Name, nickname, version에 대하여 완전 일치 검색 결과 + - 단, version: '-'인 경우는 모든 버전 조회 +- **Nickname 링크 클릭 시** : nickname으로만 조회되는 해당 버전의 모든 CVE 결과가 팝업으로 보여집니다. + - Nickname, version에 대한 완전 일치 검색 결과 + - 단, version: '-'인 경우는 모든 버전 조회 +- **Max CVSS Score**: OSS의 버전별 가장 높은 Critical Level이 표시됩니다. +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
SeverityCVSS Score Range
+ CriticalIcon + Critical + 9.0 ~ 10.0
+ HighIcon + High + 7.0 ~ 8.9
+ MediumIcon + Medium + 4.0 ~ 6.9
+ LowIcon + Low + 0.1 ~ 3.9
+
+ +### 3. 검색 결과 Export +{: .specific-title} +- Vulnerability 정보 조회 후, 왼쪽의 Export 버튼을 클릭하여 엑셀로 다운로드할 수 있습니다. +![VulExport](images/7_vul_export_list_2.png){: .styled-image} +- **Export 정보 확인** +![VulExport](images/7_vul_export_excel.PNG){: .styled-image} + - **OSS Name**: OSS Table에 쓰여진 OSS Name + - **OSS Version**: Vulnerability 조회된 version + - OSS 버전이 공란인 경우, Vulnerability 에 존재하는 모든 버전에 대하여 정보를 출력합니다. + - OSS Version이 설정되어 있는 경우 해당 Version의 하위 버전은 CSV 에 포함되지 않습니다. (상위 버전은 모두 포함) + - **CVE ID**: NVD(National vulnerability Database)에서 제공하는 보안 취약점 정보 ID + - **CVSS Score**: 해당 OSS, Version에 대한 Vulnerability **Max Score** + - **Description**: 해당 OSS의 Description 정보 + - **Published Date**: NVD에서 해당 보안 취약점을 Publish한 날짜 + - **Last Revised**: NVD에서 해당 보안 취약점에 대해 정보를 수정한 날짜 + - **Vendor**: OSS Vender(같은 OSS Name일 때, OSS의 Vendor 구분을 위한 항목) + +


+ +## Vulnerability 상세 정보 +{: .left-bar-title} +- Vulnerability List에서 검색 후 OSS Name 또는 Nickname의 링크를 클릭하면 상세 화면를 볼 수 있습니다. +![VulPopUp](images/7_vul_popup_detail.PNG){: .styled-image} \ No newline at end of file diff --git a/menu/9_system.md b/menu/9_system.md new file mode 100644 index 00000000..91341b76 --- /dev/null +++ b/menu/9_system.md @@ -0,0 +1,107 @@ +--- +sort: 10 +published: true +--- +# System (Admin Only) +FOSSLight Hub 운영 Log를 확인하거나 운영 Data를 변경합니다. +

+ +## Code Management +{: .left-bar-title} +
+ +FOSSLight Hub 동작 관련 세팅 값을 설정합니다. +- Code No 또는 Code Name (부분 일치)로 검색 가능합니다. +![config](images/9_system_code.png){: .styled-image}
+- 검색 결과 목록이 표시되며 row 클릭 시, 하단에 상세 코드 정보가 표시됩니다. + - 상세 코드는 테이블 왼쪽 상단의 + 버튼을 클릭하여 row를 추가할 수 있으며, list에서 row를 더블 클릭하면 전체 row가 편집 모드로 변경됩니다. + - 수정 후 save 버튼을 클릭하여 수정한 내용을 적용할 수 있습니다. + - 편집 모드를 취소하고자 하는 경우는 상단 Code 검색 결과 영역을 (row) 다시 선택하여, 상세 코드 영역을 초기화할 수 있습니다. +![search](images/9_system_code_search.png){: .styled-image} +


+ + +## User Management +{: .left-bar-title} +
+ +등록된 계정 목록을 확인하고 정보를 수정합니다. +- **Token Proc > Create** 버튼 : [Rest API](https://fosslight.org/hub-guide/advanced/2_rest_api_2.html)에서 사용할 Token을 생성합니다. +- **Password > reset** 버튼 : 비밀번호를 사용자 ID와 동일한 값으로 초기화합니다. +- **Use YN** : 휴면 계정을 설정합니다. +- **Admin** : Admin 권한을 부여합니다. +![user](images/9_system_user.png){: .styled-image} + +


+ +## History List +{: .left-bar-title} +
+ +License List, OSS List, Project 기본 정보의 변경 이력을 조회할 수 있습니다. +- **검색 영역** + - **Name** : License Name, OSS Name 또는 Project Name으로 조회할 수 있음 + - **Modifier** : 사용자로(Action 행위자) 조회할 수 있음 + - **Modify Type** : License, Open Source, 또는 Project로 선택하여 조회할 수 있음 + - **Action** : Insert, Update, 또는 Delete로 선택하여 조회할 수 있음 + - **Modified Date** : 특정 기간 내 변경 이력을 조회할 수 있음 +![history](images/9_system_history.png){: .styled-image} +- **상세 내용** + - 검색 결과의 row를 더블 클릭하여 상세 내용을 확인할 수 있습니다. + ![detail](images/9_system_history_detail.png){: .styled-image} +


+ +## Notification +{: .left-bar-title} +
+ +FOSSLight Hub 로그인 시 나타나는 공지 팝업을 관리합니다. +![noti](images/9_system_noti_list.png){: .styled-image} +- **추가** + - 왼쪽 상단의 + 버튼을 클릭하여 공지를 추가합니다. + - Start Date : 공지 시작일 + - End Date : 공지 종료일 + - Publish : 체크된 경우, 공지 팝업이 표시됩니다. + ![notiadd](images/9_system_noti_add.png){: .styled-image} + +- **수정** + - 수정하고자 하는 공지의 Row를 클릭 > 왼쪽 상단의 ![notiicon](images/9_system_noti_modify_icon.png)을 클릭 > 내용 수정 > Submit 버튼을 클릭합니다. +


+ +## Sent Mail List +{: .left-bar-title} +
+ +메일 발송 내역을 확인합니다. +![mail](images/9_system_mail.png){: .styled-image} +


+ + +## Vulnerability Log +{: .left-bar-title} +
+ +OSS의 Vulnerability Data 변경 사항을 확인합니다. +- Vulnerability Log는 OSS의 정보가 변경되거나 (Nick name 추가 등), 해당 OSS의 Vulnerability Score가 신규로 등록되거나 더 높은 Score의 CVE ID가 등록된 경우 업데이트됩니다. +- 필터 기능을 이용하여, 특정 OSS (Version)의 Vulnerability 정보의 변경 이력을 확인할 수 있습니다. +- CVE ID를 클릭하면 NVD 사이트의 해당 CVE 상세화면으로 이동합니다. +![vul](images/9_system_vul.png){: .styled-image} +


+ + +## Server Setting +{: .left-bar-title } +
+ +![server](images/9_system_server.png){: .styled-image} +- **Authentication using LDAP** + - FOSSLight Hub는 JNDI를 사용하여 Active Directory 등 LDAP을 사용할 수 있는 환경에서는 LDAP을 이용한 사용자 패스워드 인증 처리를 지원합니다. + - Provider URL : LDAP 서버 정보를 ldap://<AD_SERVER_IP>:<LDAP_PORT> 형식으로 설정합니다. (javax.naming.Context.PROVIDER_URL) + +- **Notice Setting** + - **Notice Type**: 발급 가능한 OSS 고지문 형식을 설정합니다. + +- **External Analysis Setting** + - Self-Check 메뉴에서 Upload URL을 통해 Source Code를 분석할 때 연동되는 FOSSLight Scanner Service 정보를 설정합니다. + - **FL Scanner Url** : 분석 연동할 FOSSLight Scanner Service 서버의 URL을 입력합니다. + - **Admin Token** : Admin 권한이 있는 계정의 token을 입력합니다. 이 token 값은 FOSSLight Scanner Service에 세팅한 token값과 동일해야 합니다. diff --git a/started/2_try/README.md b/menu/README.md similarity index 66% rename from started/2_try/README.md rename to menu/README.md index 3b72722e..39c62077 100644 --- a/started/2_try/README.md +++ b/menu/README.md @@ -1,5 +1,5 @@ --- -sort: 1 +sort: 3 published: true --- # FOSSLight Hub Menu @@ -10,26 +10,29 @@ FOSSLight Hub의 Menu별 기능을 소개합니다. ## [Sign In & Sign Up](1_sign.md) 로그인 및 계정 등록 -## [OSS List](2_oss.md) -OSS(Open Source Software) 정보 확인 및 등록 - -## [License List](3_license.md) +## [License](2_license.md) License 정보 확인 및 등록 +## [Open Source](3_oss.md) +OSS(Open Source Software) 정보 확인 및 등록 + ## [Project](4_project.md) Project 등록 및 Process 수행 ## [3rd Party](5_third-party.md) 3rd Party 등록 -## [Self-Check](6_self-check.md) -Self-Check 등록 및 OSS 정보 확인 +## [Binary DB](10_binarydb.md) +**(LG전자 사내 전용)** 시스템 운영 Log 확인 및 운영 Data 설정 변경 ## [Vulnerability](7_vulnerability.md) Open Source의 보안 취약점 존재 여부 및 관련 정보(CVE ID, CVSS Score) 확인 -## [Configuration](8_configuration.md) -*(Admin Only)* 시스템 설정 값 변경 +## [Self-Check](6_self-check.md) +Self-Check 등록 및 OSS 정보 확인 + +## [Compliance Status](11.compliance_status.md) +*(LGE Only)* 배포하는 Software 및 Model에 대한 Open Source Compliance 현황 확인 ## [System](9_system.md) -*(Admin Only)* 시스템 운영 Log 확인 및 운영 Data 설정 변경 +*(Admin Only)* 시스템 운영 Log 확인 및 운영 Data 설정 변경 \ No newline at end of file diff --git a/menu/images/11_3rd_party_status.png b/menu/images/11_3rd_party_status.png new file mode 100644 index 00000000..a4b787dd Binary files /dev/null and b/menu/images/11_3rd_party_status.png differ diff --git a/menu/images/11_after_upload.PNG b/menu/images/11_after_upload.PNG new file mode 100644 index 00000000..0f33c2aa Binary files /dev/null and b/menu/images/11_after_upload.PNG differ diff --git a/menu/images/11_binary_db.png b/menu/images/11_binary_db.png new file mode 100644 index 00000000..1e38f995 Binary files /dev/null and b/menu/images/11_binary_db.png differ diff --git a/menu/images/11_project_status.png b/menu/images/11_project_status.png new file mode 100644 index 00000000..68b0e324 Binary files /dev/null and b/menu/images/11_project_status.png differ diff --git a/menu/images/11_upload_binary_txt.PNG b/menu/images/11_upload_binary_txt.PNG new file mode 100644 index 00000000..7fc95408 Binary files /dev/null and b/menu/images/11_upload_binary_txt.PNG differ diff --git a/menu/images/1_sign_in.PNG b/menu/images/1_sign_in.PNG new file mode 100644 index 00000000..2d5fac5f Binary files /dev/null and b/menu/images/1_sign_in.PNG differ diff --git a/menu/images/1_sign_in_first_popup.PNG b/menu/images/1_sign_in_first_popup.PNG new file mode 100644 index 00000000..02f16908 Binary files /dev/null and b/menu/images/1_sign_in_first_popup.PNG differ diff --git a/menu/images/1_sign_up.PNG b/menu/images/1_sign_up.PNG new file mode 100644 index 00000000..4fe5ff6d Binary files /dev/null and b/menu/images/1_sign_up.PNG differ diff --git a/menu/images/2_oss_add_new.PNG b/menu/images/2_oss_add_new.PNG new file mode 100644 index 00000000..fb04eeb2 Binary files /dev/null and b/menu/images/2_oss_add_new.PNG differ diff --git a/menu/images/2_oss_detail.PNG b/menu/images/2_oss_detail.PNG new file mode 100644 index 00000000..33c105d3 Binary files /dev/null and b/menu/images/2_oss_detail.PNG differ diff --git a/menu/images/2_oss_detail.png b/menu/images/2_oss_detail.png new file mode 100644 index 00000000..7daad5d5 Binary files /dev/null and b/menu/images/2_oss_detail.png differ diff --git a/menu/images/2_oss_green.png b/menu/images/2_oss_green.png new file mode 100644 index 00000000..0eda3f35 Binary files /dev/null and b/menu/images/2_oss_green.png differ diff --git a/menu/images/2_oss_list.png b/menu/images/2_oss_list.png new file mode 100644 index 00000000..dd62a895 Binary files /dev/null and b/menu/images/2_oss_list.png differ diff --git a/started/images/2_oss_new.png b/menu/images/2_oss_new.png similarity index 100% rename from started/images/2_oss_new.png rename to menu/images/2_oss_new.png diff --git a/menu/images/2_oss_red.png b/menu/images/2_oss_red.png new file mode 100644 index 00000000..770987df Binary files /dev/null and b/menu/images/2_oss_red.png differ diff --git a/menu/images/2_oss_rename.PNG b/menu/images/2_oss_rename.PNG new file mode 100644 index 00000000..9ad40daf Binary files /dev/null and b/menu/images/2_oss_rename.PNG differ diff --git a/menu/images/2_oss_rename.png b/menu/images/2_oss_rename.png new file mode 100644 index 00000000..9ad40daf Binary files /dev/null and b/menu/images/2_oss_rename.png differ diff --git a/menu/images/2_oss_sync.PNG b/menu/images/2_oss_sync.PNG new file mode 100644 index 00000000..fa65bbe2 Binary files /dev/null and b/menu/images/2_oss_sync.PNG differ diff --git a/menu/images/2_oss_sync.png b/menu/images/2_oss_sync.png new file mode 100644 index 00000000..fa65bbe2 Binary files /dev/null and b/menu/images/2_oss_sync.png differ diff --git a/menu/images/2_oss_user_detail.png b/menu/images/2_oss_user_detail.png new file mode 100644 index 00000000..e728d6a7 Binary files /dev/null and b/menu/images/2_oss_user_detail.png differ diff --git a/menu/images/2_oss_yellow.png b/menu/images/2_oss_yellow.png new file mode 100644 index 00000000..2e02a856 Binary files /dev/null and b/menu/images/2_oss_yellow.png differ diff --git a/started/images/3_3rd_new.png b/menu/images/3_3rd_new.png similarity index 100% rename from started/images/3_3rd_new.png rename to menu/images/3_3rd_new.png diff --git a/menu/images/3_lic_add.PNG b/menu/images/3_lic_add.PNG new file mode 100644 index 00000000..8b5b4778 Binary files /dev/null and b/menu/images/3_lic_add.PNG differ diff --git a/menu/images/3_lic_list.png b/menu/images/3_lic_list.png new file mode 100644 index 00000000..5feaf98f Binary files /dev/null and b/menu/images/3_lic_list.png differ diff --git a/started/images/3_lic_new.png b/menu/images/3_lic_new.png similarity index 100% rename from started/images/3_lic_new.png rename to menu/images/3_lic_new.png diff --git a/started/images/4_project_3rd.png b/menu/images/4_project_3rd.png similarity index 100% rename from started/images/4_project_3rd.png rename to menu/images/4_project_3rd.png diff --git a/started/images/4_project_bi.png b/menu/images/4_project_bi.png similarity index 100% rename from started/images/4_project_bi.png rename to menu/images/4_project_bi.png diff --git a/started/images/4_project_bin.png b/menu/images/4_project_bin.png similarity index 100% rename from started/images/4_project_bin.png rename to menu/images/4_project_bin.png diff --git a/started/images/4_project_bom.png b/menu/images/4_project_bom.png similarity index 100% rename from started/images/4_project_bom.png rename to menu/images/4_project_bom.png diff --git a/started/images/4_project_dep.png b/menu/images/4_project_dep.png similarity index 100% rename from started/images/4_project_dep.png rename to menu/images/4_project_dep.png diff --git a/menu/images/4_project_download_file_icon.PNG b/menu/images/4_project_download_file_icon.PNG new file mode 100644 index 00000000..6b934fe9 Binary files /dev/null and b/menu/images/4_project_download_file_icon.PNG differ diff --git a/menu/images/4_project_download_notice_icon.PNG b/menu/images/4_project_download_notice_icon.PNG new file mode 100644 index 00000000..b9e7d7ca Binary files /dev/null and b/menu/images/4_project_download_notice_icon.PNG differ diff --git a/menu/images/4_project_download_report_icon.PNG b/menu/images/4_project_download_report_icon.PNG new file mode 100644 index 00000000..2fa0d4fd Binary files /dev/null and b/menu/images/4_project_download_report_icon.PNG differ diff --git a/menu/images/4_project_download_review_report_icon.PNG b/menu/images/4_project_download_review_report_icon.PNG new file mode 100644 index 00000000..f2656afe Binary files /dev/null and b/menu/images/4_project_download_review_report_icon.PNG differ diff --git a/menu/images/4_project_list_main.png b/menu/images/4_project_list_main.png new file mode 100644 index 00000000..82cf0939 Binary files /dev/null and b/menu/images/4_project_list_main.png differ diff --git a/started/images/4_project_notice.png b/menu/images/4_project_notice.png similarity index 100% rename from started/images/4_project_notice.png rename to menu/images/4_project_notice.png diff --git a/started/images/4_project_pkg.png b/menu/images/4_project_pkg.png similarity index 100% rename from started/images/4_project_pkg.png rename to menu/images/4_project_pkg.png diff --git a/menu/images/4_project_process.png b/menu/images/4_project_process.png new file mode 100644 index 00000000..59d217e0 Binary files /dev/null and b/menu/images/4_project_process.png differ diff --git a/menu/images/4_project_search_adv.png b/menu/images/4_project_search_adv.png new file mode 100644 index 00000000..1cdba91f Binary files /dev/null and b/menu/images/4_project_search_adv.png differ diff --git a/started/images/4_project_security1.png b/menu/images/4_project_security1.png similarity index 100% rename from started/images/4_project_security1.png rename to menu/images/4_project_security1.png diff --git a/started/images/4_project_security2.png b/menu/images/4_project_security2.png similarity index 100% rename from started/images/4_project_security2.png rename to menu/images/4_project_security2.png diff --git a/menu/images/4_project_security_na.PNG b/menu/images/4_project_security_na.PNG new file mode 100644 index 00000000..ef6d7a82 Binary files /dev/null and b/menu/images/4_project_security_na.PNG differ diff --git a/menu/images/4_project_security_need_to_resolve.PNG b/menu/images/4_project_security_need_to_resolve.PNG new file mode 100644 index 00000000..7fa4979b Binary files /dev/null and b/menu/images/4_project_security_need_to_resolve.PNG differ diff --git a/started/images/4_project_src.png b/menu/images/4_project_src.png similarity index 100% rename from started/images/4_project_src.png rename to menu/images/4_project_src.png diff --git a/started/images/4_project_status.png b/menu/images/4_project_status.png similarity index 100% rename from started/images/4_project_status.png rename to menu/images/4_project_status.png diff --git a/menu/images/5_third_party_list.PNG b/menu/images/5_third_party_list.PNG new file mode 100644 index 00000000..4bd7d71f Binary files /dev/null and b/menu/images/5_third_party_list.PNG differ diff --git a/menu/images/5_third_party_new.PNG b/menu/images/5_third_party_new.PNG new file mode 100644 index 00000000..50849c17 Binary files /dev/null and b/menu/images/5_third_party_new.PNG differ diff --git a/menu/images/5_third_party_save_1.PNG b/menu/images/5_third_party_save_1.PNG new file mode 100644 index 00000000..060ff0a9 Binary files /dev/null and b/menu/images/5_third_party_save_1.PNG differ diff --git a/menu/images/5_third_party_save_2.PNG b/menu/images/5_third_party_save_2.PNG new file mode 100644 index 00000000..f1112bca Binary files /dev/null and b/menu/images/5_third_party_save_2.PNG differ diff --git a/menu/images/5_third_party_save_3_request.PNG b/menu/images/5_third_party_save_3_request.PNG new file mode 100644 index 00000000..b707ec38 Binary files /dev/null and b/menu/images/5_third_party_save_3_request.PNG differ diff --git a/menu/images/7_vul_critical.png b/menu/images/7_vul_critical.png new file mode 100644 index 00000000..0f7f5844 Binary files /dev/null and b/menu/images/7_vul_critical.png differ diff --git a/started/images/7_vul_export.png b/menu/images/7_vul_export.png similarity index 100% rename from started/images/7_vul_export.png rename to menu/images/7_vul_export.png diff --git a/menu/images/7_vul_export_excel.PNG b/menu/images/7_vul_export_excel.PNG new file mode 100644 index 00000000..2ad1886f Binary files /dev/null and b/menu/images/7_vul_export_excel.PNG differ diff --git a/menu/images/7_vul_export_list_2.png b/menu/images/7_vul_export_list_2.png new file mode 100644 index 00000000..a789ae91 Binary files /dev/null and b/menu/images/7_vul_export_list_2.png differ diff --git a/menu/images/7_vul_high.png b/menu/images/7_vul_high.png new file mode 100644 index 00000000..57d7075d Binary files /dev/null and b/menu/images/7_vul_high.png differ diff --git a/started/images/7_vul_list.png b/menu/images/7_vul_list.png similarity index 100% rename from started/images/7_vul_list.png rename to menu/images/7_vul_list.png diff --git a/menu/images/7_vul_list_main.PNG b/menu/images/7_vul_list_main.PNG new file mode 100644 index 00000000..eb0e6e4e Binary files /dev/null and b/menu/images/7_vul_list_main.PNG differ diff --git a/menu/images/7_vul_low.png b/menu/images/7_vul_low.png new file mode 100644 index 00000000..9386e4f3 Binary files /dev/null and b/menu/images/7_vul_low.png differ diff --git a/menu/images/7_vul_medium.png b/menu/images/7_vul_medium.png new file mode 100644 index 00000000..33905043 Binary files /dev/null and b/menu/images/7_vul_medium.png differ diff --git a/started/images/7_vul_popup.png b/menu/images/7_vul_popup.png similarity index 100% rename from started/images/7_vul_popup.png rename to menu/images/7_vul_popup.png diff --git a/menu/images/7_vul_popup_detail.PNG b/menu/images/7_vul_popup_detail.PNG new file mode 100644 index 00000000..2804fb1a Binary files /dev/null and b/menu/images/7_vul_popup_detail.PNG differ diff --git a/started/images/8-1_configuration.png b/menu/images/8-1_configuration.png similarity index 100% rename from started/images/8-1_configuration.png rename to menu/images/8-1_configuration.png diff --git a/started/images/8-2_configuration.png b/menu/images/8-2_configuration.png similarity index 100% rename from started/images/8-2_configuration.png rename to menu/images/8-2_configuration.png diff --git a/started/images/8-3_configuration.png b/menu/images/8-3_configuration.png similarity index 100% rename from started/images/8-3_configuration.png rename to menu/images/8-3_configuration.png diff --git a/started/images/8_configuration.png b/menu/images/8_configuration.png similarity index 100% rename from started/images/8_configuration.png rename to menu/images/8_configuration.png diff --git a/menu/images/9_system_code.png b/menu/images/9_system_code.png new file mode 100644 index 00000000..c5d31f38 Binary files /dev/null and b/menu/images/9_system_code.png differ diff --git a/menu/images/9_system_code_search.png b/menu/images/9_system_code_search.png new file mode 100644 index 00000000..2365921e Binary files /dev/null and b/menu/images/9_system_code_search.png differ diff --git a/menu/images/9_system_history.png b/menu/images/9_system_history.png new file mode 100644 index 00000000..88d7e9a3 Binary files /dev/null and b/menu/images/9_system_history.png differ diff --git a/menu/images/9_system_history_detail.png b/menu/images/9_system_history_detail.png new file mode 100644 index 00000000..3448ab57 Binary files /dev/null and b/menu/images/9_system_history_detail.png differ diff --git a/menu/images/9_system_mail.png b/menu/images/9_system_mail.png new file mode 100644 index 00000000..16de32c1 Binary files /dev/null and b/menu/images/9_system_mail.png differ diff --git a/menu/images/9_system_noti_add.png b/menu/images/9_system_noti_add.png new file mode 100644 index 00000000..c75f6fb1 Binary files /dev/null and b/menu/images/9_system_noti_add.png differ diff --git a/menu/images/9_system_noti_list.png b/menu/images/9_system_noti_list.png new file mode 100644 index 00000000..f22f99e3 Binary files /dev/null and b/menu/images/9_system_noti_list.png differ diff --git a/menu/images/9_system_noti_modify_icon.png b/menu/images/9_system_noti_modify_icon.png new file mode 100644 index 00000000..a9bd39d1 Binary files /dev/null and b/menu/images/9_system_noti_modify_icon.png differ diff --git a/menu/images/9_system_server.png b/menu/images/9_system_server.png new file mode 100644 index 00000000..4ac88d6d Binary files /dev/null and b/menu/images/9_system_server.png differ diff --git a/menu/images/9_system_user.png b/menu/images/9_system_user.png new file mode 100644 index 00000000..3f531577 Binary files /dev/null and b/menu/images/9_system_user.png differ diff --git a/menu/images/9_system_vul.png b/menu/images/9_system_vul.png new file mode 100644 index 00000000..13489afd Binary files /dev/null and b/menu/images/9_system_vul.png differ diff --git a/menu/images/check_icon.png b/menu/images/check_icon.png new file mode 100644 index 00000000..703ffce9 Binary files /dev/null and b/menu/images/check_icon.png differ diff --git a/started/images/identification.png b/menu/images/identification.png similarity index 100% rename from started/images/identification.png rename to menu/images/identification.png diff --git a/started/images/license_list.png b/menu/images/license_list.png similarity index 100% rename from started/images/license_list.png rename to menu/images/license_list.png diff --git a/started/images/oss_list.png b/menu/images/oss_list.png similarity index 100% rename from started/images/oss_list.png rename to menu/images/oss_list.png diff --git a/started/images/project_basic.png b/menu/images/project_basic.png similarity index 100% rename from started/images/project_basic.png rename to menu/images/project_basic.png diff --git a/started/images/project_list.png b/menu/images/project_list.png similarity index 100% rename from started/images/project_list.png rename to menu/images/project_list.png diff --git a/menu/images/restriction_icon.png b/menu/images/restriction_icon.png new file mode 100644 index 00000000..99ae9f73 Binary files /dev/null and b/menu/images/restriction_icon.png differ diff --git a/menu/images/save_button.PNG b/menu/images/save_button.PNG new file mode 100644 index 00000000..c2536c7b Binary files /dev/null and b/menu/images/save_button.PNG differ diff --git a/started/images/self-check_bom.png b/menu/images/self-check_bom.png similarity index 100% rename from started/images/self-check_bom.png rename to menu/images/self-check_bom.png diff --git a/started/images/self-check_list.png b/menu/images/self-check_list.png similarity index 100% rename from started/images/self-check_list.png rename to menu/images/self-check_list.png diff --git a/started/images/sign_in.png b/menu/images/sign_in.png similarity index 100% rename from started/images/sign_in.png rename to menu/images/sign_in.png diff --git a/started/images/sign_up.png b/menu/images/sign_up.png similarity index 100% rename from started/images/sign_up.png rename to menu/images/sign_up.png diff --git a/scanner/1_prechecker.md b/scanner/1_prechecker.md deleted file mode 100644 index 08a67ce7..00000000 --- a/scanner/1_prechecker.md +++ /dev/null @@ -1,361 +0,0 @@ ---- -published: true -title: FOSSLight Prechecker ---- -# FOSSLight Prechecker - -License Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_prechecker)](https://api.reuse.software/info/github.com/fosslight/fosslight_prechecker) - -[**FOSSLight Prechecker**](https://github.com/fosslight/fosslight_prechecker)는 [reuse-tool][ret]을 이용하여 [소스 코드의 저작권 및 License 표기 규칙][rule]을 준수하는지 확인하고 보완하기 위해 사용할 수 있는 도구입니다. - -[ret]: https://github.com/fsfe/reuse-tool -[rule]: https://opensource.lge.com/guide/19 - -**Github Repository** : [https://github.com/fosslight/fosslight_prechecker](https://github.com/fosslight/fosslight_prechecker) -**License** : [GPL-3.0-only](https://github.com/fosslight/fosslight_prechecker/blob/main/LICENSE) - -## 목차 - - [필요 조건](#-필요-조건) - - [설치 방법](#-설치-방법) - - [실행 방법](#-실행-방법) - - [결과](#-결과) - - [동작 방식](#-동작-방식) - -## 📋 필요 조건 -[**FOSSLight Prechecker**](https://github.com/fosslight/fosslight_prechecker)는 Python 3.7+ 기반에서 동작합니다. - -## 🎉 설치 방법 -FOSSLight Prechecker는 pip3를 이용하여 설치할 수 있습니다. -[python 3.7 + virtualenv](etc/guide_virtualenv.md) 환경에서 설치할 것을 권장합니다. -``` -$ pip3 install fosslight_prechecker -``` - -## 🚀 실행 방법 -FOSSLight Prechecker 다음 세가지 모드를 가지고 있습니다. -1. `lint` --- [Source Code 내 저작권 및 License 표기 규칙][rule]을 준수하는지 체크합니다. -2. `convert` --- [sbom-info.yaml](https://github.com/fosslight/fosslight_prechecker/blob/main/tests/convert/sbom-info.yaml) 또는 [oss-pkg-info.yaml](https://github.com/fosslight/fosslight_prechecker/blob/main/tests/convert/oss-pkg-info.yaml)을 [fosslight_report.xlsx](https://github.com/fosslight/fosslight-guide/blob/master/learn/2_fosslight_report.md)로 변환합니다. - - yaml 파일을 fosslight_report.xlsx의 SRC Sheet로 변환 -3. `add` --- Copyright와 License가 없는 파일에 Copyright, License, 그리고 Download Location을 추가합니다. - -``` -$ fosslight_prechecker [Mode] [option1] [option2] ... -``` - -### Mode별 실행 방법 및 Parameters -* Required parameter : **Mode** -* Optional parameter : **Options** - -``` -Mode - lint (Default) 저작권 및 License 표기 규칙 준수 확인 - convert sbom-info.yaml or oss-pkg-info.yaml -> fosslight_report.xlsx로 변환 - add 소스 코드에 Copyright와 License 추가 - -Options: - -h 설명 메시지 출력 - -v FOSSLight Prechecker 버전 출력 - -p 체크할 소스 경로 - -f 결과 파일 포맷 (yaml, xml, html) - -o 결과 파일 이름 지정 - -n venv, node_modules, ./ 에 대하여 분석 제외하지 않으려면 추가 - -i log 파일 미생성 및 Progress bar 제거 - -Options for only 'add' mode - -l 추가할 라이선스 (SPDX License Identifer) - -c 추가할 저작권 (ex, ) - -u 추가할 Download Location(ex, https://www.testurl.com) -``` - -**(Windows인 경우)** 실행 파일을 이용한 방법 -1. [FOSSLight Prechecker - Release](https://github.com/fosslight/fosslight_prechecker/releases) 에서 fosslight_prechecker_windows.exe를 다운로드 -2. 두 가지 실행 방법 -2-1. 실행 파일을 원하는 path로 이동 후 더블 클릭하여 실행 - * Default 모드인 Lint mode만 실행 -2-2. command로 실행 - * 'cmd' 실행 - * 파일이 위치한 Path에서 'Mode별 실행 방법 및 Parameters'와 같이 실행 - * ex) fosslight_prechecker lint -p src/ - - -## 📁 결과 -### 🔖 lint mode - -**1) 특정 경로분석 예시** -``` -(venv)$ fosslight_prechecker lint -p /home/tests -o result.yaml -``` -- 실행 결과 - 
-       Checking copyright/license writing rules:
-          Compliant: Not OK
-          Files without copyright:
-          - add/test_no_copyright.py
-          Files without license:
-          - add/test_no_license.py
-          Files without license and copyright: N/A
-          Summary:
-            Detected Licenses:
-            - '-'
-            - GPL-3.0-only
-            - MIT
-            Files without copyright / total: 1 / 14
-            Files without license / total: 1 / 14
-            Open Source Package File:
-            - convert/oss-pkg-info.yaml
-            - add/oss-pkg-info.yaml
-          Tool Info:
-            Analyze path: tests
-            OS: Linux 4.15.0-144-generic
-            Python version: 3
-            fosslight_prechecker version: fosslight_prechecker v2.2.0
- -**2) 특정 파일 분석 예시** -``` -(venv)$ fosslight_prechecker lint -p "src/file1.py,src/file2.py" -``` -- 실행 결과 - 
-        # src/file1.py
-        * License: 
-        * Copyright: 
-
-        # src/file2.py
-        * License: GPL-3.0-only
-        * Copyright: Copyright (c) 2022 LG Electronics Inc.
-
-        Checking copyright/license writing rules:
-          Compliant: Not OK
-          Files without copyright: N/A
-          Files without license: N/A
-          Files without license and copyright:
-          - src/fosslight_prechecker/_precheck.py
-          Summary:
-            Detected Licenses: N/A
-            Files without copyright / total: 1 / 2
-            Files without license / total: 1 / 2
-            Open Source Package File: []
-          Tool Info:
-            Analyze path: /home/jaekwonbang/tests
-            OS: Linux 4.15.0-144-generic
-            Python version: 3
-            fosslight_prechecker version: fosslight_prechecker v2.2.0
- -{::options parse_block_html="true" /} -
-결과 출력 항목 -포맷에 따라 결과로 출력되는 항목이 다를 수 있습니다.(Default 포맷 : yaml) - - - **Compliant**: lint 결과가 Compliant한지 여부 (OK or Not OK) - - **Files without copyright**: Copyright가 없는 파일 리스트 - - **Files without license**: License가 없는 파일 리스트 - - **Files without license and copyright**: Copyright와 License 모두 없는 파일 리스트 - - **Summary** - - **Detected Licenses**: 검출된 License - - **Files without copyright / total:** Copyright 없는 파일 수 / 전체 파일 수 - - **Files without license / total**: License 없는 파일 수 / 전체 파일 수 - - **Files without copyright / total**: Copyright 없는 파일 수 / 전체 파일 수 - - **Open Source Package File**: sbom-info*.yaml 또는 oss-pkg-info*.yaml 파일 리스트 - - **Tool Info** - - **Analysis path**: 분석 진행한 path - - **OS**: FOSSLight Prechecker가 실행된 OS 버전 - - **Python version**: FOSSLight Prechecker가 실행된 Python 버전 - - **fosslight_prechecker version**: FOSSLight Prechecker 버전 - ->
->파일 개수 산정 시, 제외 항목 -> -> - 숨김 파일 -> - 파일 내 Code가 전혀 없는 파일 -> - .gitignore에 정의된 파일 -> - git repo 기준 untracked 파일 -> - FOSSLight의 산출물 -> - sbom-info.yaml 또는 oss-pkg-info.yaml 내에 exclude가 True인 path ->
-
- -{::options parse_block_html="false" /} - -
- Demo 영상 (lint) - demo video for lint mode -
- - -### 🔖 convert mode -**1) Path 내 존재하는 sbom-info.yaml 또는 oss-pkg-info.yaml (여러개인 경우 전체 해당) -> fosslight_report.xlsx 변환 예시** -``` -$ fosslight_prechecker convert -p tests/ -``` - -**2) 실행 결과 파일 예시** -{::options parse_block_html="true" /} ->
-> oss-pkg-info.yaml 파일 -> yaml 파일 내 경로 작성 시, 특수 문자({, }, [, ], &, *, #, ?, |, -, <, >, =, !, %, @)로 시작하는 경우 쌍따옴표("")를 사용하여 작성해주시기 바랍니다. - ```yaml - glibc: - - version: '2.3' - source name or path: - - tests/b.c - - tests/a.c - license: - - GPL-3.0 - - LGPL-2.1 - download location: https://github.com/fsfe/glibc - dbus: - - version: '1.3' - source name or path: - - tests/src/* - license: - - GPL-2.0 - download location: https://github.com/fsfe/dbus - copyright text: 'Copyright (c) 2020 Test Copyright (c) 2020 Sample' - reuse-tool: - - version: '' - source name or path: - - tests/ - license: - - MIT - download location: https://github.com/fsfe/reuse - homepage: http://google.com - copyright text: Copyright (c) 2020 Test - build-tool: - - version: '' - source name or path: - - tests/ - license: - - Apache-2.0 - download location: http://gihub.com/bazel - exclude: true -``` ->
- ->
-> fosslight_report.xlsx 파일 -FOSSLight Report ->
- -
-Demo 영상 (convert) -demo video for convert mode -
-{::options parse_block_html="false" /} - - -### 🔖 add mode -**1) 특정 경로 내 파일에 저작권과 라이선스 추가 예시** -``` -(venv)$ fosslight_prechecker add -p tests/add -c "2019-2021 LG Electronics Inc." -l "GPL-3.0-only" -u "https://www.testurl.com" -``` - -**2) 특정 파일에 저작권과 라이선스 추가 예시** -``` -(venv)$ fosslight_prechecker add -p "tests/add/test_both_have_1.py,tests/add/test_both_have_2.py,tests/add/test_no_copyright.py,tests/add/test_no_license.py" -c "2019-2021 LG Electronics Inc." -l "GPL-3.0-only" -u "https://www.testurl.com" -``` - -**3) 실행 결과** -▪️ 파일 변경 사항 : 상단에 저작권과 라이선스 추가 - -|Before |After | -|:---------------|:--------------| -|![Before](images/fosslight_reuse_add_test.JPG)|![After](images/fosslight_prechecker_add_test_result.JPG)| - -```bash - # File list that have both license and copyright : 3 / 7 - # __init__.py - * License: - * Copyright: - - # test_both_have_1.py - * License: GPL-3.0-only - * Copyright: SPDX-FileCopyrightText: Copyright 2019-2021 LG Electronics Inc. - - # test_both_have_2.py - * License: MIT - * Copyright: SPDX-FileCopyrightText: Copyright (c) 2011 LG Electronics Inc. - - # Missing license File(s) - * test_no_license.py - * Your input license : GPL-3.0-only - Successfully changed header of tests/add_result/test_no_license.py - - # Missing Copyright File(s) - * test_no_copyright.py - * Your input Copyright : Copyright 2019-2021 LG Electronics Inc. - Successfully changed header of tests/add_result/test_no_copyright.py - - # Adding Download Location into your files - * Your input DownloadLocation : https://www.testurl.com - Successfully changed header of tests/add_result/test_no_copyright.py - Successfully changed header of tests/add_result/test_no_license.py - Successfully changed header of tests/add_result/test_both_have_1.py - Successfully changed header of tests/add_result/test_both_have_2.py -``` - -
- Demo 영상 (add) - demo video for add mode -
- - -## 🔍 동작 방식 -### 🔖 lint mode -1. OSS Package Information 파일 존재 여부 체크 -
- 하기 파일 중 1개 이상 존재하는지 체크 (대소문자 구분 없음) -
    -
  • sbom-info.yaml (or .yml)
    • -
  • oss-pkg-info.yaml (or .yml
    • -
  • requirement.txt
    • -
  • requirements.txt
    • -
  • package.json
    • -
  • pom.xml
    • -
  • build.gradle
    • -
  • Podfile.lock
    • -
  • Cartfile.resolved
    • -
  • pubspec.yaml
    • -
  • Package.resolved
    • -
  • go.mod
    • -
  • packages.config
    • -
  • package.assets.json
    • -
  • oss-package.info
    • -
  • "MODULE_LICENSE_ "로 시작하는 파일
    • -
-
- -2. fsfe-reuse lint 실행 - 2-1. path 단위로 실행하는 경우 - - ./reuse/dep5 파일 없으면 생성 - - ./reuse/dep5 파일이 이미 존재하는 경우 bk 파일을 복사하고 기본 설정값 추가 - - dep5 파일 생성하여 binary 또는 .json, venv/, node_modules/,. */ 파일을 체크 대상에서 제외시킴 - - fsfe-reuse lint 실행 (OSS Package Information file이 존재하면, license 정보 없는 파일 목록은 출력하지 않음) - - ./reuse/dep5 파일을 원래대로 복구 (원래 존재한 경우 기존 파일로 복구, 존재하지 않은 경우 삭제) - - 2-2. file 단위로 실행하는 경우 - - 파일별 저작권, License 출력 - - 단, 파일이 존재하지 않거나 파일이 binary 또는 .json인 경우 출력되지 않음 -3. 결과를 출력하여 지정한 포맷으로 파일로 저장(Default : yaml) - -### 🔖 convert mode -1. 변환할 파일의 존재 여부 확인 - * 파일 예시 : [sbom-info.yaml][sbom_info], [oss-pkg-info.yaml][oss_pkg_info] - -[sbom_info]: https://github.com/fosslight/fosslight_prechecker/blob/main/tests/convert/sbom-info.yaml -[oss_pkg_info]: https://github.com/fosslight/fosslight_prechecker/blob/main/tests/convert/oss-pkg-info.yaml - -2. 파일을 변환 - 2-1. Path 단위로 실행하는 경우 - - 경로 내 존재하는 모든 sbom-info.yaml 또는 oss-pkg-info.yaml 파일을 fosslight_report.xlsx로 변환 - - 2-2. 입력한 파일을 변환  - - 입력한 yaml 파일을 fosslight_report.xlsx로 변환 - - 단, -o 로 output file 명을 지정한 경우 해당 이름으로 결과 파일이 생성 - - -### 🔖 add mode -1. 추가할 저작권과 라이선스 확인 -2. 저작권과 라이선스 탐색 및 추가 - - 저작권과 라이선스가 모두 존재하는 파일 리스트 출력(Add 대상에서 제외) - - -c와 -l 옵션을 이용하여 저작권 또는 라이선스가 없는 파일의 상단에 저작권과 라이선스를 추가 - - -u 옵션을 이용하여 Download Location을 파일의 상단에 추가 diff --git a/scanner/2_source.md b/scanner/2_source.md deleted file mode 100644 index 8e2c5cbc..00000000 --- a/scanner/2_source.md +++ /dev/null @@ -1,114 +0,0 @@ ---- -published: true ---- -# FOSSLight Source Scanner - -FOSSLight Source is released under the Apache-2.0 License. Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_source_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_source_scanner) - -[**FOSSLight Source Scanner**](https://github.com/fosslight/fosslight_source_scanner)는 소스 코드 스캐너인 [ScanCode][sc], [SCANOSS][scanoss]를 이용합니다. [ScanCode][sc]를 이용하면 파일 안에 포함된 Copyright과 License 문구를 검출하고, [SCANOSS][scanoss]를 이용하면 OSS Name, OSS Version, Download Location, Copyright, License 정보를 [OSSKB][osskb]에서 검색합니다. -Build Script, Binary, Directory, 특정 Directory (ex-test) 안의 파일은 제외되고, 그리고 License 이름에서 "-only", "-old-style"와 같은 문구는 제거됩니다. 결과는 spreadsheet, csv 형태로 출력됩니다. - -[sc]: https://github.com/nexB/scancode-toolkit -[scanoss]: https://github.com/scanoss/scanoss.py -[osskb]: https://osskb.org/ - -**Github Repository** : [https://github.com/fosslight/fosslight_source_scanner](https://github.com/fosslight/fosslight_source_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_source_scanner/blob/main/LICENSE) - -## 목차 - - [필요 조건](#-필요-조건) - - [설치 방법](#-설치-방법) - - [실행 방법](#-실행-방법) - - [1. fosslight_source](#1-fosslight_source) - - [2. fosslight_convert](#2-fosslight_convert) - - [결과](#-결과) - -## 📋 필요 조건 -[**FOSSLight Source Scanner**](https://github.com/fosslight/fosslight_source_scanner)는 Python 3.8+ 기반에서 동작합니다. - - -## 🎉 설치 방법 -FOSSLight Source Scanner는 pip3를 이용하여 설치할 수 있습니다. -[python 3.8 + virtualenv](etc/guide_virtualenv.md) 환경에서 설치할 것을 권장합니다. - -``` -$ pip3 install fosslight_source -``` - -## 🚀 실행 방법 -### 1. fosslight_source -Source Code 분석을 실행한 후 FOSSLight Report 형식으로 출력합니다. -```` -$ fosslight_source [option] -```` -#### Options -``` - Optional - -p Path to analyze source (Default: current directory) - -h Print help message - -v Print FOSSLight Source Scanner version - -m Print additional information for scan result on separate sheets - -o Output path (Path or file name) - -f Output file format (excel, csv, opossum, yaml) - Options only for FOSSLight Source Scanner - -s Select which scanner to be run (scancode, scanoss, all) - -j Generate raw result of scanners in json format - -t Stop scancode scanning if scanning takes longer than a timeout in seconds. - -c Select the number of cores to be scanned with ScanCode. -``` --s 옵션이 추가되지 않을 경우 모든 Scanner (ScanCode, SCANOSS)가 동작한 결과가 취합됩니다. - -#### Example -Source Code 분석 후 FOSSLight Report와 json 형태의 ScanCode, SCANOSS 결과 출력 -``` -$ fosslight_source -p /home/source_path -j -``` - -### 2. fosslight_convert -json형태인 ScanCode 결과를 FOSSLight Report 형식으로 변환합니다. -```` -$ fosslight_convert [option] -```` -#### Options -``` - Optional - -p Path to analyze source (Default: current directory) - -h Print help message - -v Print FOSSLight Source Scanner version - -m Print additional information for scan result on separate sheets - -o Output path (Path or file name) - -f Output file format (excel, csv, opossum, yaml) - Options only for FOSSLight Source Scanner - -s Select which scanner to be run (scancode, scanoss, all) - -j Generate raw result of scanners in json format - -t Stop scancode scanning if scanning takes longer than a timeout in seconds. - -c Select the number of cores to be scanned with ScanCode. - --no_correction Enter if you don't want to correct OSS information with sbom-info.yaml - --correct_fpath Path to the sbom-info.yaml file -``` -#### Example -json 형태의 ScanCode 결과를 FOSSLight Report 형식으로 변환 -``` -$ fosslight_convert -p /home/jsonfile_dir -``` - -## 📁 결과 - -``` -$ tree -. -├── fosslight_log_220103_1540.txt -├── fosslight_opossum_220103_1540.json -├── fosslight_report_220103_1540.xlsx -├── fosslight_report_220103_1540.csv -├── scancode_raw_result.json -├── scanner_output.wfp -└── scanoss_raw_result.json -``` -- fosslight_log_[datetime].txt : 실행 로그가 저장된 파일 -- fosslight_opossum_[datetime].json : [OpossumUI](https://github.com/opossum-tool/OpossumUI)에서 활용 가능한 Source Code 분석 결과 -- fosslight_report_[datetime].xlsx : FOSSLight Report 형태의 Source Code 분석 결과 -- fosslight_report_[datetime].csv : FOSSLight Report를 csv로 출력한 결과 -- scancode_raw_result.json : ScanCode 실행 결과 (fosslight_source 명령어에 -j 옵션이 포함된 경우에만 생성) -- scanner_output.wfp : SCANOSS 실행 시 생성된 Finger Print (fosslight_source 명령어에 -j 옵션이 포함된 경우에만 생성) -- scanoss_raw_result.json : SCANOSS 실행 결과 (fosslight_source 명령어에 -j 옵션이 포함된 경우에만 생성) diff --git a/scanner/3_dependency.md b/scanner/3_dependency.md deleted file mode 100644 index 1d6a25e1..00000000 --- a/scanner/3_dependency.md +++ /dev/null @@ -1,461 +0,0 @@ ---- -published: true -title: FOSSLight Dependency Scanner ---- -# FOSSLight Dependency Scanner - -License Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_dependency_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency_scanner) - -[**FOSSLight Dependency Scanner**](https://github.com/fosslight/fosslight_dependency_scanner)는 여러 패키지 매니저에 대한 종속성 분석을 지원하는 도구입니다. 패키지 매니저의 Manifest 파일을 자동으로 감지하고 오픈 소스 도구를 사용하여 종속성을 분석합니다. 그 후 종속성의 OSS 정보가 포함된 보고서 파일을 생성합니다. - -{::options parse_block_html="true" /} -
-지원하는 Package Manager -- [Gradle](https://gradle.org/) (Java/Android) -- [Maven](http://maven.apache.org/) (Java) -- [NPM](https://www.npmjs.com/) (Node.js) -- [PyPi](https://pip.pypa.io/) (Python) -- [Pub](https://pub.dev/) (Dart with flutter) -- [Cocoapods](https://cocoapods.org/) (Swift/Obj-C) -- [Swift](https://swift.org/package-manager/) (Swift) -- [Carthage](https://github.com/Carthage/Carthage) (Carthage) -- [Go](https://pkg.go.dev/) (Go) -- [Nuget](https://www.nuget.org/) (.NET) -- [Helm](https://helm.sh/) (Kubernetes) -
-{::options parse_block_html="false" /} - -**Github Repository** : [https://github.com/fosslight/fosslight_dependency_scanner](https://github.com/fosslight/fosslight_dependency_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_dependency_scanner/blob/main/LICENSE) - -## 목차 - - [필요 조건](#-필요-조건) - - [설치 방법](#-설치-방법) - - [실행 방법](#-실행-방법) - - [결과](#-결과) - - [동작 방식](#-동작-방식) - - [패키지별 지원 레벨](#-패키지별-지원-레벨) - - -## 📋 필요 조건 -각 패키지 매니저마다 다른 오픈소스 소프트웨어를 이용하여 Dependency 분석을 수행하고 있습니다. 이에 분석하고자 하는 패키지 매니저에 따라 각각의 Prerequisite 단계를 수행하시기 바랍니다. - -{::options parse_block_html="true" /} -
-**Prerequisite for NPM** -1. Npm dependency 분석을 수행하기 위해 NPM License Checker를 설치합니다. -``` -$ npm install -g license-checker -``` - > license-checker를 전역 패키지로 설치하기 위해서는, 반드시 '-g' option을 추가해 주어야 합니다. 만약 'sudo' 권한이 없는 경우, 다음 명령어를 통해 전역 모듈이 설치되는 기본 path를 변경하여 이용하실 수 있습니다. -``` -$ npm set prefix ~/.npm -$ PATH=~/.npm/bin:$PATH -``` - -2. dependency를 설치하기 위해 다음 명령어를 실행합니다. (optional) -``` -$ npm install -``` - > 아래 케이스 중 해당하는 경우, 이 단계는 skip 가능합니다. - > - package.json 파일이 input directory에 존재하는 경우 : FOSSLight Dependency Scanner에서 자동으로 패키지 설치하여 실행 가능합니다. - > - 이미 dependency들이 설치된 node_modules 디렉토리가 존재하는 경우 : node_modules폴더가 존재하는 path를 input directory로 설정하여 실행 가능합니다. -
- -
-**Prerequisite for Gradle** -1. 'build.gradle' 파일에 License Gradle Plugin을 추가합니다. -``` -plugins { - id 'com.github.hierynomus.license' version '0.16.1' // gradle 버전이 6.x 이하인 경우에는 version '0.15.0'을 이용해야 합니다. -} -downloadLicenses { - includeProjectDependencies = true - dependencyConfiguration = 'runtimeClasspath' // gradle 버전이 4.6 이하인 경우에는 'runtimeClasspath' 대신 'runtime'으로 추가합니다. -} -``` - -2. 'downloadLicenses' task를 실행합니다. -``` -$ gradlew downloadLicenses -``` -
- -
-**Prerequisite for Android (gradle)** -1. 'build.gradle' 파일에 android-dependency-scanning Plugin을 추가합니다. -``` -buildscript { - repositories { - mavenCentral() - } - dependencies { - classpath 'org.fosslight:android-dependency-scanning:1.0.0' - } -} -``` - -2. 플러그인이 적용되는 app 디렉토리 내에 위치한 build.gradle 파일 내에 다음과 같이 추가합니다. -``` -apply plugin: 'org.fosslight' -``` - -3. 'generateLicenseTxt' task를 실행합니다. -``` -$ gradlew generateLicenseTxt -``` -
- -
-**Prerequisite for Pypi** -```tip -- 시스템 내 전역으로 설치된 파이썬 dependency로부터 분석하고자 하는 프로젝트 dependency를 분리하기 위해 가상환경을 설정하여 이용하기를 권장합니다. -- 만약 input path내 requirements.txt가 존재한다면, FOSSLight Dependency Scanner가 자동으로 dependency 설치하여 분석 실행 가능하므로, prerequisite단계는 skip합니다. -``` - -1. 가상환경을 생성하고 활성화합니다. -``` -// virtualenv example -$ virtualenv -p /usr/bin/python3.7 venv -$ source venv/bin/activate -// conda example -$ conda create --name {venv name} -$ conda activate {venv name} -``` -2. 가상환경 내 분석하고자 하는 프로젝트에서 사용된 패키지를 설치합니다. -3. FOSSLight Dependency Scanner 실행 시, '-a', '-d' 옵션을 이용하여 해당 가상환경 activate, deactivate 명령어를 추가합니다. -
- -
-**Prerequisite for Maven** -```tip -Maven의 경우, input directory에 pom.xml 파일이 존재하는 경우, plugin 추가 및 실행을 FOSSLight Dependency Scanner 내부에서 자동으로 수행하므로 다음은 skip하셔도 됩니다. -``` -
    -
  1. pom.xml 파일에 license-maven-plugin을 추가합니다.
    2. -
    -<project>
-  ...
-  <build>
-  ...
-    <plugins>
-    ...
-      <plugin>
-        <groupId>org.codehaus.mojo</groupId>
-        <artifactId>license-maven-plugin</artifactId>
-        <version>2.0.0</version>
-        <executions>
-          <execution>
-            <id>aggregate-download-licenses</id>
-            <goals>
-              <goal>aggregate-download-licenses</goal>
-            </goals>
-          </execution>
-        </executions>
-      </plugin>
-    </plugins>
-    ...
-  </build>
-  ...
-</project>
-
    - -
  2. license-maven-plugin task를 실행합니다.
    3. -
    -$ mvnw license:aggregate-download-licenses
-
    -
-
- -
-**Prerequisite for Pub** -> FOSSLight Dependency Scanner 실행하는 환경에서 flutter pub 명령어 사용 가능하지 않은 경우, flutter pub 사용 가능한 환경에서 미리 아래 과정을 수행하시기 바랍니다. -1. pubspec.yaml 파일 내 dev_dependencies에 flutter_oss_licenses 2.0.1버전을 추가합니다. (optional) -``` -dev_dependencies: - flutter_oss_licenses: ^2.0.1 -``` -2. 다음 명령어를 통해 flutter_oss_licenses를 실행합니다. (optional) -``` -$ flutter pub get -$ flutter pub deps --no-dev > tmp_no_deps_result.txt -$ flutter pub deps --json > tmp_deps.json -$ flutter pub deps --no-dev -s compact > tmp_no_dev_deps.txt -$ flutter pub run flutter_oss_licenses:generate.dart -o tmp_flutter_oss_licenses.json --json -``` -3. 2번 수행 결과에서 생성된 파일이 존재하는 path에서 FOSSLight Dependency Scanner를 실행합니다. -
- -
-**Prerequisite for Cocoapods** -1. Podfile을 통해 pod package를 설치합니다. -``` -$ pod install -``` -
- -
-**Prerequisite for Swift** -1. Github personal access token을 생성하여 FOSSLight Dependency Scanner 실행 시 '-t' 파라미터로 사용합니다. 이 토큰은 Github repository의 license정보를 가져오기 위해 Github API를 사용하기 위해 필요합니다. -Token생성 방법은 [Github docs 가이드](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)를 참조하시기 바랍니다. -
- -
-**Prerequisite for Carthage** -1. 다음과 같이 패키지 설치 명령어를 수행하여 'Cartfile.resolved' 파일을 생성합니다. -``` -$ carthage update -``` -2. Github personal access token을 생성하여 FOSSLight Dependency Scanner 실행 시 '-t' 파라미터로 사용합니다. 이 토큰은 Github repository의 license정보를 가져오기 위해 Github API를 사용하기 위해 필요합니다. -Token생성 방법은 [Github docs 가이드](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)를 참조하시기 바랍니다. -
- -
-**Prerequisite for Go** -```tip -Go의 경우, go module에 한해 dependency 분석을 지원합니다. FOSSLight Dependency Scanner 내부에서 자동으로 'go list -m all' 명령어를 수행하여 dependency 목록을 얻은 뒤, license, repository와 같은 오픈소스 정보를 취합하고 있습니다. 이에 별도의 prerequisite단계없이, 바로 fosslight_dependency 명령어 실행하여 이용하실 수 있습니다. -``` -
- -
-**Prerequisite for Nuget** -```tip -FOSSLight Dependency Scanner 내부에서 packages.config 파일 또는 PackageReference형태로 이용하는 경우 obj/project.assets.json 파일을 통해 패키지 목록을 확인하고, nuget api를 통해 license, repository와 같은 오픈소스 정보를 취합하고 있습니다. 이에 별도의 prerequisite단계없이, 바로 fosslight_dependency 명령어 실행하여 이용하실 수 있습니다. -``` -
- -
-**Prerequisite for Helm** -```tip -FOSSLight Dependency Scanner 내부에서 Chart.yaml 파일과 helm dependency build 명령어를 통해 패키지 목록 및 license, repository와 같은 오픈소스 정보를 취합하고 있습니다. 이에 별도의 prerequisite단계없이, 바로 fosslight_dependency 명령어 실행하여 이용하실 수 있습니다. -``` -
-{::options parse_block_html="false" /} - -## 🎉 설치 방법 - -FOSSLight Dependency Scanner는 pip3를 이용하여 설치할 수 있습니다. -[python 3.7 + virtualenv](etc/guide_virtualenv.md) 환경에서 설치할 것을 권장합니다. - -``` -$ pip3 install fosslight_dependency -``` - - -## 🚀 실행 방법 - -FOSSLight Dependency Scanner는 패키지 매니저에 따라 다음 option들을 이용하여 실행할 수 있습니다. - -``` -$ fosslight_dependency [option] -``` -### Options -``` - Optional - -h Print help message. - -v Print the version of the script. - -m Enter the package manager. - (npm, maven, gradle, pypi, pub, cocoapods, android, swift, carthage, go, nuget, helm) - -p Enter the path where the script will be run. - -o Output path - (If you want to generate the specific file name, add the output path with file name.) - -f Output file format (excel, csv, opossum, yaml, spdx-tag, spdx-yaml, spdx-json, spdx-xml) - --direct Print the direct/transitive dependency type in comment. - Choice 'True' or 'False'. (default:True) - --notice Print the open source license notice text. - - Required only for swift, carthage - -t Enter the github personal access token. - - Optional only for pypi - -a Virtual environment activate command(ex, 'conda activate (venv name)') - -d Virtual environment deactivate command(ex, 'conda deactivate') - - Optional only for gradle, maven - -c Enter the customized build output directory name - -Default name : 'build' for gradle, 'target' for maven - - Optional only for android - -n Enter the application directory name where the plugin output file is located(default: app) - -``` - -### Tips to run -FOSSLight Dependency Scanner 실행 시, input path('-p' 옵션)는 dependency 분석을 수행하고자 하는 패키지 매니저의 manifest 파일이 존재하는 프로젝트의 top directory로 지정해 주어야 합니다. -각 패키지 매니저별 manifest 파일은 다음과 같습니다. -``` - - Npm : package.json - - Pypi : requirements.txt / setup.py - - Maven : pom.xml - - Gradle (Android) : build.gradle - - Pub : pubspec.yaml - - Cocoapods : Podfile - - Swift : Package.resolved - - Carthage : Cartfile.resolved - - Go : go.mod - - Nuget : packages.config / {project name}.csproj - - Helm : Chart.yaml -``` - -- Swift package manager - - 예외적으로 Swift package manager는 {프로젝트명}.xcodeproj 파일이 위치한 path에서 "fosslight_dependency -m swift -t {token}" 명령어를 실행하실 수 있습니다. - - 이 경우에는 {프로젝트명}.xcodeproj/project.xcworkspace/xcshareddata/swiftpm path에서 'Package.resolved' 파일을 자동으로 찾고 프로그램이 실행됩니다. - -## 📁 결과 -``` -$ tree -. -├── fosslight_report_dep_210503_0039.xlsx -├── fosslight_log_210503_0039.txt -└── fosslight_opossum_210503_0039.json -``` -- fosslight_report_dep_[datetime].xlsx : FOSSLight Report 형태의 Dependency 분석 결과 -- fosslight_log_dep_[datetime].txt: 실행 로그가 저장된 파일 -- fosslight_opossum_dep_[datetime].json : [OpossumUI](https://github.com/opossum-tool/OpossumUI)에서 활용 가능한 Dependency 분석 결과 (-f opossum 결과) - -### 결과 파일 내용 -FOSSLight Report 결과 파일에는 transitive dependency들을 포함한 모든 분석된 dependency들의 manifest 파일을 기반으로 OSS 정보가 기록됩니다. -이때, 고유한 OSS명을 작성하기 위해, OSS명은 (패키지 매니저):(OSS명) 또는 (group id):(artifact id) 양식으로 기록됩니다. - -| Package manager | OSS Name | Download Location | Homepage | -| ------------------------------ | ------------------------ | -------------------------------------------------------------------------------------------------- | --------------------------------------------------- | -| Npm | npm:(oss name) | 우선순위1. repository in package.json
우선순위2. npmjs.com/package/(oss name)/v/(oss version) | npmjs.com/package/(oss name) | -| Pypi | pypi:(oss name) | pypi.org/project/(oss name)/(version) | homepage in (pip show) information | -| Maven
& Gradle
& Android | (group_id):(artifact_id) | mvnrepository.com/artifact/(group id)/(artifact id)/(version) | mvnrepository.com/artifact/(group id)/(artifact id) | -| Pub | pub:(oss name) | pub.dev/packages/(oss name)/versions/(version) | homepage in (pub information) | -| Cocoapods | cocoapods:(oss name) | source in (pod spec information) | cocoapods.org/pods/(oss name) | -| Swift | swift:(oss name) | repositoryURL in Package.resolved | repositoryURL in Package.resolved | -| Carthage | carthage:(oss name) | github repository in Cartfile.resolved | github repository in Cartfile.resolved | -| Go | go:(oss name) | pkg.go.dev/(oss name)@(oss version) | repository in pkg.go.dev/(oss name)@(oss version) | -| Nuget | nuget:(oss name) | 우선순위1. repository in nuget.org/packages/(oss name)/(oss version)
우선순위2. projectUrl in nuget.org/packages/(oss name)/(oss version)
우선순위3. nuget.org/packages/(oss name)/(oss version) | nuget.org/packages/(oss name) | -| Helm | helm:(oss name) | first url of sources in (Chart.yaml) | home in (Chart.yaml) | - -```warning -- Npm, Maven, gradle의 결과 파일 내용 중, Local path나 local repository를 통해 설치된(npmjs.com / mvnrepository에 배포되지 않은) 패키지의 경우, download location이 실제와 다를 수 있습니다. -- Helm은 root 프로젝트의 Chart.yaml파일에 작성된 dependencies 항목에 대해서만 출력 가능하며, 각 dependency의 dependency 항목 출력은 현재 지원하지 않고 있습니다. 또한, 'helm dependency build' 명령어 수행 후 charts/ 디렉토리 내 다운로드된 .tgz 파일 내 Chart.yaml 파일 정보에서 각 dependency의 OSS 정보를 얻어오고 있습니다. -따라서 Chart.yaml에 License 또는 Homepage와 같은 정보가 누락된 경우, 해당 정보 얻어올 수 없기에 사용자가 수기로 확인 및 보완하는 작업이 필요합니다. -``` - -## 🧐 동작 방식 -FOSSLight Dependency Scanner는 패키지 매니저에 따른 dependency를 분석하기 위해 오픈 소스 소프트웨어를 활용합니다. 이때 활용되는 오픈 소스 소프트웨어는 direct dependency뿐만 아니라 transitive dependency까지 추출 가능하며, 오픈소스명, 버전, 라이선스명을 추출 가능합니다. - -각 패키지 매니저별 사용하는 소프트웨어는 다음과 같습니다: - -- NPM : [NPM License Checker](https://github.com/davglass/license-checker) -- Pypi : [pip-licenses](https://github.com/raimon49/pip-licenses) -- Gradle : [License Gradle Plugin](https://github.com/hierynomus/license-gradle-plugin) -- Maven : [license-maven-plugin](https://github.com/mojohaus/license-maven-plugin) -- Pub : [flutter_oss_licenses](https://github.com/espresso3389/flutter_oss_licenses) -- Android(gradle) : [android-dependency-scanning](https://github.com/fosslight/android-dependency-scanning) - -이에 패키지 매니저마다 각기 다른 오픈 소스 소프트웨어를 활용함으로써, FOSSLight Dependency Scanner를 실행하기 위해 패키지 매니저별 **Prerequisite** 단계를 먼저 수행해야 합니다. - -## 👀 패키지별 지원 레벨 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Language/
Project		Package ManagerManifest fileDirect dependenciesTransitive dependenciesRelationship of dependencies
(Dependencies of each dependency)
JavascriptNpmpackage.jsonOOO
JavaGradlebuild.gradleOOO
Mavenpom.xmlOOO
Java (Android)Gradlebuild.gradleOOO
ObjC, Swift (iOS)CocoapodsPodfile.lockOOO
CarthageCartfile.resolvedOOX
Swift (iOS)SwiftPackage.resolvedOOO
Dart, FlutterPubpubspec.yamlOOO
GoGogo.modOOO
PythonPypirequirements.txt, setup.pyOOO
.NETNugetpackages.config, obj/project.assets.jsonOOO
KubernetesHelmChart.yamlOXX
diff --git a/scanner/4_binary.md b/scanner/4_binary.md deleted file mode 100644 index bf087664..00000000 --- a/scanner/4_binary.md +++ /dev/null @@ -1,98 +0,0 @@ ---- -published: true ---- -# FOSSLight Binary Scanner - -FOSSLight Binary is released under the Apache-2.0. Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_binary_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_binary_scanner) - -[**FOSSLight Binary Scanner**](https://github.com/fosslight/fosslight_binary_scanner)는 Binary를 찾아 출력하고 Binary DB에 동일하거나 비슷한 Binary가 있으면 해당 OSS 정보를 출력합니다. -jar 파일에 대한 오픈 소스 분석 시, 오픈 소스인 [**Dependency-check-py**](https://github.com/jhermann/dependency-check-py)를 이용합니다. - -**Github Repository** : [https://github.com/fosslight/fosslight_binary_scanner](https://github.com/fosslight/fosslight_binary_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_binary_scanner/blob/main/LICENSE) - -## 목차 -- [필요 조건](#-필요-조건) -- [설치 방법](#-설치-방법) -- [실행 방법](#-실행-방법) -- [결과](#-결과) -- [동작 방식](#-동작-방식) - - -## 📋 필요 조건 -[**FOSSLight Binary Scanner**](https://github.com/fosslight/fosslight_binary_scanner)는 Python 3.7+ 기반에서 동작합니다. -OSS 정보(OSS Name, OSS Version, License)를 Binary DB로부터 추출하는 기능을 사용하려면 [DB 세팅 가이드](etc/binary_db.md)를 참고하세요. - -Jar 파일에 대한 분석을 위해서는 [**Java**](https://openjdk.java.net)를 설치해야 합니다.(Open Source JDK를 설치) - -## 🎉 설치 방법 -### 방법 1. 실행 파일 다운로드 -OS(Operating System)에 맞는 실행 파일을 다운로드 받습니다. - - [FOSSLight Binary Scanner - Release](https://github.com/fosslight/fosslight_binary_scanner/releases) - -단, 지원하지 않는 OS인 경우 '방법 2'로 설치합니다. - -### 방법 2. Python 환경 기반 fosslight_binary 설치 -0. (windows의 경우) https://visualstudio.microsoft.com/ko/vs/older-downloads/ > 재배포 가능 패키지 및 빌드 도구에서 Microsoft Build Tools 설치 -1. [python 3.7 + virtualenv](etc/guide_virtualenv.md) 환경 세팅 -2. Python package인 fosslight_binary 설치 -``` -$ pip3 install fosslight_binary -``` - -## 🚀 실행 방법 -### 방법 1. windows에서 실행 파일로 실행하는 경우 -binary 분석할 path에 fosslight_bin_windows.exe 파일 위치시킨 후, 더블 클릭하여 실행합니다. - -### 방법 2. 그 외, command로 실행하는 경우 -```` -$ fosslight_binary [option] -```` - -### Options -```` - Options: - -p Path to analyze binaries (Default: current directory) - -h Print help message - -v Print FOSSLight Binary Scanner version - -s Extract only the binary list in simple mode - -o Output path - (If you want to generate the specific file name, add the output path with file name.) - -f Output file format (excel, csv, opossum, yaml) - -d DB Connection(format :'postgresql://username:password@host:port/database_name') - --notice Print the open source license notice text. - --no_correction Enter if you don't want to correct OSS information with sbom-info.yaml - --correct_fpath Path to the sbom-info.yaml file -```` - -## 📁 결과 - -``` -$ tree -. -├── fosslight_binary_220904_0912.txt -├── fosslight_log_220904_0912.txt -├── fosslight_report_220904_0912.xlsx -└── fosslight_opossum_220904_0912.json - -``` -- fosslight_binary_[datetime].txt : Binary별 checksum, tlsh 값이 출력된 결과 -- fosslight_log_[datetime].txt : 실행 log -- fosslight_report_[datetime].xlsx : FOSSLight binary의 결과 (FOSSLight Report 형태) - - jar 파일 분석 시, Vulnerability Link Column이 FOSSLight-Report_[datetime].xlsx에 추가 됨. -- fosslight_opossum_[datetime].json : [OpossumUI](https://github.com/opossum-tool/OpossumUI)에서 활용 가능한 Binary 분석 결과 - -## 🧐 동작 방식 -1. 하기 사항을 제외하고 Binary를 추출합니다. - 1-0. symbolic link, FIFO 파일 - 1-1. 파일 extension : ['png', 'gif', 'jpg', 'bmp', 'jpeg', 'qm', 'xlsx', 'pdf', 'ico', 'pptx', 'jfif', 'docx', - 'doc', 'whl', 'xls', 'xlsm', 'ppt', 'mp4', 'pyc', 'plist'] - 1-2. 파일 Type : ['data','timezone data', 'apple binary property list'] - 1-3. 경로 : ['.git'] -2. 하기 사항에 대하여 FOSSLight Report에 "Exclude"를 체크합니다. - - Binary가 ['fosslight_bin', 'fosslight_bin.exe']에 포함되는 경우 - - 경로가 ["test", "tests", "doc", "docs"]에 포함되는 경우 - - directory가 숨긴 폴더인 경우 (폴더명이 .로 시작하는 경우) -3. Binary별 checksum과 tlsh를 출력합니다. -4. OSS 정보를 Binary DB로 부터 불러옵니다. -5. Output 파일을 생성합니다. diff --git a/scanner/5_yocto.md b/scanner/5_yocto.md deleted file mode 100644 index 4fd162c8..00000000 --- a/scanner/5_yocto.md +++ /dev/null @@ -1,145 +0,0 @@ ---- -published: true ---- -# FOSSLight Yocto Scanner - -FOSSLight Yocto is released under the Apache-2.0. Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_yocto_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_yocto_scanner) - -[**FOSSLight Yocto Scanner**](https://github.com/fosslight/fosslight_yocto_scanner)는 Yocto Project에 기반하여 build 시, rootfs 이미지에 포함되는 Package에 대한 OSS 정보를 FOSS Report형식으로 출력해주는 Python Script입니다. - -- Package별 OSS 정보 출력 방법 : Recipe에 정의된 OSS 정보(OSS Name, OSS Version, LICENSE, Download Location)를 출력합니다. -이 때, OSS Name은 Recipe name으로 출력합니다. -- ⚠️**rootfs 이미지 외 target에 탑재되는 이미지 (ex- 커널, 부트로더)에 대해서는 Script가 OSS 정보를 출력해주지 않습니다.** 이에 대해서는 사용자가 직접 OSS Report에 OSS 정보를 추가해야 합니다. - -**Github Repository** : [https://github.com/fosslight/fosslight_yocto_scanner](https://github.com/fosslight/fosslight_yocto_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_yocto_scanner/blob/main/LICENSE) - -## 목차 -- [필요 조건](#-필요-조건) -- [설치 방법](#-설치-방법) -- [실행 방법](#-실행-방법) -- [결과](#-결과) -- [동작 방식](#-동작-방식) - - -## 📋 필요 조건 -[**FOSSLight Yocto Scanner**](https://github.com/fosslight/fosslight_yocto_scanner)는 Python 3.8+ 기반에서 동작합니다. -OSS 정보(OSS Name, OSS Version, License)를 Binary DB로부터 추출하는 기능을 사용하려면 [DB 세팅 가이드](etc/binary_db.md)를 참고하세요. - - -## 🎉 설치 방법 -0. (windows의 경우) https://visualstudio.microsoft.com/ko/vs/older-downloads/ > 재배포 가능 패키지 및 빌드 도구에서 Microsoft Build Tools 설치 -1. [python 3.8 + virtualenv](etc/guide_virtualenv.md) 환경 세팅 -2. Python package인 fosslight_yocto 설치 - ``` - $ pip3 install fosslight_yocto - ``` - -## 🚀 실행 방법 -### 방법 1. bom.bbclass를 이용하는 방법 - ---- -[bom.bbclass](https://github.com/fosslight/fosslight_yocto_scanner/blob/main/files_for_preparation/bom.bbclass) 를 이용하여 추출한 결과를 FOSSLight Yocto를 이용하여 OSS Report형태로 변환합니다. -- Sheet 별 출력 사항: - - SRC Sheet : Installed package 목록을 추출하고 OSS 정보를 출력합니다. - - BIN Sheet : rootfs image를 압축 해제한 폴더에서 binary를 추출한 후 binary별 OSS 정보를 출력합니다. - ---- - -#### 준비 사항 -1. build directory (ex-poky/build)로 이동한 후, conf/local.conf에 buildhistory와 bom을 inherit시킵니다. - ``` - $ cd poky/build - poky/build$ vi conf/local.conf - INHERIT += "buildhistory" - BUILDHISTORY_COMMIT = "1" - - INHERIT += "bom" - ``` -2. 최상위 directory 아래 meta/classes 디렉토리에 [bom.bbclass](https://github.com/fosslight/fosslight_yocto_scanner/blob/main/files_for_preparation/bom.bbclass) 파일을 다운로드합니다. - - meta/classes 가 없는 경우 build에 포함되는 meta layer의 classes폴더에 bom.bbclass를 다운로드합니다. - ``` - poky/meta/classes$ wget -O bom.bbclass "https://github.com/fosslight/fosslight_yocto_scanner/raw/main/files_for_preparation/bom.bbclass" - ``` - - yocto 2.5 이전 버전의 경우, --runall 기능을 지원하지 않아 build시 bom.bbclass를 출력하기 위하여 bom.bbclass를 하기와 같이 수정합니다. - ``` - addtask write_bom_info -> addtask write_bom_info before do_build - ``` -3. 이미지를 build한 후, write_bom_info를 실행합니다. - - yocto 2.5 이후 버전 - ``` - poky/build $ bitbake - poky/build $ bitbake --runall=write_bom_info (eg. bitbake --runall=write_bom_info core-image-minimal) - ``` - - yocto 2.5 이전 버전 - ``` - poky/build $ bitbake - ``` -4. ${TOPDIR}/에 bom.json 파일과 buildhistory 폴더가 생성됩니다. - -#### 실행 -fosslight_yocto 명령어를 실행합니다. -``` -$ fosslight_yocto -i [installed-package-names.txt] -b [bom.json] -p [buildhistory/packages] -a [path_to_binary_analysis] -``` - -- Options - ``` - Mandatory - -p Path of buildhistory/package - -b bom.json - -i installed-package-names.txt - - Optional - -h Print help message - -v Print FOSSLight yocto version - -y oss-pkg-info.yaml - -a Path to analyze the binaries - -n Print result in BIN(Android) format - -d Change license to declared license - -s Analyze source code for unconfirmed Open Source - -c Analyze all the source code - -e Compress all the source code - -o Output Path - -f Output file format (excel, csv, opossum) - ``` - -### 방법 2. meta-doubleopen을 이용하는 방법 ---- -[meta-doubleopen](https://github.com/doubleopen-project/meta-doubleopen)를 이용하여 spdx.json으로 추출하고 FOSSLight Yocto를 이용하여 FOSS Report 형식으로 변환합니다. -- Sheet 별 출력 사항: - - SRC_distributed: rootfs 이미지에 포함되는 Package - - SRC_recipe: build에 포함되는 Recipe - - SRC_not_distributed: rootfs 이미지에 포함되지 않는 Package - -- Package별 OSS 정보 출력 방법 : Recipe에 정의된 OSS 정보(OSS Name, OSS Version, LICENSE, Download Location, Homepage)를 출력합니다. 이 때, OSS Name은 Recipe name으로 출력합니다. - ---- - -#### 준비 사항 -[meta-doubleopen](https://github.com/doubleopen-project/meta-doubleopen)을 이용하여 이미지에 대한 spdx.json 파일을 생성합니다. - -#### 실행 -fosslight_doubleopen 명령어를 실행합니다. -``` -$ source venv/bin/activate -(.venv) $ fosslight_doubleopen -f core-image-minimal.spdx.json -``` -- Option f {[image].spdx.json} : meta-doubleopen 실행 결과 생성되는 spdx.json 파일 - -## 📁 결과 - -``` -$ tree -. -├── fosslight_yocto_220904_0912.txt -├── fosslight_log_220904_0912.txt -├── fosslight_report_220904_0912.xlsx -└── fosslight_opossum_220904_0912.json - -``` -- fosslight_yocto_[datetime].txt : Binary별 checksum, tlsh 값이 출력된 결과 -- fosslight_log_[datetime].txt : 실행 log -- fosslight_report_[datetime].xlsx : FOSSLight Yocto의 결과 (FOSSLight Report 형태) - - jar 파일 분석 시, Vulnerability Link Column이 FOSSLight-Report_[datetime].xlsx에 추가 됨. -- fosslight_opossum_[datetime].json : [OpossumUI](https://github.com/opossum-tool/OpossumUI)에서 활용 가능한 Binary 분석 결과 diff --git a/scanner/6_android.md b/scanner/6_android.md deleted file mode 100755 index 459b6dd4..00000000 --- a/scanner/6_android.md +++ /dev/null @@ -1,232 +0,0 @@ ---- -published: true ---- -# FOSSLight Android Scanner - -FOSSLight Android is released under the Apache-2.0. Current python package version. [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_android_scanner)](https://api.reuse.software/info/github.com/fosslight/fosslight_android_scanner) - -[**FOSSLight Android Scanner**](https://github.com/fosslight/fosslight_android_scanner)는 Android 모델에 탑재되는 Binary를 모두 나열하여 각 Binary별로 Open Source가 사용되었는지 확인하고, 고지해야 할 사항이 OSS 고지문(ex. NOTICE.html)에 적절하게 포함되었는지 확인하기 위해 수행합니다. - -**Github Repository** : [https://github.com/fosslight/fosslight_android_scanner](https://github.com/fosslight/fosslight_android_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_android_scanner/blob/main/LICENSE) - -## 목차 -- [필요 조건](#-필요-조건) -- [설치 방법](#-설치-방법) -- [실행 방법](#-실행-방법) -- [결과](#-결과) -- [추가 기능](#-추가-기능) - - -## 📋 필요 조건 -[**FOSSLight Android Scanner**](https://github.com/fosslight/fosslight_android_scanner)는 Python 3.8+ 기반에서 동작합니다. -OSS 정보(OSS Name, OSS Version, License)를 Binary DB로부터 추출하는 기능을 사용하려면 [DB 세팅 가이드](etc/binary_db.md)를 참고하세요. - -## 🎉 설치 방법 -1. [python 3.8 + virtualenv](etc/guide_virtualenv.md) 환경 세팅 -2. Python package인 fosslight_android 설치 - ``` - $ pip3 install fosslight_android - ``` - -## 🚀 실행 방법 -FOSSLight Android를 실행합니다. (이때, build 산출물 (/out directory) 및 build log file (android.log) 가 android source path 에 존재해야 합니다.) - -#### 준비 사항 -Android Build -Android 모델을 build clean 상태에서 build하여 산출물(/out directory) 및 build log(android.log)를 확보합니다. -``` -(Android native source build 예) -$ source ./build/envsetup.sh -$ make clean -$ lunch aosp_hammerhead-user -$ make -j4 2>&1 | tee android.log -``` - -{::options parse_block_html="true" /} -
-**Android 7.0 이전 version의 모델** - -Android 7.0 이전 version의 모델일 경우, 먼저 module-info.mk 파일을 build/core/tasks/하위에 위치시킨 후 build합니다. (build시 module-info.json 파일을 생성하게 하기 위함) - -``` -$ wget https://raw.githubusercontent.com/aosp-mirror/platform_build/android-cts-7.0_r33/core/tasks/module-info.mk -$ mv ./module-info.mk ./build/core/tasks -``` - -
- -#### 실행 -fosslight_android 명령어를 실행합니다. -이때, build 산출물 (/out directory) 및 build log file (android.log) 가 android source path 에 존재해야 합니다. - -``` -(venv)$ fosslight_android -s [android source path] -a [build log file name] -``` - -- Options - ``` - Options: - Mandatory - -s Path to analyze - -a The file must be located in the android source path. - - Optional - -h Print help message - -m Analyze the source code for the path where the license could not be found. - -p Check files that should not be included in the Packaging file. - -f Print result of Find Command for binary that can not find Source Code Path. - -t Collect NOTICE for binaries that are not added to NOTICE.html. - -d Divide needtoadd-notice.html by binary. - -i Disable the function to automatically convert OSS names based on AOSP. - -r result.txt file with a list of binaries to remove. - ``` - -## 📁 결과 -- fosslight_report_[datetime].xlsx : FOSSLight Android 분석 결과 (FOSSLight Report 형태) - - jar 파일 분석 시, Vulnerability Link Column이 FOSSLight-Report_[datetime].xlsx에 추가 됨. -- fosslight_binary_android_[datetime].txt : Binary별 checksum, tlsh 값이 출력된 결과 -- fosslight_log_[datetime].txt : 실행 log -- REMOVED_BIN_BY_DUPLICATION_[datetime].txt : output path내 binary name과 checksum이 동일한 파일이 2개 이상 존재하여 FOSSLight Report에서 중복 제거된 목록입니다. -더불어 -r 옵션으로 추가로 제거된 목록도 출력됩니다. - -| Column | 내용 | -|:-----------------|:----------------------------------------------------------------------------------------------| -| Binary Name | out directory 내 존재하는 Binary 목록 (binary, library, APK, font 등 ) | -| Source Code Path | Binary를 구성하는 Source Code의 Path 정보 (LOCAL_PATH) | -| NOTICE.html | NOTICE 파일에 Binary 정보가 표시되었는지 여부를 표시합니다. Open Source가 사용된 Binary라면, ok여야 합니다. | -| OSS Name | Binary DB 에서 load한 OSS 정보 또는 Android Open Source Project인 경우 해당 Repository 기반의 이름을 출력합니다. | -| OSS Version | Open Source의 Version. Binary DB에서 매칭하는 Binary의 정보를 가져와서 보여줍니다. | -| License | 1. Binary DB 2. Source Path의 "MODULE_LICENSE_xxxxxx" 3.{MODULE_NAME}.meta_lic에서 찾은 정보를 출력합니다. | -| Need Check | 'O'인 경우, 검토가 필요합니다. | -| Comment | 검토가 필요한 사항을 출력합니다. | - -## 🚗 추가 기능 ---- -하기 옵션을 통해 부가 기능을 활용할 수 있습니다. -- Option: -p : Packaging 파일에 포함되지 않아야 하는 파일 확인 -- Option: -f : Source Code Path를 찾지 못하는 binary에 대하여 Find Command 실행 결과 출력 -- Option: -i : Android reference 의 repository기준으로 OSS Name 자동 출력 끄기 -- Option: -r : 특정 binary를 FOSSLight Report에서 중복 제거. Android native와 vendor가 분리되어 build되는 구조에서 사용하는 옵션으로 중복으로 포함되는 Binary를 제거합니다. vendor에 대한 FOSSLight Android 실행시 -r 옵션으로 android native 결과 생성되는 result_*.txt 파일을 parameter로 추가합니다. -- Option: -m : License가 빈칸인 부분에 대해 자동으로 Source path 내 Source code 분석(소스 파일 내 License text 기반 License 검출)을 실행하여 License 값을 채워줍니다. (그러나 분석에 시간이 오래 걸립니다. Android native에서 44개 Path기준 약 35분 소요) - ---- - -### -p: Packaging 파일에 포함되지 않아야 하는 파일 확인 -공개할 Source Code 취합시, 포함되지 말아야 하는 파일 이름, 확장자, 디렉토리를 체크합니다. - -사전 준비 -- Packaging Config File : 체크할 항목을 json 형식의 pkgConfig.json 파일 이름으로 생성합니다. - -Example : pkgConfig.json - -``` - { - "Prohibited_File_Names":[ - "key_file", - "confidential_key" - ], - "Prohibited_File_Extensions":[ - "exe", - "jar" - ], - "Prohibited_Path":[ - "confidential", - ".git" - ] - } -``` - -- Prohibited_File_Names : 검출하려는 파일 이름 -- Prohibited_File_Extensions : 검출하려는 파일 확장자 -- Prohibited_Path : 검출할 파일 디렉토리 -- 공개할 소스 코드를 취합한 디렉토리 위치 혹은 압축 파일 확인 - - 공개할 소스 코드 취합한 디렉토리나 압축 파일 내 압축된 파일이 있을 경우, 압축을 해제하여 검색합니다. - - 압축 해제 지원 확장자 : tar, tar.gz, zip - -**실행 방법** -1. Packaging Config File을 pkgConfig.json 파일명(json 형식)으로 준비합니다. -2. -p 옵션을 추가하여 실행합니다. (-p : 공개할 소스 코드를 취합한 Path 혹은 압축 파일) - ``` - (venv)$ fosslight_android -p [A path or compressed file containing the source code to be disclosed] - - ex - (venv)$ fosslight_android -p /home/test/sourceCodeToBeDisclosed.tar.gz - ``` - -3. 결과 확인 -검출된 항목별로 추출된 목록을 보여줍니다. - -결과 example : - -``` - (venv)$ fosslight_android -p /home/test/sourceCodeToBeDisclosed.tar.gz - 1. Prohibited file names : 1 - sourceCode/executable/LgeOscClient/confidential_key - 2. Prohibited file extension : 4 - sourceCode/executable/Report_Jenkins_ubuntu.exe - sourceCode/executable/ReportTool_v3.03_181128U.jar - sourceCode/executable/Protex_Create_Upload_Analyze_v3.03_181128U.jar - sourceCode/executable/ReportTool_CLI_v3.03_181128U.jar - 3. Prohibited Path : 2 - sourceCode/.git - sourceCode/executable/LgeOscClient/confidential - 4. Fail to read : 0 -``` - -- Prohibited file names : 공개할 소스 코드 중 파일명에 pkgConfig.json의 Prohibited_File_Names 값을 포함하는 경우 출력합니다. -- Prohibited file extension : 공개할 소스 코드 중 파일 확장자가 pkgConfig.json의 Prohibited_File_Extensions 값인 경우 출력합니다. -- Prohibited Path : 공개할 소스 코드 중 파일 Path 중 pkgConfig.json의 Prohibited_Path 값을 포함하는 경우 출력합니다. -- Fail to read : 압축 해제에 실패한 파일 목록을 출력합니다. - -### -f: Source Code Path를 찾지 못하는 binary에 대하여 Find Command 실행 결과 출력 -Source Code Path를 찾지 못하는 Binary에 대하여 Android의 Source Path내 폴더 (out directory, .으로 시작하는 숨김 directory 제외)별로 Find Command 실행 결과를 출력합니다. - -1. -f 옵션을 추가하여 실행합니다. - ```commandline - (venv)$ fosslight_android -s [android source path] -a [build log file name] -f - - ex - (venv)$ fosslight_android -s /home/soim/android/source -a android.log -f - ``` - -2. 결과 확인 -Source Code Path를 찾지 못하는 Binary별 Find command 실행 결과는 'FIND_RESULT_OF_BINARIES.txt' 파일로 생성됩니다. -단, Source Code Path를 찾지 못하는 Binary가 없을 경우 해당 파일은 생성되지 않습니다. - -### -i: OSS Name 자동 완성 기능 끄기 -FOSSLight Android는 Binary DB에서 OSS 정보를 찾을 수 없는 경우이거나 OSS Name이 "Android Open Source Project"인 경우, Source Code Path를 기준으로 [Android Native](https://android.googlesource.com/platform)에 있는 저장소라면 OSS Name을 자동으로 출력해줍니다. -OSS Name 자동 완성 기능을 끄고자 할 경우 선택합니다. - -### -r: 특정 binary를 FOSSLight Report에서 중복 제거 -하나의 Model에 탑재하는 Android native와 vendor가 분리된 output으로 생성되는 경우에 한하여 활용합니다. -- vendor에 대한 FOSSLight Android 실행시 -r 옵션을 이용하여 Android native에도 포함되는 binary를 중복 제거합니다. -- 중복 제거 조건 : Binary name이 같고 checksum이 같거나, Binary name이 같고 TLSH 값 차이가 120이하인 경우 -- 중복 제거된 binary는 REMOVED_BIN_BY_DUPLICATION.txt에 출력됩니다. - -1. -r 옵션을 추가하여 실행합니다. - ```commandline - (venv)$ fosslight_android -s [vendor_source_path] -a [android_build_log_file] -r [android_native_result.txt] - - ex - (venv)$ fosslight_android -s [vendor_source_path] -a android.log -r android_native_result.txt - ``` - -2. 결과 확인 -android_native_result.txt와 중복된 binary는 FOSSLight-Report.xlsx에서 제거되고, REMOVED_BIN_BY_DUPLICATION.txt에 출력됩니다. - - -### -m: 소스 코드 분석하여 License 출력 -License 정보를 못 찾은 경우에 한하여 FOSSLight Source를 이용하여 Source code를 분석한 결과를 License란에 출력합니다. - -1. -m 옵션을 추가합니다. - ```commandline - (venv)$ fosslight_android -s [vendor_source_path] -a [android_build_log_file] -m - - ex - (venv)$ fosslight_android -s [vendor_source_path] -a android.log -m - ``` - -2. 결과 확인 -FOSSLight Report의 License column에 분석한 결과가 채워집니다. -추가로 source_analyzed_[datetime] 폴더에 소스 코드별 분석한 결과가 생성됩니다. diff --git a/scanner/README.md b/scanner/README.md deleted file mode 100644 index 151299ed..00000000 --- a/scanner/README.md +++ /dev/null @@ -1,135 +0,0 @@ ---- -sort: 5 -published: true -title: 🚩FOSSLight Scanner ---- -# FOSSLight Scanner - -FOSSLight Scanner is released under the Apache-2.0. Current python package version. - -FOSSLight Scanner는 로컬 소스코드 또는 입력받은 링크를 통해 소스를 다운로드 받은 후 소스코드, 바이너리 및 디펜던시에 대한 오픈 소스 분석을 수행할 수 있습니다. -
-오픈 소스 분석을 위해 사용하는 툴은 다음과 같습니다. - -1. [FOSSLight Source Scanner](2_source.md) : 소스 코드를 분석하여 오픈 소스 분석 결과를 생성합니다.  -2. [FOSSLight Dependency Scanner](3_dependency.md) : Package manager 또는 빌드 시스템을 통해 사용되는 dependency의 오픈 소스 분석 결과를 생성합니다.  -3. [FOSSLight Binary Scanner](4_binary.md) : Binary를 분석하여 오픈 소스 분석 결과를 생성합니다.  -
- - -**Github Repository** : [https://github.com/fosslight/fosslight_scanner](https://github.com/fosslight/fosslight_scanner) -**License** : [Apache-2.0](https://github.com/fosslight/fosslight_scanner/blob/main/LICENSE) - -## 목차 -- [📋 필요 조건](#-필요-조건) -- [🎉 설치 방법](#-설치-방법) -- [🚀 실행 방법](#-실행-방법) -- [📁 결과](#-결과) -- [🐳 Docker를 이용하여 설치 및 실행 방법](#-docker를-이용하여-설치-및-실행-방법) - -## 📋 필요 조건 -1. [**FOSSLight Scanner**](https://github.com/fosslight/fosslight_scanner)는 Python 3.8+ 기반에서 동작합니다. -2. Jar 파일에 대한 분석을 위해서는 [**Java**](https://openjdk.java.net)를 설치해야 합니다.(Open Source JDK를 설치) -3. (windows의 경우) Microsoft Build Tools (Microsoft Visual C++ 14.0+) from https://visualstudio.microsoft.com/ko/visual-cpp-build-tools/를 설치해야 합니다. - -## 🎉 설치 방법 -FOSSLight Scanner는 pip3를 이용하여 설치할 수 있습니다. -[python 3.8 + virtualenv](etc/guide_virtualenv.md) 환경에서 설치할 것을 권장합니다. - -``` -$ pip3 install fosslight_scanner -``` - -## 🚀 실행 방법 -### Mode별 실행 방법 및 Parameters -``` -$ fosslight [Mode] [option1] [option2] ... -``` -``` - Parameters: - Mode - all Run all scanners(Default) - source Run FOSSLight Source Scanner - dependency Run FOSSLight Dependency Scanner - binary Run FOSSLight Binary Scanner - compare Compare two FOSSLight reports - - Options: - -h Print help message - -p Path to analyze (ex, -p {input_path}) - * Compare mode input file: Two FOSSLight reports (supports excel, yaml) - (ex, -p {before_name}.xlsx {after_name}.xlsx) - -w Link to be analyzed can be downloaded by wget or git clone - -f FOSSLight Report file format (excel, yaml) - * Compare mode result file: supports excel, json, yaml, html - -o Output directory or file - -c Number of processes to analyze source - -r Keep raw data - -t Hide the progress bar - -v Print FOSSLight Scanner version - --no_correction Enter if you don't want to correct OSS information with sbom-info.yaml - * Correction mode only supported xlsx format. - --correct_fpath Path to the sbom-info.yaml file - - Options for only 'all' or 'bin' mode - -u DB Connection(format :'postgresql://username:password@host:port/database_name') - - Options for only 'all' or 'dependency' mode - -d Additional arguments for running dependency analysis -``` -- -d 옵션은 FOSSLight Dependency 실행시 argument 입력이 필요한 경우만 입력합니다.[참고](3_dependency.md) - -#### Ex.1 Local의 Path를 분석하는 방법 -``` -fosslight all -p /home/source_path -``` - -#### Ex.2 링크를 다운로드 받고 분석하는 방법 -``` -fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git" -``` - -#### Ex.3 FOSSLight Report BOM 결과 비교하여 변경/추가/삭제 내역 확인하는 방법 -``` -fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -o test_result -``` - -## 📁 결과 -### 오픈소스 분석 모드 결과 (all, source, dependency, binary) -``` -test_result/ -├── fosslight_binary_220214_1824.txt -├── fosslight_log -│ └── fosslight_log_220214_1824.txt -├── fosslight_report_220214_1824.xlsx -└── fosslight_raw_data - ├── fosslight_src_220214_1824.xlsx - ├── fosslight_bin_220214_1824.xlsx - └── fosslight_dep_220214_1824.xlsx -``` -- fosslight_binary_(datetime).txt : FOSSLight Binary결과 binary 별 checksum, tlsh 값이 추출된 파일 -- fosslight_report_(datetime).xlsx : Source code 분석, Binary 분석, Dependency 분석 결과가 작성된 FOSSLight Report 형식의 파일 -- fosslight_raw_data directory: 분석 결과 Raw Data 파일이 생성되는 폴더 (-r option 있는 경우) - - fosslight_src_(datetime).xlsx : Source code 분석 결과 파일 - - fosslight_dep_(datetime).xlsx : Dependency 분석 결과 파일 - - fosslight_bin_(datetime).xlsx : Binary 분석 결과 파일 - -### compare 모드 결과 -``` -test_result/ -├── fosslight_log -│ └── fosslight_log_20220817_114259.txt -└── fosslight_compare_20220817_114259.xlsx -``` -- fosslight_compare_(datetime).xlsx : 두 개의 BOM 비교 결과가 (add/delete/change) 테이블 양식으로 작성된 파일 - -## 🐳 Docker를 이용하여 설치 및 실행 방법 -1. Dockerfile을 이용하여 이미지 빌드 -``` -$docker build -t fosslight . -``` -2. 빌드한 이미지로 실행합니다. -ex. Output 경로 : /Users/fosslight_scanner/test_output, 분석 경로 : tests/test_files -``` -$docker run -it -v /Users/fosslight_scanner/test_output:/app/output fosslight -p tests/test_files -o output -``` diff --git a/scanner/etc/binary_db.md b/scanner/etc/binary_db.md deleted file mode 100644 index 19f02c0a..00000000 --- a/scanner/etc/binary_db.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -published: true ---- - -# FOSSLight Binary Scanner Database 세팅 방법 -OSS Information (OSS Name, OSS Version, License)를 DB로부터 출력하기 위해 DB 세팅이 필요합니다. - -## Prerequisite -1. [PostgreSQL][PostgreSQL]를 설치합니다. -2. 원격으로 접속하기 위해 configuration file을 수정하는 방법 : [reference link][ref_link] - -[PostgreSQL]: https://www.postgresql.org/download/ -[ref_link]: https://www.cyberciti.biz/tips/postgres-allow-remote-access-tcp-connection.html - - -## How to create a database and a table -1. User와 Database를 생성합니다. -```` -$ sudo -i -u postgres -$ psql -postgres=# CREATE USER bin_analysis_script_user PASSWORD 'script_123' ; -postgres=# CREATE DATABASE bat OWNER bin_analysis_script_user ENCODING 'utf-8'; -```` - -2. [fosslight_create.sql][sql_link] 파일을 다운로드합니다. - -3. Table을 생성합니다. -```` -$ psql -U bin_analysis_script_user -d bat -f fosslight_create.sql -```` - -[sql_link]: https://github.com/fosslight/fosslight_binary_scanner/blob/main/db/initdb.d/fosslight_create.sql - -### Table schema -table - - -## Example. 데이터 입력을 위한 쿼리 -```` -INSERT INTO public.lgematching (filename, pathname, checksum, tlshchecksum, ossname, ossversion, license, parentname, platformname, platformversion, updatedate, sourcepath) VALUES -('askalono.exe', 'third_party/askalono/askalono.exe', '3f5c6bbf06ddf53a46634bb21691ab0757f3b80c', 'T138267C12BB86A9EDC06AC470878646225B31B4CA0B25BFFF41C455743E6AAF45F3D39C', 'askalono', '', 'Apache-2.0', '[123]windows app project', 'windows', '10', '2021-02-19 17:21:52.430065', 'third_party/src/askalono') -```` -- The checksum and tlshchecksum values are output to binary.txt when fosslight_binary is executed. - - -## FOSSLight Binary 실행시, DB와 연동하는 방법 -- When calling fosslight_binary, write your DB information with the -d option. -ex) -```` -fosslight_binary -p path_to_analyze -d postgresql://username:password@host:port/database_name -```` diff --git a/scanner/etc/guide_virtualenv.md b/scanner/etc/guide_virtualenv.md deleted file mode 100644 index 6df830b2..00000000 --- a/scanner/etc/guide_virtualenv.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -published: true ---- -# Virtualenv 세팅 가이드 - -Python package를 설치 및 실행하기 위한 virtualenv 환경 세팅하는 가이드입니다. - -## Contents -- [추가 Package 설치](#pre) -- [Python, python-dev 설치](#python) -- [virtualenv 세팅하는 법](#virtualenv) -- [virtualenv 명령어](#command) - -## 📋 Prerequisite -macOS의 경우, 하기 package를 추가로 설치합니다. -``` -brew install openssl -brew install libmagic -brew install postgresql -``` - -## 💻 Python, python-dev 설치 - -- Python 설치 방법은 [설치 가이드][install] 링크를 참조하세요. -- 사용하는 python 버전에 맞게 python-dev, python-distutils를 설치합니다. - ``` - $ sudo apt-get install python3.8 python3-pip python3.8-dev python3.8-distutils - ``` - -[install]: https://realpython.com/installing-python - -## 📋 virtualenv 생성하고 활성화하는 법 - -``` -$ pip3 install virtualenv -$ virtualenv -p /usr/bin/python3.8 venv -$ source venv/bin/activate -``` -자세한 virtualenv 설명: [Python virtaulenv page][venv] - -[venv]: https://docs.python.org/3.8/library/venv.html - -## ⌨️ virtualenv 명령어 - -| Command description | command | -| ------------- | ------------- | -| 가상환경 생성 | virtualenv -p [python_version] [env_name] | -| 가상환경 활성화 | source [env_name]/bin/activate | -| 가상환경 비활성화 | deactivate | diff --git a/scanner/images/add.gif b/scanner/images/add.gif deleted file mode 100644 index e6514042..00000000 Binary files a/scanner/images/add.gif and /dev/null differ diff --git a/scanner/images/convert.gif b/scanner/images/convert.gif deleted file mode 100644 index 3f2a4f82..00000000 Binary files a/scanner/images/convert.gif and /dev/null differ diff --git a/scanner/images/fosslight_prechecker_add_test_result.JPG b/scanner/images/fosslight_prechecker_add_test_result.JPG deleted file mode 100644 index a620e9b5..00000000 Binary files a/scanner/images/fosslight_prechecker_add_test_result.JPG and /dev/null differ diff --git a/scanner/images/fosslight_reuse_add_test.JPG b/scanner/images/fosslight_reuse_add_test.JPG deleted file mode 100644 index 3a539c73..00000000 Binary files a/scanner/images/fosslight_reuse_add_test.JPG and /dev/null differ diff --git a/scanner/images/fosslight_reuse_report.JPG b/scanner/images/fosslight_reuse_report.JPG deleted file mode 100644 index d017bc2d..00000000 Binary files a/scanner/images/fosslight_reuse_report.JPG and /dev/null differ diff --git a/scanner/images/lint.gif b/scanner/images/lint.gif deleted file mode 100644 index 31f3b20b..00000000 Binary files a/scanner/images/lint.gif and /dev/null differ diff --git a/scanner/images/table_schema.png b/scanner/images/table_schema.png deleted file mode 100644 index fd8d5074..00000000 Binary files a/scanner/images/table_schema.png and /dev/null differ diff --git a/started/1_install.md b/started/1_install.md deleted file mode 100644 index 8364f7f8..00000000 --- a/started/1_install.md +++ /dev/null @@ -1,14 +0,0 @@ -# Quick Start -```note -FOSSLight Hub를 빠르고 쉽게 체험하는 방법을 설명합니다. -``` - -## 🔆 Demo 사이트 이용하기 -[https://demo.fosslight.org](https://demo.fosslight.org)를 이용하면 설치 없이 FOSSLight Hub를 체험할 수 있습니다. -- 계정 생성 및 등록 방법 : [로그인/계정 등록](2_try/1_sign.md) -- (Sample) Admin 계정 : 하기 admin 계정을 통해 관리자 모드를 체험할 수 있습니다. - - id : admin, pswd : admin -- (Sample) User 계정 : 하기 user 계정을 통해 유저 모드를 체험할 수 있습니다. - - id : user, pswd : user - -참고. 직접 빌드 및 실행 방법: [개발 환경 세팅](../features/1_developer.md) diff --git a/started/2_try/1_sign.md b/started/2_try/1_sign.md deleted file mode 100644 index 4382f96d..00000000 --- a/started/2_try/1_sign.md +++ /dev/null @@ -1,15 +0,0 @@ ---- -sort: 1 -published: true ---- -# Sign In & Sign Up -```note -FOSSLight Hub 로그인 및 계정 등록 방법을 설명합니다. -``` -## Sign In -![SignIn](../images/sign_in.png) -- 처음 접속하는 경우 Sign Up 버튼을 클릭하여 계정을 등록합니다. - -## Sign Up -![SignUp](../images/sign_up.png) -- FOSSLight Hub에 처음 접속하는 경우 계정을 등록합니다. diff --git a/started/2_try/2_oss.md b/started/2_try/2_oss.md deleted file mode 100644 index 4d4e6cc7..00000000 --- a/started/2_try/2_oss.md +++ /dev/null @@ -1,106 +0,0 @@ ---- -sort: 2 -published: true ---- -# OSS List -```note -등록된 OSS(Open Source Software) 정보를 확인하고, OSS를 추가, 수정, 삭제할 수 있습니다. -OSS List의 OSS Name Column 내 cell을 클릭하면 상세정보를 확인할 수 있습니다. -``` -## OSS List -![OssList](../images/oss_list.png) - -### ID -- OSS를 식별하는 숫자입니다. -- OSS의 버전이 여러 개 등록된 경우 '+'가 표시되며 최상위 버전이 표시됩니다. '+' 버튼을 클릭하면 하위 버전의 Open Source 정보를 확인할 수 있습니다. - -### OSS Type -- M : Multi License로 하나의 OSS에 여러 License의 Source Code가 포함된 경우입니다. -- D : Dual License로 여러 개의 OSS License 중 하나를 선택할 수 있습니다. -- V : Version different License로 버전 별로 License가 다른 경우입니다. - -### OSS Name -- Nick 표시된 OSS는 하나의 OSS가 여러 개의 Name을 갖고 있습니다. - 예) "bison"의 Nick name은 "Bison parser", "GNU bison" 로 모두 같은 OSS를 표현하고 있습니다. - -### Version -- OSS 버전을 의미합니다. - -### License Name -- OSS의 License 정보를 알 수 있습니다. -- Multi License는 OSS에 포함되는 모든 License가 AND로 표시됩니다. -- Dual License는 OSS의 License를 복수 개 중 선택할 수 있고 OR로 표시됩니다. - -### License Type -- Permissive : BSD-like 또는 BSD-style License로 불리며 Software 재배포 방법 관련 최소한의 요구사항이 있는 License입니다. 통상적으로 Copyright Notice 와 보증부인 문구를 유지할 것을 요구합니다. -- Weak Copyleft : 파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. 저작물의 복사본과 수정본의 Source Code를 공개해야 합니다. -- Copyleft : 파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. 저작물의 복사본과 수정본뿐만 아니라 이와 link되거나 함께 동작하는 프로그램 전체 Source Code를 공개해야 합니다. -- Proprietary : 3rd Party가 Open Source를 사용하지 않고 자체 개발한 Software로 해당 3rd Party와 계약된 경우에만 사용 가능합니다. -- Proprietary Free : 3rd Party가 Open Source를 사용하지 않고 자체 개발한 Software로 추가적인 계약을 필요로 하진 않지만 일부 제약된 형태로만 사용 가능합니다. - -### Obligation -- Notice Obligation : 고지 의무가 있습니다. -- Source Code Obligation : Source Code 공개 의무가 있습니다. - -### Download Location -- Open Source를 다운로드 받을 수 있는 URL이 Link로 표시되며, 클릭 시 해당 사이트로 이동하거나 파일을 다운로드 받을 수 있습니다. - -### Homepage -- Open Source 공식 Site가 있으면, 로 표시되며 클릭 시 해당 사이트로 이동합니다. -- 아이콘에 마우스 오버 시 상세주소를 확인할 수 있습니다. - -### Description -- Open Source 사용 시 주의 사항을 확인할 수 있습니다. - -### Vulnerability -- NIST에서 제공하는 CVE DB에서 해당 OSS가 검색되면 취약 정도 (CVE Score)에 따라 Vulnerability 아이콘 색깔로 구분되어 표시됩니다. - -## (Admin Only) OSS 추가, 수정, 복사, 삭제, 일괄 변경 -### OSS 추가 -![NEW_OSS](../images/2_oss_new.png) -1. OSS List에서 우측 상단 Add 버튼을 클릭합니다. -2. "New_Opensource" 탭에서 신규 OSS의 정보를 입력합니다. - - OSS Name, Nick Name은 중복될 수 없습니다. - - Summary Description : 해당 OSS에 대한 정보를 입력합니다. - - Attribution : OSS Notice 발행시 별도로 포함되어야 하는 문구를 기입합니다. -3. 우측 하단의 Save 버튼을 클릭합니다. - -### OSS 상세정보탭 -![OSS_DETAIL](../images/2_oss_detail.png) -OSS List에서 OSS Name을 클릭합니다. -Admin 인 경우에만 Editable하게 표시되며 Save, Sync, Copy, Delete 버튼이 표시됩니다. - -#### OSS 수정 -정보를 수정한 후 우측 하단의 Save 버튼을 클릭합니다. - -#### OSS 복사 -OSS 복사 기능은 동일한 OSS의 다른 버전을 추가할 때 유용합니다. -1. 우측 하단의 Copy 버튼을 클릭합니다. -2. 동일한 OSS 정보로 "New_Opensource"탭이 뜹니다. -3. 이때, OSS Name에는 "_Copied"가 append되어 있습니다. -4. 정보를 수정 후 우측 하단의 Save 버튼을 클릭하면 OSS가 등록됩니다. - -#### OSS 삭제 -1. Comment란에 삭제 사유를 기입합니다. -2. 좌측 하단의 Delete 버튼을 클릭합니다. - - 📢 해당 OSS가 Identification 단계가 Confirm된 Project에 포함된 경우, Delete 버튼 클릭 시 다른 OSS로 Merge하는 창이 팝업됩니다. - ![NEW_OSS](../images/2_oss_rename.png) - - Merge할 OSS를 선택하면, 삭제하는 OSS의 Name과 NickName은 Merge하는 OSS의 Nickname으로 이동됩니다. - - -#### OSS 버전별 정보 일괄 변경 기능 -OSS에 여러 버전이 등록된 경우, 각 버전별 정보를 일괄 업데이트시 사용합니다. -우측 하단의 Sync 버튼을 클릭합니다. -![OSS_SYNC](../images/2_oss_sync.png) -- (1) 수정할 OSS 버전을 선택합니다. - - 이미 동일한 OSS 정보를 가진 버전의 경우, 회색으로 표시되며 선택 불가합니다. -- (2) 수정할 OSS의 정보를 선택합니다. - - 체크된 항목에 대해서만 정보가 업데이트됩니다. - - 표시되는 정보는 (1)에서 선택된 Row의 해당 버전의 OSS 정보가 표시됩니다. -- (3) Comment 입력란. - - OK 클릭시 (1)에서 선택한 수정할 OSS 버전에 입력한 Comment가 추가됩니다. - - - - - diff --git a/started/2_try/3_license.md b/started/2_try/3_license.md deleted file mode 100644 index 98555c79..00000000 --- a/started/2_try/3_license.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -sort: 3 -published: true ---- -# License List -```note -등록된 License 정보를 확인하고, License를 추가, 수정, 삭제할 수 있습니다. -License List의 License Name Column의 cell을 클릭하면 상세정보를 확인할 수 있습니다. -``` -## License List -![LicenseList](../images/license_list.png) - -### License Name -- License Full name으로 SPDX (https://spdx.org/licenses/) 표기 방식을 따르고 있습니다. -- License Name column의 값을 클릭하면, License 별 상세정보를 확인할 수 있습니다. - -### Identifier -- standardized short identifier로 License를 더욱 쉽게 식별할 수 있으며 SPDX (https://spdx.org/licenses/) 표기 방식을 따르고 있습니다. - -### License Type -- Permissive : 통상적으로 Copyright Notice와 보증부인 문구를 유지할 것을 요구합니다. -- Weak Copyleft :파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. 저작물의 복사본과 수정본의 Source Code를 공개해야 합니다. -- Copyleft : 파생저작물에 동일한 권리가 유지된다는 조건으로 저작물의 복사본과 수정된 버전을 자유롭게 배포할 수 있습니다. 저작물의 복사본과 수정본뿐만 아니라 이와 link 되거나 함께 동작하는 프로그램 전체 Source Code를 공개해야 합니다. -- Proprietary :Software 권리자의 허락 없이 사용이 불가능하므로 반드시 source code 사용 여부에 대한 계약 관계를 확인하고 사용하시기 바랍니다. -- Proprietary Free : 추가적인 계약이 필요하지는 않지만 제약된 형태, 특정 이용 약관 또는 조건에서 사용할 수 있습니다. - -### Restriction -- Non-Commercial Use Only : Software의 상업적 사용 및 배포를 금지합니다. -- Network Redistribution : Network 상으로 이용하도록 Service를 제공하는 것만으로도 배포로 간주하여 Open Source 의무 사항을 이행해야 합니다. -- Restricted Modifications : Software의 수정된 버전을 배포할 수 없습니다. 즉 Source code를 수정하지 않고 사용해야 합니다. -- Platform Deployment Restriction : 운영체제, 기술, 사용된 기술 분야, Device Type 등에 따라 Software의 배포를 제한합니다. -- Prohibited Purpose : Software를 특정 목적(분야)을 위하여 사용할 수 없습니다. -- Specification Constraints : 특정 Specification 또는 Standard와 관련하여 Software를 사용해야 합니다. -- Restricted Redistribution : 재배포할 수 있는 Software의 하위 구성 요소(Source Code, Binary file 등)를 제한합니다. -- Common Clause Restriction :Product의 전체 또는 상당 부분이 Common Clause License인 Software으로 부터 가치를 창출하는 경우, 판매 불가합니다. - -### Obligation -- Notice Obligation : 고지 의무가 있습니다. -- Source Code Obligation : Source Code 공개 의무가 있습니다. - -### Web site -- License 원문의 web site 정보를 제공합니다. URL 클릭 시 해당 사이트로 이동합니다. - -### User Guide -- License 사용 시 주의 사항을 알 수 있습니다. - -## (Admin Only) License 추가, 수정, 삭제 -### License 추가 -![NEW_OSS](../images/3_lic_new.png) -1. License List에서 우측 상단 Add 버튼을 클릭합니다. -2. "New_License" 탭에서 신규 OSS의 정보를 입력합니다. - - License Name, Nick Name은 중복될 수 없습니다. - - Obligation : - - Notice가 체크된 경우 OSS Notice에 포함됩니다. - - Source Code가 체크된 경우, Packaging탭에서 소스 코드 취합 OSS 목록으로 표시됩니다. - - User Guide : 해당 OSS에 대한 정보를 입력합니다. - - Attribution : OSS Notice 발행시 별도로 포함되어야 하는 문구를 기입합니다. -3. 우측 하단의 Save 버튼을 클릭합니다. - -### License 수정 -1. License List에서 수정할 License Name을 클릭합니다. -2. License 상세정보 탭에서 수정합니다. -3. 우측 하단의 Save 버튼을 클릭합니다. - -### License 삭제 -1. License List에서 삭제할 License Name을 클릭합니다. -2. License 상세정보 탭에서 Comment란에 삭제 사유를 기입합니다. -3. 좌측 하단의 Delete 버튼을 클릭합니다. \ No newline at end of file diff --git a/started/2_try/4_project.md b/started/2_try/4_project.md deleted file mode 100644 index be77c257..00000000 --- a/started/2_try/4_project.md +++ /dev/null @@ -1,210 +0,0 @@ ---- -sort: 4 -published: true ---- -# Project -```note -Open Source Software를 포함하는 Software의 개발 및 배포를 위해 수행해야 하는 Process를 순차적으로 수행합니다. -![prj_status](../images/4_project_process.png) -``` - -## Project List -![ProjectList](../images/project_list.png) -Project를 검색하고, 해당 Project의 전체적인 정보를 확인하고 FOSSLight Report, OSS Notice, OSS Package를 다운로드할 수 있습니다. - -- Search : Project의 기본 정보, Status, License, OSS Name 등으로 Project를 검색할 수 있습니다. -- Project Name (Version) : Row를 더블 클릭하면 Project 상세 화면으로 이동합니다. -- Status : Project의 상태 정보를 표시합니다. -- Identification, Packaging : 각 항목을 클릭하면 Identification, Packaging 상세 항목으로 이동합니다. -- Download : 각 아이콘을 클릭하면 파일을 다운로드 받을 수 있습니다. - - FOSSLight Report: Identification에서 입력한 목록을 FOSSLight Report 형식으로 다운로드할 수 있습니다. - - OSS Notice: Packaging 단계가 완료된 경우 표시되며 발행된 OSS Notice를 다운로드할 수 있습니다. - - Packaging file: Packaging에서 공개할 Source Code가 업로드된 경우 표시되며 Packaging 파일을 다운로드할 수 있습니다. -- Vulnerability : Project의 Identification에 포함된 전체 Open Source List의(Exclude 제외) Vulnerability 정보 중 가장 높은 Critical Level을 표시합니다. - - Critical (Critical Score 9.0 ~ 10.0) - - High (Critical Score 7.0 ~ 8.9) - - Medium (Critical Score 4.0 ~ 6.9) - - Low (Critical Score 0.1 ~ 3.9) - -### Project의 Status -![prj_status](../images/4_project_status.png) - -| Status | Description | -| ------------- | ------------- | -|Progress| Creator가 작업하고 있는 상태입니다. | -|Request|Identification 또는 Packaging 단계에서 Creator가 Reviewer에게 Review를 요청한 상태입니다. 해당 탭의 우측 상단 reject 버튼을 통하여 Progress 상태로 변경할 수 있습니다. | -|Review|Identification 또는 Packaging 단계에서 Reviewer가 Review 중인 상태입니다. 이 때, Creator는 Identification 또는 Packaging의 정보를 수정할 수 없습니다. 수정이 필요한 경우 [Comment](#comment)를 남겨 Reviewer에게 Reject을 요청합니다. | -|Complete|Project Review가 완료된 상태를 의미합니다. Creator는 Identification 또는 Packaging의 정보를 수정할 수 없습니다. 수정이 필요한 경우 Project Basic Information탭에서 Request to Open을 클릭합니다. | -| Drop|더 이상 Project의 OSC Process를 진행하지 않는 상태를 의미합니다. Status: Complete가 아닌 경우, Drop 설정을 할 수 있으며, 필요시에는 Open을 클릭하여 직접 Open할 수 있습니다. | - - -## Project의 Process - -### 1. Create a Project -배포하는 Software에 대하여 Project를 생성합니다. -1. Project List에서 Add 버튼을 클릭합니다. -2. New_Project 탭에서 Project 관련 정보를 입력합니다. -3. 우측 하단의 Save 버튼을 클릭합니다. - -#### Basic Information탭 -Project에 대한 기본 정보를 수정하거나 Status를 변경하는 탭입니다. -![prj_basic](../images/4_project_bi.png) -Project List에서 Project Name을 더블 클릭합니다. -- Delete : Project를 삭제합니다. -- Drop : Project의 Status를 Drop으로 변경합니다. 다시 Process를 진행하기 위해서는 Open 버튼을 클릭해야 합니다. -- Copy : Project를 복사하여 새로운 Project를 생성합니다. -- Save : 기본 정보를 수정한 후에는 클릭해야 저장됩니다. -- Open : Status가 Drop인 경우 표시되며 클릭하면 Status를 Progress로 변경합니다. -- Request to Open : Status가 Complete인 Project인 경우 표시되며 Status를 Progress로 변경하여 Process를 재수행할 수 있습니다. -- (Admin Only) - - Complete : 모든 Process가 완료된 Project에 대하여 Status를 변경합니다. - - Open : Status가 Complete 또는 Drop인 경우 표시되며 Status를 Progress로 변경합니다. - -### 2. Identification -배포하는 Project에 대하여 Open Source Software 분석 결과를 작성합니다. -- Project List의 Identification column 내 버튼을 클릭하여 진입합니다. - - - -#### 2-1. 3rd Party Tab -![prj](../images/4_project_3rd.png) -*3rd Party 탭 작성 Process* -- 3rd Party Software가 포함된 경우 : 사전에 리뷰 완료된 3rd Party를 Load → Save -- 3rd Party Software가 포함되지 않은 경우 : Not Applicable 체크 → Save - -*리뷰 완료된 3rd Party를 Load하는 방법* -하기 방법 중 선택하여 3rd Party Software 정보를 불러올 수 있습니다. -(💁 3rd Party는 여러개 불러올 수 있습니다.) -1. 3rd Party Search : 3rd Party List 메뉴에서 Status: confirm인 3rd Party Software를 검색하고 load합니다. -2. Project Search : 다른 Project의 3rd Party 탭을 load합니다. - -#### 2-2. DEP Tab -![prj](../images/4_project_dep.png) -*DEP 탭 작성 Process* -- Package manager를 통해 OSS가 포함된 경우: 각 dependency의 OSS 정보를 작성 -> Save -- Package manager를 통해 OSS가 포함되지 않은 경우 : Not Applicable 체크 → Save - -*각 dependency의 OSS 정보 작성 방법* -- OSS Table에 수기로 작성 - - OSS Table의 좌측 상단 + 버튼을 클릭하여 OSS 정보를 기입합니다. -- OSS 정보 일괄 Load 하는 방법 - 1. Upload Analysis Result 란에 OSS List를 작성한 FOSSLight Report를 업로드합니다. - - Load 가능한 FOSSLight Report 양식은 우측 상단 "Export"버튼을 클릭하면 다운로드 가능합니다. - 2. Project Search : 다른 Project의 DEP 탭을 Load합니다. -- Scanner를 통해 자동 작성 방법 - - FOSSLight Dependency Scanner를 통해 자동으로 OSS 정보 기입된 보고서 생성 가능합니다. - -#### 2-3. SRC Tab -![prj](../images/4_project_src.png) -*SRC 탭 작성 Process* -- Source code별 OSS가 포함된 경우: Source code별 OSS 정보를 작성 -> Save -- Source code별 OSS 분석 대상이 아닌 경우 : Not Applicable 체크 → Save - -*Source code별 OSS 정보 작성 방법* -- OSS Table에 수기로 작성 - - OSS Table의 좌측 상단 + 버튼을 클릭하여 OSS 정보를 기입합니다. -- OSS 정보 일괄 Load 하는 방법 - 1. Upload Analysis Result 란에 OSS List를 작성한 FOSSLight Report를 업로드합니다. - - Load 가능한 FOSSLight Report 양식은 우측 상단 "Export"버튼을 클릭하면 다운로드 가능합니다. - 2. Project Search : 다른 Project의 SRC 탭을 Load합니다. - -#### 2-4. BIN Tab -![prj](../images/4_project_bin.png) -*BIN 탭 작성 Process* -- Binary가 포함된 경우 : Binary별 OSS 정보를 작성 -> Save -- Binary가 포함되지 않는 경우 : Not Applicable 체크 → Save - -*Binary별 OSS 정보 작성 방법* -- OSS Table에 수기로 작성 - - OSS Table의 좌측 상단 + 버튼을 클릭하여 OSS 정보를 기입합니다. -- OSS 정보 일괄 Load 하는 방법 - 1. Upload Analysis Result 란에 OSS List를 작성한 FOSSLight Report를 업로드합니다. - - Load 가능한 FOSSLight Report 양식은 우측 상단 "Export"버튼을 클릭하면 다운로드 가능합니다. - 2. Project Search : 다른 Project의 BIN 탭을 Load합니다. - -#### 2-5. BOM Tab -3rd Party, DEP, SRC, BIN 탭에 작성된 OSS 목록을 취합하고 리뷰 요청을 합니다. -![prj](../images/4_project_bom.png) - -##### Review 요청 방법 -1. Merge And Save 버튼을 클릭합니다. - - 3rd Party, DEP, SRC, BIN 탭에 작성한 OSS List를 취합합니다. -2. [Warning message별 검토 사항](#warning) 검토 사항을 확인합니다. -3. Request Review 버튼을 클릭하여 리뷰 요청을 합니다. - - 단, 빨간색 Warning Message가 있을 경우 리뷰 요청이 불가합니다. - -##### (Admin only) Review 방법 -1. BOM 탭 우측 상단 Review Start 버튼을 클릭합니다. -2. [Warning message별 검토 사항](#warning) 검토 사항을 확인합니다. -3. Merge And Save 클릭 후 Confirm을 클릭하면 Packaging 탭이 활성화됩니다. - - Creator에게 재확인이 필요한 경우 Reject을 클릭하여 Status를 Progress로 변경합니다. - -### 3. Packaging -```note -- Packaging 단계에서는 Source Code 공개 의무가 있는 Open Source를 사용한 경우 공개할 Source Code를 취합(OSS Package)하고 이를 FOSSLight Hub에 등록합니다. -- OSS 고지문은 Packaging 단계가 Confirm되면 자동으로 생성됩니다. 만약, OSS 고지문 내용을 변경해야 할 경우, Notice tab에서 수정할 수 있습니다. -- Project List의 Packaging column 내 버튼을 클릭하여 진입합니다. -``` - - - -#### 3-1. Packaging Tab -![prj](../images/4_project_pkg.png) -Packaging tab에서는 OSS Package 파일을 Upload하고 이를 Verify합니다. (단, Source Code 공개를 필요로하는 License하의 Open Source를 사용하지 않았다면 이 탭은 비활성화됩니다. ) -1. OSS Package Upload - - Source code를 취합한 Packaging 파일(압축 파일)을 Upload합니다. -2. "Path of source code in the OSS Package" column을 기입합니다. - - 공개해야 할 Open Source 종류가 많아 Path 기입을 일일이 하기 어려운 경우 'Export Path'버튼으로 Packaging OSS List 파일을 다운로드 한 후 Path를 기입하고 'Upload Path'버튼으로 upload 하면 Path 정보가 등록됩니다. - - 'Save' 버튼으로 입력한 Path정보를 저장할 수 있습니다. - - Path정보는 대소문자를 구분하니 입력 시 주의하시기 바랍니다. -3. 'Verify'버튼을 클릭하여 확인 과정을 수행합니다. - - Verify 후 OSS Package 내에서 찾은 File은 File Count란에 개수가 표시됩니다. 찾지 못한 Open Source가 있다면 "path not found"라고 표시됩니다. - - OSS Package 내에서 찾은 README, File List, Banned List를 확인할 수 있습니다. - - README : OSS Package 내 포함된 README 파일 - - File List : OSS Package 내의 파일 목록 - - Banned List : "Proprietary", "Commercial" 등 공개되지 말아야 할 파일 목록 - - -#### 3-2. Notice Tab -![prj](../images/4_project_notice.png) -OSS Notice는 Identification > BOM 탭을 기준으로 자동 생성됩니다. 이 때, 발행하는 OSS Notice의 포맷이나 Contents를 수정할 수 있습니다. - -#### 3-3. Review 요청 -- Packaging 탭 우측 상단 Request Review 버튼을 클릭하여 리뷰 요청을 합니다. - -#### 3-4. (Admin only) Review 방법 -- Packaging 탭 우측 상단 Review Start 버튼을 클릭합니다. -- 우측 상단의 Confirm을 클릭하면 Packaging이 Confirm되고 OSC Process가 완료됩니다. -- Packaging이 Confirm된 Project에 대해서 Project List에서 발행된 OSS Notice를 다운로드 받을 수 있습니다. - - Creator에게 재확인이 필요한 경우 Reject을 클릭하여 Status를 Progress로 변경합니다. - -## ⭐Tips for Project -### Check OSS Name 버튼 (SRC, BIN Tab) -OSS Table에 작성된 Download location을 기반으로 FOSSLight Hub에 저장된 OSS Name으로 자동 변경합니다. -- 팝업에 자동 변환될 OSS 목록이 표시됩니다. - - Change OSS Name 버튼 : 체크된 Row에 대하여 OSS Table의 OSS Name이 변경됩니다. - - (Admin Only) Add Nickname 버튼 : 체크된 Row에 대하여 FOSSLight Hub에 저장된 OSS에 Nickname으로 OSS Table에 쓰여진 OSS Name이 추가됩니다. - -### Comment 남기기 -- 탭별 우측 상단의 Comment Edit 버튼을 클릭하면 Comment를 남기고 해당 Comment를 Reviewer, Watcher, Creator에게 메일로 발송할 수 있습니다. - -### OSS Table's Warning message -#### Warning message 색깔별 의미 -- 빨간색 : 리뷰 요청 또는 Confirm이 불가합니다. 검토 후 수정이 필요합니다. -- 파란색 : 리뷰 요청 또는 Confirm 가능하지만, 검토가 필요한 사항입니다. -- 회색 : 정보 전달을 위한 message입니다. - -#### Warning message에 따른 검토 사항 - -| Message | Description | -| ------------- | ------------- | -|This field is required| 내용 입력이 필요합니다.| -|Unconfirmed open source|등록되지 않은 신규 OSS입니다.| -|Unconfirmed version|등록되지 않은 신규 버전입니다.| -|Unconfirmed license|등록되지 않은 신규 License 입니다.| -|Dual license: Select a license|Dual License임에도 모두 사용된 것으로 쓰여져 있습니다. Dual License인 경우, 사용할 License만 선택합니다.| -|Specify OSS Name or put 1 license in a row|OSS Name이 - 또는 공란이면서, 여러 License가 하나의 Row에 쓰여져 있습니다. OSS Name이 - 또는 공란인 경우, License별로 Row를 분리하여 작성하여주십시오.| -|The address should be started with www|주소 format이 맞지 않습니다.| -|Formatting error|줄바꿈 문자가 포함되어 있습니다. 여러 줄 작성이 필요한 경우, Row를 추가하여 작성하시기 바랍니다.| -|Not the same as property|입력한 URL이 FOSSLight Hub에 등록된 해당 OSS의 URL과 다릅니다.| - diff --git a/started/2_try/5_security.md b/started/2_try/5_security.md deleted file mode 100644 index 95477040..00000000 --- a/started/2_try/5_security.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -sort: 5 -published: true ---- -# Security -```note -Security 탭에서는 Identification단계의 BOM 탭 기준 vulnerability score가 기준 점수 이상인 OSS에 대하여 CVE ID별로 확인 및 조치 상태를 관리할 수 있습니다. -- vulnerability score 기준 점수는 Code Management > 760 (Security Vulnerability Score)에서 설정하실 수 있습니다. -``` - -## Column 정보 -- OSS Name, OSS version - - Identification단계의 BOM 탭에 작성된 OSS 정보가 자동 출력됩니다. -- CVE ID, CVSS Score, Published Date - - CVE ID 및 해당 CVE ID의 score, 발행일 정보가 자동 출력됩니다. -- Vulnerability Resolution - - 기본값으로 Unresolved로 설정되며, 보안취약점 해결 시 Fixed로 변경하실 수 있습니다. - -### OSS version 미입력시 -- Security 탭에서는 OSS version 미기입된 CVE ID에 대해 정확한 vulnerability 확인이 어렵기에 전체 CVE ID 리스트를 보여주지 않고 있습니다. -- 탭 진입 시 다음 팝업 화면이 뜨는 경우, OSS version 미기입된 OSS 목록 확인하셔서 Identification 탭에서 정확히 해당 OSS에 대해 사용된 OSS version 입력하신 후 BOM 탭 save and merge 해주시면, -Security탭에서 기입된 OSS version에 대한 보안취약점을 확인하실 수 있습니다. -![prj](../images/4_project_security1.png) - -## Vulnerability Resolution 여부 Identification 단계 반영 -Identification 단계 탭에서 vulnerability score 확인 시, Security 탭에서 vulnerability resolution 값을 'Fixed'로 변경한 CVE ID에 대해서는 제외된 Max score를 확인할 수 있습니다. -Identification 단계 탭에서 vulnerabilty icon 클릭 시, 해당 OSS name 및 version에 대한 전체 CVE ID 리스트 창에서 'Fixed'된 CVE ID는 아래와 같이 비활성화 처리된 것을 확인할 수 있습니다. -![prj](../images/4_project_security2.png) - diff --git a/started/2_try/5_third-party.md b/started/2_try/5_third-party.md deleted file mode 100644 index 947ede13..00000000 --- a/started/2_try/5_third-party.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -sort: 6 -published: true ---- -# 3rd Party -```note -- 3rd Party로 부터 전달 받은 Software의 Open Source 정보를 등록하고 관리합니다. -- Status: Confirm인 3rd Party에 한하여 Project > Identification - 3rd Party 탭에서 Load할 수 있습니다. -``` - - -## 3rd Party Project -### 1. 3rd Party Project 생성하기 -1. 3rd Party List 우측 상단의 Add 버튼을 클릭합니다. -2. New_3rdParty 탭에서 3rd Party 정보를 입력하고 Save합니다. - ![new_tab](../images/3_3rd_new.png) - -### 2. Open Source 정보 등록 -3rd Party 상세 정보 탭 하단의 OSS Table에 OSS(Open Source Software)정보를 등록합니다. -하기 두 가지 방법으로 OSS 정보를 등록할 수 있습니다. -1. OSS Table의 좌측 상단 + 버튼을 클릭하여 Row를 추가하고 직접 OSS 정보를 기입합니다. -2. OSS Checklist 란에 OSS List가 쓰여진 Report를 첨부합니다. - - 첨부 가능한 OSS Checklist 양식은 OSS Checklist > Sample 링크를 클릭하면 다운로드할 수 있습니다. - -### 3. Review 요청 -1. OSS Table을 작성 후 Save합니다. -2. 우측 상단의 Request Review 버튼을 클릭하여 리뷰 요청합니다. - -## (Admin Only) 3rd Party Review -1. 3rd Party List에서 Status : Request인 3rd Party를 더블 클릭합니다. -2. 우측 상단의 Review Start를 클릭합니다. - - Status: Review로 변경됩니다. -3. OSS Table의 빨간색 Warning message에 대하여 검토합니다. - - OSS Table에 빨간색 Warning message가 있을 경우, Confirm이 불가합니다. - - 신규 OSS로 등록하기 위해서는 해당 Row를 더블 클릭하면 해당 Row의 정보로 기입된 신규 OSS 등록 팝업이 뜹니다. -4. 확인이 완료되면 Confirm 버튼을 클릭합니다. - - 사용자에게 다시 확인 요청할 경우 Reject 버튼을 클릭합니다. - - - diff --git a/started/2_try/6_self-check.md b/started/2_try/6_self-check.md deleted file mode 100644 index e98a921a..00000000 --- a/started/2_try/6_self-check.md +++ /dev/null @@ -1,77 +0,0 @@ ---- -sort: 7 -published: true ---- -# Self-Check -```note -Self-Check에서는 검토할 OSS에 대한 License, 보안 취약점 등의 정보를 리뷰 과정 없이 간편하게 확인할 수 있습니다. -``` - - -## Self-Check를 통해 확인할 수 있는 정보 - -Self-Check Project를 생성하고 검토할 OSS를 입력하면 아래 정보를 확인할 수 있습니다. -- OSS 상세 정보 : 등록된 Version, Version별 License, Copyright, Homepage, Download Location 등 -- License 상세 정보 : License의 종류, 의무사항, 제한사항, License 전문 등 -- User Guide : 해당 OSS 사용 시 주의사항 등 -- Vulnerability : NVD(National Vulnerability Database)에서 제공하는 보안 취약점 정보 - -## Self-Check을 통한 확인 절차 -Self-Check는 아래와 같은 절차를 통해 진행할 수 있습니다. - -### 1. Self-Check Project 생성 -1. Self-Check List 우측 상단의 Add 버튼을 클릭합니다. -2. 관련 정보를 입력하고 Save합니다. -3. Self-Check List에서 새로 생성한 Self-Check Project를 확인할 수 있고, List에서 더블클릭 시 상세 내용을 확인할 수 있습니다. - -### 2. OSS 정보 입력 -1. 개별 입력 - - +버튼을 클릭하여 행을 추가한 후 확인하고 싶은 OSS를 입력하고 Save합니다. -2. OSS 보고서를 이용한 일괄 추가 - 1. Upload Analysis Result란에 OSS 리스트가 기재된 FOSSLight Report를 업로드합니다. - - 업로드 가능한 FOSSLight Report 양식은 Export 버튼을 클릭하여 다운로드 받을 수 있습니다. - 2. OSS List가 작성된 Sheet를 선택하고 OK 클릭합니다. - ![select_sheet](../images/6_self_select_sheet.png) - 3. Save 버튼을 클릭합니다. - -### 3. OSS 및 License 정보 확인 -![oss_table](../images/6_self_oss_table.png) -#### Warning Messages -- Unconfirmed open source : FOSSLight Hub에 동일한 OSS Name이 등록되어 있지 않은 경우 표시됩니다. -- Unconfirmed version : FOSSLight Hub에 동일한 OSS Name은 있으나, 동일 Version이 등록되어 있지 않은 경우 표시됩니다. -- This field is required : License 정보가 기입되어있지 않을 경우에 표시됩니다. (Self-Check에서는 필수 항목이 아닙니다.) -- Non-included license : FOSSLight Hub에 동일 OSS Name, OSS Version이 등록되어 있으나, 기존 등록된 License와 다를 경우 표시됩니다. - -#### OSS 및 License 정보 -하기 Column의 아이콘을 클릭하면 등록된 OSS의 상세정보, License에 대한 상세정보, 그리고 해당 License에 대한 Guide가 제공됩니다. -단, 등록된 OSS라 할지라도 User Guide가 제공되지 않을 수 있습니다. -- OSS Detail : 등록된 OSS의 여러 Version, 각각의 License, Copyright 등 세부정보가 팝업창으로 제공됩니다. -- License Detail : 해당 OSS가 사용하는 License의 상세 정보와, License Text가 팝업창으로 제공됩니다. -- User Guide : 해당 License 사용 시 참고할 수 있는 정보들에 대한 링크가 제공됩니다. - -#### OSS 사용에 따른 의무/제한 사항 -❕ 상세 내용은 License List 에서 확인 가능합니다. -- Obligation > Notify 아이콘: Copyright나 License (혹은 둘 다)에 대한 고지의 의무가 있음을 의미합니다. -- Obligation > Source 아이콘: Source Code 공개 의무가 있음을 의미합니다. -- Restriction 아이콘 : 해당 OSS를 사용하는데 제약사항이 존재함을 의미합니다. -(예 : 수정 제한, 상업적 사용 제한 등) - -### 4. Vulnerability 정보 확인 -```note -- Vulnerability 열에서 확인 : NIST에서 제공하는 CVE DB에서 해당 OSS가 검색되면 Vulnerability 아이콘이 CVSS Score에 따라 색깔로 구분되어 표시됩니다. -- Export 파일 (.xlsx)로 확인 : 기술된 전체 OSS의 리스트와 취약점 정보가 포함된 엑셀 파일이 다운로드 됩니다. -- Vulnerability 관련 상세 정보는 [Vulnerability](7_vulnerability.md) 에서 확인 가능합니다. -``` -1. FOSSLight Hub UI에서 확인 -![self_pop](../images/6_self_pop.png) -Vulnerability 아이콘을 클릭하면 해당 OSS Name, OSS Version의 취약점 정보가 팝업창으로 제공됩니다. - -2. Export 파일로 확인 - - Self-Check Sheet - ![self_check_sheet](../images/6_self_sheet1.png) - 사용자가 입력한 OSS 리스트가 OSS 보고서 양식에 준하여 기술됩니다. - 이 탭의 정보는 추후 [Project](4_project.md)의 Identification에서 활용될 수 있습니다. - - Vulnerability Sheet - ![self_check_sheet2](../images/6_self_sheet2.png) - 취약점 정보가 발견된 OSS의 입력한 버전과 상위 버전의 정보들이 기술됩니다. - 이 때, Vulnerability Link를 클릭하면 해당 OSS Name, OSS Version의 CVE-ID를 확인 가능합니다. diff --git a/started/2_try/7_vulnerability.md b/started/2_try/7_vulnerability.md deleted file mode 100644 index 473da8cc..00000000 --- a/started/2_try/7_vulnerability.md +++ /dev/null @@ -1,53 +0,0 @@ ---- -sort: 8 -published: true ---- -# Vulnerability -```note -Open Source의 보안 취약점 존재 여부 및 관련 정보(CVE ID, CVSS Score)를 확인할 수 있습니다. -``` -## Vulnerability List -![VulList](../images/7_vul_list.png) -NVD(NATIONAL VULNERABILITY DATABASE)의 NVD Data Feeds에서 제공되는 Open Source의 버전별 최고 보안 취약점 정보를 확인 및 검색 할 수 있습니다. -1. 검색 조건을(OSS Name, OSS Version, CVE ID) 설정하여 검색할 수 있습니다. - - OSS Name과 OSS Version은 OSS List에 등록된 OSS와는 무관하며, NVD Data Feeds Product Name과 Version을 의미합니다. - - exact match 체크 후 검색시, OSS Name 란의 검색어와 완전 일치되는 결과만 조회합니다. - - CVE ID의 경우, 완전 일치되는 결과만 조회합니다. -2. 검색 결과 - - OSS Name 링크 클릭 시 : 해당 Row의 OSS Name, nickname의 해당 버전별 검색된 모든 CVE 결과가 팝업으로 보여집니다. - - OSS Name, nickname, version에 대하여 완전 일치 검색 결과. - - 단, version: -인 경우는 모든 버전 조회. - - Nickname 링크 클릭 시 : nickname으로만 조회되는 해당 버전의 모든 CVE 결과가 팝업으로 보여집니다. - - Nickname, version에 대한 완전 일치 검색 결과. - - 단, version: -인 경우는 모든 버전 조회. - - Max CVSS Score : OSS의 버전별 가장 높은 Critical Level이 표시 됩니다. - - Critical : CVSS Score 9.0 ~ 10.0 - - High : CVSS Score 7.0 ~ 8.9 - - Medium : CVSS Score 4.0 ~ 6.9 - - Low : CVSS Score 0.1 ~ 3.9 - -## Vulnerability 상세 정보 -### 상세 정보 팝업 -![VulPopUp](../images/7_vul_popup.png) -- [Project](4_project.md) > Identification 또는 [Self-Check](6_self-check.md) 화면에서 Vulnerability Icon을 클릭합니다. -- Vulnerability List에서 검색 후 OSS Name 또는 Nickname의 링크 클릭합니다. - -### Vulnerability 정보 Export -[Self-Check](6_self-check.md)에서 Export 버튼 클릭합니다. -![VulExport](../images/7_vul_export.png) -- OSS Name : OSS Table에 쓰여진 OSS Name -- Nick Name : OSS Table에 쓰여진 OSS의 nickname으로 Vulnerability가 조회된 경우, 매칭된 nickname이 표시됩니다. (매칭된 nickname이 없는 경우 -로 표시) -- OSS Version : Vulnerability 조회된 version - - OSS 버전이 공란인 경우, Vulnerability 에 존재하는 모든 버전에 대하여 정보를 출력합니다. - - OSS Version이 설정되어 있는 경우 해당 Version의 하위 버전은 CSV 에 포함되지 않습니다. (상위 버전은 모두 포함) -- Max Score : 해당 OSS, Version에 대한 Vulnerability Max Score -- Vulnerability Link : 해당 OSS Name, OSS Version으로 조회된 Vulnerability 목록을 확인할 수 있는 팝업 링크 - -## Vulnerability 정보 수집 및 알림 -### Vulnerability 정보 수집 -- Vulnerability 정보는 매일 [NVD Data Feed](https://nvd.nist.gov/vuln/data-feeds) 에서 다운로드되어 FOSSLight Hub에 저장됩니다. -- FOSSLight Hub의 Vulnerability Score는 기본적으로 CVSS v3 Base Score를 기준으로 표기하며, v3 Score가 없는 경우 CVSS v2 Base Score를 대신해서 표기합니다. - -### Vulnerability 정보 알림 -최초로 9.0 이상인 Vulnerability Score가 등록되거나, Vulnerability Score가 9.0 이상에서 9.0 미만으로 변경될 경우 알림 메일이 발송됩니다. -- Identification이 Confirm된 Project에서 위 조건을 만족하는 OSS가 BOM에 포함된 경우 Project의 Creator, Watcher, Reviewer에 Vulnerability Score 변경 내용이 발송됩니다. diff --git a/started/2_try/8_configuration.md b/started/2_try/8_configuration.md deleted file mode 100644 index d380b809..00000000 --- a/started/2_try/8_configuration.md +++ /dev/null @@ -1,29 +0,0 @@ ---- -sort: 9 -published: true ---- -# Configuration -```note -(Admin Only) FOSSLight Hub 운영을 위한 세팅 값을 변경합니다. -``` - -![config](../images/8-3_configuration.png) - -## Authentication using LDAP -FOSSLight Hub는 JNDI를 사용하여 Active Directory 등 LDAP을 사용할 수 있는 환경에서는 LDAP을 이용한 사용자 패스워드 인증 처리를 지원합니다. -- Provider Url: LDAP 서버 정보를 ldap://<AD_SERVER_IP>:<LDAP_PORT> 형식으로 설정합니다. (javax.naming.Context.PROVIDER_URL) - -## SMTP Setting - -- Mail Server: SMTP Host (예 smtp.gmail.com ) -- Email Address: 발송자 이메일 주소( 예 no-reply@fosslight.org ) -- Port: SMTP Port 번호 (예 25 또는 587) -- Encoding: Default UTF-8 (필요한 경우만 변경) -- Username: SMTP 사용자명 (일반적으로는 발송자 이메일 주소와 동일) -- Password: SMTP 사용자 패스워드 (패스워드는 암호화되어 저장되며, 공백인 경우 기존 패스워드를 변경하지 않습니다.) - -## Workspace Path Setting -- Root Path: 업/다운로드 파일 저장소의 최상위 work space 경로 - -## Notice Setting -- Notice Type: 발급 가능한 OSS 고지문 형식을 설정합니다. diff --git a/started/2_try/9_system.md b/started/2_try/9_system.md deleted file mode 100644 index 984ac235..00000000 --- a/started/2_try/9_system.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -sort: 10 -published: true ---- -# System -```note -(Admin Only) FOSSLight Hub 운영 Log를 확인하거나 운영 Data를 변경합니다. -``` - -## Code Management -![config](../images/9_system_code.png) -- 시스템 동작시 읽을 세팅 값을 설정합니다. - -## User Management -![config](../images/9_system_user.png) -등록된 계정 목록을 확인하고 정보를 수정합니다. -- Create 버튼: [Rest API](../../features/2_rest_api.md)에서 사용할 Token을 생성합니다. -- reset 버튼 : 비밀번호를 ID와 동일하게 초기화합니다. -- Use YN : 휴면 계정을 설정합니다. -- Admin : Admin 권한을 부여합니다. - -## History List -![config](../images/9_system_history.png) -DB의 Data 변경 사항을 확인합니다. - -## Notification -시스템 접속시 띄울 공지 팝업을 관리합니다. -### ![config](../images/9_system_noti_list.png) -등록되었던 공지 목록을 확인, 수정합니다. - -### ![config](../images/9_system_noti_add.png) -List 왼쪽 하단의 + 버튼을 클릭하여 공지를 추가합니다. -- Start Date : 공지 시작일 -- End Date : 공지 종료일 -- Publish : 체크된 경우, 공지 팝업을 띄웁니다. - -## Sent Mail List -![config](../images/9_system_mail.png) -메일 발송 내역을 확인합니다. - -## Vulnerability Log -![config](../images/9_system_vul.png) -Vulnerability Data 변경 사항을 확인합니다. - diff --git a/started/images/2_oss_detail.png b/started/images/2_oss_detail.png deleted file mode 100644 index c8414f1b..00000000 Binary files a/started/images/2_oss_detail.png and /dev/null differ diff --git a/started/images/2_oss_rename.png b/started/images/2_oss_rename.png deleted file mode 100644 index 412b8203..00000000 Binary files a/started/images/2_oss_rename.png and /dev/null differ diff --git a/started/images/2_oss_sync.png b/started/images/2_oss_sync.png deleted file mode 100644 index d1be8e63..00000000 Binary files a/started/images/2_oss_sync.png and /dev/null differ diff --git a/started/images/4_project_process.png b/started/images/4_project_process.png deleted file mode 100644 index 79c2e8ec..00000000 Binary files a/started/images/4_project_process.png and /dev/null differ diff --git a/started/images/6_self_oss_table.png b/started/images/6_self_oss_table.png deleted file mode 100644 index 5a72debe..00000000 Binary files a/started/images/6_self_oss_table.png and /dev/null differ diff --git a/started/images/6_self_pop.png b/started/images/6_self_pop.png deleted file mode 100644 index d4c3f8d8..00000000 Binary files a/started/images/6_self_pop.png and /dev/null differ diff --git a/started/images/6_self_select_sheet.png b/started/images/6_self_select_sheet.png deleted file mode 100644 index c6f6fbc7..00000000 Binary files a/started/images/6_self_select_sheet.png and /dev/null differ diff --git a/started/images/9_system_code.png b/started/images/9_system_code.png deleted file mode 100644 index 5ad2e04b..00000000 Binary files a/started/images/9_system_code.png and /dev/null differ diff --git a/started/images/9_system_history.png b/started/images/9_system_history.png deleted file mode 100644 index d7d69d50..00000000 Binary files a/started/images/9_system_history.png and /dev/null differ diff --git a/started/images/9_system_mail.png b/started/images/9_system_mail.png deleted file mode 100644 index 7904965e..00000000 Binary files a/started/images/9_system_mail.png and /dev/null differ diff --git a/started/images/9_system_noti_add.png b/started/images/9_system_noti_add.png deleted file mode 100644 index 5b691453..00000000 Binary files a/started/images/9_system_noti_add.png and /dev/null differ diff --git a/started/images/9_system_noti_list.png b/started/images/9_system_noti_list.png deleted file mode 100644 index 0b95a2ad..00000000 Binary files a/started/images/9_system_noti_list.png and /dev/null differ diff --git a/started/images/9_system_user.png b/started/images/9_system_user.png deleted file mode 100644 index d29c7d2c..00000000 Binary files a/started/images/9_system_user.png and /dev/null differ diff --git a/started/images/9_system_vul.png b/started/images/9_system_vul.png deleted file mode 100644 index 204b59b7..00000000 Binary files a/started/images/9_system_vul.png and /dev/null differ diff --git a/tips/1_common/1_oss_table/README.md b/tips/1_common/1_oss_table/README.md new file mode 100644 index 00000000..5def4f36 --- /dev/null +++ b/tips/1_common/1_oss_table/README.md @@ -0,0 +1,130 @@ +--- +sort: 1 +published: true +--- + +# OSS Table 활용법 + +## OSS Table Column 내용 +{: .left-bar-title } +- **Source Path** : 소스 경로 +- **OSS Name** : 사용한 OSS의 이름 +- **OSS Version** : 사용한 OSS의 버전 +- **License** : OSS의 License +- **Download Location** : OSS를 다운 받은 website 주소 +- **Homepage** : OSS의 대표 website 주소 +- **Copyright Text** : Copyright 문구 +- **Exclude** : Exclude : 배포하는 Project에 포함되지 않는 경우 체크 (ex- build script와 같이 build시에만 사용되고 제품에 탑재되지 않는 경우) +- **Vulnerability** : 해당 OSS의 CVSS Score +※ Open Source Software = OSS +



+ + +## OSS Table 상단 버튼 +{: .left-bar-title } + OSS Table 좌측 상단에는 4가지 버튼이 있습니다. + ![OSSTableEdit](../../images/common/oss_table_functions/oss_table_edit.png){: .styled-image} + +**Row 추가** + - 버튼을 클릭하여 입력할 Row를 추가합니다. + - 노란색으로 추가된 Row의 각 셀마다 정보를 기입합니다. + + +**Row 삭제** + - 버튼을 클릭하여 선택한 Row를 삭제합니다. + - 선택된 row가 없이 버튼을 클릭하는 경우, 전체가 삭제됩니다. + +**Bulk Edit** + - 버튼을 클릭하여 선택된 row에 전체에 대해 동일한 내용으로 업데이트할 수 있습니다. + - 수정을 원하는 항목을 체크박스에서 선택한 후, 수정하고자 하는 내용을 작성하고 Change를 눌러줍니다. + - 항목을 체크박스에서 선택한 후, Delete 버튼을 누르면 선택된 항목의 내용이 OSS Table에서 모두 삭제됩니다. + ![BulkEditDetail](../../images/common/oss_table_buttons/bulk_edit_detail.png){: .styled-image} + +**Export** +- 버튼을 클릭하여, OSS Table 내용을 선택한 형식으로 Export 합니다. + - SBOM Tab : FOSSLight Report 및 SBOM 표준의 여러 가지 형식으로 다운로드 가능합니다. + ![ExportListBOM](../../images/common/oss_table_buttons/export_popup_2.png){: .styled-image} + - SBOM 이외의 Tab : FOSSLight Report 다운로드 가능합니다. + ![ExportListOthers](../../images/common/oss_table_buttons/export_popup_1.png){: .styled-image}



+ +## OSS Table Cell 수정 +{: .left-bar-title } +OSS Table에서 수정하고자 하는 row를 더블 클릭 하면 입력 가능한 상태로 전환됩니다. +![OSSCellEditable](../../images/common/oss_table_functions/oss_cell_editable.png){: .styled-image} + +**License 수정 방법** +- **License 추가** + - 수정할 Row를 더블 클릭 후, License column 내 cell 안의 edit 박스에 License 기입 후 enter 또는 다른 cell을 클릭합니다. + - 복수 개의 License를 기입할 수 있습니다. + +- **License 삭제** + - 수정할 Row를 더블 클릭 후, License column 내 cell 안의 License 별 x 버튼 클릭하여 삭제합니다. + ![ExportListBOM](../../images/common/oss_table_buttons/license_delete.png){: .styled-image}



+ + +## OSS 정보 자동 완성 +{: .left-bar-title } +시스템에 등록되어 있는 Open Source의 경우, OSS Name과 OSS Version을 통해 저장된 정보를 자동으로 불러올 수 있습니다. +- OSS Name, OSS Version을 입력합니다. +- Version 입력 후, 자동 완성 여부를 묻는 팝업을 확인할 수 있습니다. 팝업에서 OK를 누르면 자동 완성이 됩니다. +![OSSTableAutoFill](../../images/common/oss_table_functions/oss_table_autofill.png){: .styled-image}



+ +## OSS Table Search +{: .left-bar-title } +OSS Table의 Header 아래에는 Search를 위한 Filter가 위치하고 있습니다. 이 Filter를 활용하여 Column 내 원하는 값을 검색할 수 있습니다. +![OSSTableSearch](../../images/common/oss_table_functions/oss_table_search.png) +- Filter는 다음과 같이 구성됩니다: + - 검색어 입력란(![ExportListBOM](../../images/common/oss_table_buttons/search_input.png)) + - 검색어 입력란 초기화 (![ExportListBOM](../../images/common/oss_table_buttons/search_reset.png)) + - 검색조건 (![ExportListBOM](../../images/common/oss_table_buttons/search_condition.png)) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
문자설명
~Contains
==equal
!not equal
^begin with
!^does not begin with
|end with
!@does not end with
!~does not contain




+ + +## OSS의 버전별 정보 조회 기능 +{: .left-bar-title } +검색하고 싶은 OSS의 ID를 클릭하면, 해당 OSS의 버전별 정보를 조회할 수 있습니다. + +![OSSTableSearch](../../images/common/oss_table_functions/oss_version_detail.png) +- Open Source 상세 정보 창
+ ![OSSTableSearch](../../images/common/oss_table_functions/oss_version_detail_popup.png) diff --git a/tips/1_common/2_pre_review/README.md b/tips/1_common/2_pre_review/README.md new file mode 100644 index 00000000..b2bae7d0 --- /dev/null +++ b/tips/1_common/2_pre_review/README.md @@ -0,0 +1,79 @@ +--- +sort: 2 +published: true +--- + +# Download location 정보로 Open Source 검토하기 (Pre-Review) +
+º Pre-Review 버튼을 사용하면 Download Location 기반으로, 시스템에 저장된 Open Source 정보 혹은 License 정보를 불러올 수 있습니다.
+º Project와 3rd Party의 Identification, Self-Check에서 사용할 수 있습니다.
+ +
+ +## OSS Name 확인 +{: .left-bar-title } +
+작성한 Download Location을 기준으로 OSS 이름을 제안하여 알려줍니다. +
+ +#### OSS Name 확인 방법 +{: .under-bar-title} +1. Pre-Review > Open Source 를 클릭합니다. +2. ‘Registered OSS Name (to be changed)'의 값으로 OSS Name 변경이 필요한 경우, 변경하고자 하는 Row를 선택합니다. +3. ‘Change OSS Name'을 클릭합니다. 변경된 Open Source 이름이 OSS Table에 반영됩니다. +
+ PreReview_oss +
+ +#### Pre-Review 테이블 세부 기능 +{: .under-bar-title} +- 작성한 Download location이 redirect 되는 경우, redirect URL 기준으로 추천된 OSS Name(Registered OSS Name)이 생성되고, + 하단에 redirect url 정보를 확인할 수 있습니다. +
+ PreReview direct url +
+- 접속할 수 없는 download location의 경우에는 'Registered OSS name(to be changed)'에 + Invalid download location. warning message가 함께 출력됩니다. +
+ PreReview direct url +
+- 추천된 OSS Name을 클릭하면 해당 OSS 상세 정보를 확인할 수 있습니다.

+- 회색 Row로 표시된 경우는 동일한 Download location으로 검색된 OSS 가 2개 이상인 경우입니다. + 이에 대하여 Registered OSS Name의 cell을 클릭하면 변경하고자 하는 OSS Name을 선택할 수 있습니다. +
+ PreReview multi recommand +
+- 'Change OSS Name', 'Change License'를 눌러 변경된 사항은 OSS Table에 바로 반영되고, + 'Comment'에 기록됩니다. 'Comment'를 통해 변경 history를 확인하실 수 있습니다. +



+ + +## License 확인 +{: .left-bar-title } +
+Download Location, OSS Name, OSS Version을 기반으로 검출된 License를 확인할 수 있습니다. +

+ +#### License 확인 방법 +{: .under-bar-title} +1. Pre-Review > License를 클릭합니다. +2. 'License (to be changed)'의 License로 변경하고 싶은 Row를 선택합니다. +3. 'Change License'를 클릭 합니다. 변경된 License가 OSS Table에 반영됩니다. +
+ PreReview License +




+ + +## (Admin Only) Open Source 정보 변경 하기 +{: .left-bar-title } +
+º 'Add Nickname- OSS name(now)' 와 'Add URL, Nickname based on URL' 버튼은 Admin에게만 보이는 버튼입니다.
+º 'Registered OSS name (to be changed)'에 적힌 오픈소스 정보를 수정할 수 있습니다. 단, 'Registered OSS name (to be changed)'이 DB에 등록되어 있는 경우에만 가능하고, 이미 저장되어 있는 정보에 대해서는 추가하지 않습니다. +

+ +#### Open Source에 Nickname 혹은 Nickname과 URL 추가하기 +{: .under-bar-title} +1. Pre-Review > Open Source 를 클릭합니다. +2. Open Source 정보를 수정하고자 하는 row를 선택합니다. 수정 되는 대상 Open Source 는 'Registered OSS Name (to be changed)' 컬럼에 적힌 Open Source 입니다. +3. 'Add Nickname - OSS name(now)' 을 클릭합니다. 'OSS name(now)'의 값이 선택한 Open Source의 Nickname으로 추가됩니다. Nick name과 URL을 동시에 추가하고 싶은 경우라면, 'Add URL, Nickname based on URL' 버튼을 클릭합니다. +pre_review_nickname diff --git a/tips/1_common/3_project_tab_bar/README.md b/tips/1_common/3_project_tab_bar/README.md new file mode 100644 index 00000000..879b9e50 --- /dev/null +++ b/tips/1_common/3_project_tab_bar/README.md @@ -0,0 +1,82 @@ +--- +sort: 3 +published: true +--- + +# 상세 화면의 공통 기능 +각 메뉴 상세 화면의 tab bar 오른쪽에 상세 화면을 제어할 수 있는 버튼이(CommonIcon) 제공되며, 메뉴별 특성에 따라 제공되는 버튼은 각각 다릅니다. +- **주요 메뉴** + - License (admin only) + - Open Source (admin only) + - Project Information + - Project Identification + - 3rd Party Information + - 3rd Party Identification + - Self-Check +


+ +## 정보 공유 (Share URL) +{: .left-bar-title } +- 정보 공유 버튼 : ShareIcon +- 기능 + - 현재 페이지의 정보를 공유할 수 있습니다. + - View 권한이 없을 때, Share URL을 이용하면 해당 항목의 개요를 확인할 수 있습니다. + - 로그인을 해야 share url로 공유받은 링크를 확인할 수 있습니다. + +- 공유 예시 + 1. Project > Project Information에서 Share 버튼을 클릭합니다. + ![ExampleShareURLBtn](../../images/common/information_view_button/ex_share_url_project_info.png){: .styled-image} + 2. 공유된 화면을 확인할 수 있습니다.(수정 권한이 없는 경우에는 View 화면으로 보임) + ![ExampleProjectInfoView](../../images/common/information_view_button/ex_share_url_project_info_view.png){: .styled-image} +


+ +## 복사 +{: .left-bar-title } +- 복사 버튼 : CopyIcon +- 기능 + - 현재 페이지를 복사합니다. + - 복사 버튼을 누르면, 기존 페이지의 내용이 복사된 채로 새탭이 생성됩니다. + - 원하는 세부 내용을 수정한 후 저장하면 복사한 내용이 저장됩니다. +- 복사 예시 + 1. Open Source 상세화면에서 Copy 버튼을 클릭합니다. + ![ExampleCopyOSS](../../images/common/information_view_button/ex_copy_oss.png){: .styled-image} + 2. Open Source 가 복사되면서 복사된 내용으로 채워진 copy_[Open_Source_id]_Opensource 탭을 확인할 수 있습니다. + ![ExampleCopyOSSPage](../../images/common/information_view_button/ex_copy_oss_page.png){: .styled-image} + 3. 수정하고자 하는 내용으로 업데이트한 후 저장 버튼을 클릭합니다. + +- **Note** + - [Project 복사 Tip](../../2_project/3_reuse_project/1_copy_project.md#프로젝트-재사용하기-프로젝트-복사) : Project는 복사 할 때, Process 단계에 맞춰 복사 할 수 있습니다. +


+ + +## 삭제 +{: .left-bar-title } +- 삭제 버튼 : DeleteIcon +- 기능 + - 현재 페이지를 삭제합니다. + - 수정 권한이 없거나, 삭제 할 수 없는 상태인 경우(ex. Project가 Complete 상태 일 때) 삭제 버튼이 보이지 않습니다. +


+ +## 저장 +{: .left-bar-title } +- 저장 버튼 : SaveIcon +- 기능 + - 현재 페이지의 내용을 저장합니다. + - 수정 권한이 없거나, 변경 불가능한 상태인 경우 저장 버튼이 보이지 않습니다. +


+ + +## Reset +{: .left-bar-title } +- 초기화 버튼 : ResetIcon +- 기능 + - 입력된 내용 및 업로드 된 파일이 초기화됩니다. + - 초기화 버튼은 분석 정보를 입력하는 화면에서만 보입니다. Project의 Identification, 3rd party SW, Self-Check 에서 확인할 수 있습니다. +


+ + +## 동기화 +{: .left-bar-title } +- 동기화 버튼 : SyncIcon +- 기능 + - Open source 화면에서만 제공되는 기능입니다. [Open source sync 방법](../../../menu/3_oss.md#oss-버전별-정보-일괄-변경-기능)을 참고하시기 바랍니다. \ No newline at end of file diff --git a/tips/1_common/4_comment/README.md b/tips/1_common/4_comment/README.md new file mode 100644 index 00000000..92634f75 --- /dev/null +++ b/tips/1_common/4_comment/README.md @@ -0,0 +1,43 @@ +--- +sort: 4 +published: true +--- + +# Comment +각 메뉴의 상세화면 우측에 리뷰어와 사용자간의 커뮤니케이션 및 히스토리 관리를 위한 Comment를 확인할 수 있습니다. +![CommentView](../../images/common/comment/comment_view.png){: .styled-image} +- **주요 메뉴** + - License + - Open Source + - Project + - 3rd Party +


+ +## Comment View +{: .left-bar-title } +- ![ShowHideComment](../../images/common/comment/show_hide_btn.png)는 토글 버튼으로, Comment 창을 표시하거나 숨길 수 있습니다. +


+ +## Comment 작성 +{: .left-bar-title } +1. Add 버튼 ![AddComment](../../images/common/comment/btn_add_comment.png)을 클릭합니다. +2. Comment 팝업창에 내용을 작성합니다. + - **Save & Send Comment** : 작성된 내용이 저장된 후, 리뷰어와 사용자(프로젝트 생성 및 수정 권한이 있는)의 메일로 전송됩니다. + - **Save draft** : 임시로 Comment가 저장됩니다. 다시 Add 버튼을 클릭하면, 이전 작성 내용이 남아 있는 Comment 창이 나타납니다. + EditPopup +


+ +## Comment 수정/삭제 +{: .left-bar-title } +- 이전에 작성한 Comment를 수정 및 삭제할 수 있습니다. + - Edit 버튼을 클릭하면, Comment를 수정할 수 있는 팝업이 나옵니다. 수정 후 'OK' 버튼을 클릭하면 저장됩니다. + - TrashCan 버튼을 클릭하면, Comment를 삭제할 수 있습니다. + ![BtnEditDelComment](../../images/common/comment/btn_edit_del_comment.png){: .styled-image} +


+ +## Comment Window 분리 +{: .left-bar-title } +- ![ShowCommentWindow](../../images/common/comment/show_comment_window.png) 버튼을 클릭하여 Comment를 별도의 창으로 분리하여 사용할 수 있습니다. 이 경우 **'+Add'** 버튼을 이용하여 Comment를 추가할 수 있습니다. + CommentWindowAdd + + diff --git a/tips/1_common/5_warning_message/README.md b/tips/1_common/5_warning_message/README.md new file mode 100644 index 00000000..0dcb54ef --- /dev/null +++ b/tips/1_common/5_warning_message/README.md @@ -0,0 +1,289 @@ +--- +sort: 5 +published: true +--- + +# OSS Table Warning Message +OSS Table에서 Warning Message를 통해 검토가 필요한 사항을 확인할 수 있습니다. +- **Warning message 색깔별 의미** + - 빨간색 : 리뷰 요청 또는 Confirm이 불가합니다. 검토 후 수정이 필요합니다. + - 파란색 : 리뷰 요청 또는 Confirm 가능하지만, 검토가 필요한 사항입니다. + - 회색 : 리뷰 요청이 가능한, 정보 전달을 위한 message입니다. + + +## Warning message에 따른 검토 사항 +{: .left-bar-title } + +### 공통 +{: .specific-title } + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ColumnWarning messageDescription검토 사항
OSS Name, LicenseRequired
  • 필수 입력 필드로, 내용 입력이 필요합니다.
-
Source PathFormat Warning
  • file format이 맞지 않습니다.
  • 파일 또는 파일의 경로가 올바르게 입력되었는지 확인합니다.
OSS NameNew open source
  • FOSSLight Hub에 등록되지 않은 신규 OSS입니다.
 +
    +
  • OSS List에서 비슷한 이름을 가진 OSS 중 동일한 것이 있을 경우, FOSSLight Hub에 등록된 OSS Name으로 변경합니다.
    • +
  • 동일한 OSS가 없을 경우, 수정할 필요 없습니다.이 경우 Download location, Homepage column을 필수로 기입하시기 바랍니다.
    • +
+
OSS NameDeactivated
  • FOSSLight Hub에에 등록되었으나 deactivate 처리된 Legacy OSS입니다.
 +
    +
  • 사용된 OSS의 Download location을 필수로 기입하시기 바랍니다.
    • +
+
OSS NameRequired OSS Name
  • OSS name의 입력이 필요합니다.
 +
    +
  • License에 source obligation이 있는 경우 구체적인 OSS 정보가 필요합니다. OSS 출처를 확인하여 OSS Name을 기입합니다.
    • +
+
OSS VersionNew version +
    +
  • FOSSLight Hub에 등록되지 않은 신규 version입니다.
    • +
+ 		+
    +
  • Download location에서 해당 Source Code 다운로드 가능한지 확인합니다.
    • +
  • + 다음과 같은 경우 version을 공란으로 표기합니다. +
      +
    • official하게 배포된 version이 아닌 경우 (ex- unspecified)
      • +
    • version이 별도로 관리되지 않는 OSS의 경우
      • +
    +
    • +
+
LicenseDeclared : [License of OSS]
  • OSS가 FOSSLight Hub에 다른 License로 등록되어 있거나 FOSSLight Hub에 등록된 해당 OSS의 License 중 Permissive가 아닌 License Type이 누락된 경우입니다.
 +
    +
  • 기입된 License가 포함되는 지 또는 미작성된 License가 포함되지 않는 지 확인합니다.
    • +
+
LicenseNew license
  • FOSSLight Hub에 등록되지 않은 신규 License입니다.
  • CLM을 통하여 사전에 License review 요청하기 바랍니다.
LicenseRecommended : [License of OSS]
  • 해당 OSS가 Dual License일 때, 자동완성시 입력되는 License 이외의 license가 입력된 경우입니다.
 +
    +
  • 더 permissive한 license를 선택하기 위해 Recommended 에 표시된 License로 변경하는 것으로 검토합니다.
    • +
+
LicenseDual : Put one license
  • Dual License임에도 모두 사용된 것으로 쓰여져 있습니다.
  • Dual License인 경우, 사용할 License를 하나만 선택해야 합니다.
LicensePut OSS name or one license
  • OSS Name 이 - 또는 공란이면서, 여러 License가 하나의 Row에 쓰여져 있습니다.
  • OSS Name 이 - 또는 공란인 경우, License별로 Row를 분리하여 작성하여주십시오.
HomepageThe address should be started with www or http:// or https://
  • Homepage 주소 format이 맞지 않습니다.
  • Homepage 주소를 재확인하여 www, http://, https://로 시작하는 주소로 작성합니다
OSS Version, LicenseFormat error
  • 줄바꿈 문자가 포함되어 있습니다.
 +
    +
  • 줄바꿈 문자가 포함되지 않아야합니다.
    • +
  • 여러 줄 작성이 필요한 경우, Row를 추가하여 작성하시기 바랍니다.
    • +
+
Download location, HomepageDifferent from DB
  • 입력한 URL이 FOSSLight Hub에 등록된 URL과 다릅니다.
 +
    +
  • FOSSLight Hub에 등록된 OSS와 동일한 OSS인지 검토하시기 바랍니다.
    • +
  • 다른 OSS인 경우, OSS Name을 FOSSLight Hub에에 등록된 것과 구분하여 작성하여 주시기 바랍니다.
    • +
+
+
+ + +### BIN, BIN(Android) Tab +{: .specific-title } + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ColumnWarning messageDescription검토 사항
Binary NameSame: [OSS Name] [OSS Version] / [License]OSS Name, License가 다른 경우Binary DB에 저장된 동일한 binary에 대한 OSS 정보를 표시합니다. +
    +
  • Binary DB에 저장된 동일한 binary에 대한 정보를 확인 후, 필요한 경우 기재한 OSS Name / Version, License 정보를 보완합니다.
    • +
+
Same : / [License]License 만 다른 경우
Same : [OSS Name] [OSS Version]OSS Name 만 다른 경우
Same : [OSS Name] [OSS Version]OSS Version 만 다르거나, License가 동일하고 License Type이 Proprietary 또는 Proprietary Free인 경우
Similar(TLSH distance) : [OSS Name] [OSS Version] / [License]OSS Name, License가 다른 경우Binary DB에 저장된 유사한 binary에 대한 OSS 정보가 표시됩니다. (괄호 안에는 TLSH distance 값이 표시됩니다.) +
    +
  • Binary DB에 저장된 유사한 binary에 대한 정보를 확인 후, 필요한 경우 기재한 OSS Name / Version, License 정보를 보완합니다.
    • +
+
Similar(TLSH distance) : / [License]License 만 다른 경우
Similar(TLSH distance) : [OSS Name] [OSS Version]OSS Name 만 다른 경우
Similar(TLSH distance) : [OSS Name] [OSS Version]OSS Version 만 다르거나, License가 동일하고 License Type이 Proprietary 또는 Proprietary Free인 경우
Modified(TLSH distance) : [OSS Name] [OSS Version] / [License]OSS Name, License가 다른 경우Binary DB에 동일한 이름이지만 유사도가 작은 (TLSH distance > 120) binary에 대하여 OSS 정보가 회색으로 표시됩니다. (괄호 안에는 TLSH distance 값이 표시됩니다.) +
    +
  • Binary DB에 동일한 유사도가 작은 binary에 대한 정보를 확인 후, 필요한 경우 기재한 OSS Name / Version, License 정보를 보완합니다.
    • +
+
Modified(TLSH distance) : / [License]License 만 다른 경우
Modified(TLSH distance) : [OSS Name] [OSS Version]OSS Name 또는 OSS Version 만 다른 경우
Matched동일하거나 유사한 Binary인 경우Binary DB의 Binary Name, OSS Name, OSS Version, License가 일치합니다.-
Modified(TLSH distance)동일한 이름이지만, 유사도가 작은 Binary인 경우
NewBinary DB에 동일한 이름의 Binary가 없습니다.- +
    +
  • Binary DB에 등록되지 않은 새로운 Binary임을 감안하여 OSS 정보 입력 시 주의합니다.
    • +
+
NoticeNOTICE should be "ok" in case OSS is used고지 의무가 있는 License임에도 NOTICE.html에 Binary Name column에 작성된 값이 포함되지 않은 경우입니다.- +
    +
  • 사용된 Binary Name과 해당 Binary의 License text가 NOTICE.html 파일에 추가될 수 있도록 합니다.
    • +
+
Found binary in NOTICE.html고지 의무가 없는 License임에도 NOTICE.html에 Binary Name column에 작성된 값이 포함된 경우입니다.- +
    +
  • Open Source License가 아닌 Other proprietary license와 같이 고지되지 않아도 되는 License가 NOTICE.html에 포함되지 않도록 합니다.
    • +
+
+
+ \ No newline at end of file diff --git a/tips/1_common/6_list/README.md b/tips/1_common/6_list/README.md new file mode 100644 index 00000000..85f3a4f1 --- /dev/null +++ b/tips/1_common/6_list/README.md @@ -0,0 +1,96 @@ +--- +sort: 6 +published: true +--- + +# 목록 화면 공통 기능 + + +## 프로젝트 검색 결과 Export +{: .left-bar-title } +- 리스트 왼쪽 상단의 Add 버튼을 클릭하면, 각 메뉴에서 현재 검색된 list를 엑셀 파일로 Export할 수 있습니다. +- 총 검색 결과 개수는 오른쪽 하단에서 확인할 수 있습니다. +- 검색 결과 5000개 이상은 Export 되지 않습니다. +- **주요 메뉴** + - Open Source + - License + - Project + - 3rd party + - Self-Check + +ListExport +


+ + +## Division, Edit Permission, Status 변경 +{: .left-bar-title } +- 메뉴 상단의 Change 버튼을 이용하여 선택된 List의 정보를 변경할 수 있습니다. +- 선택한 project의 Edit Permission이 있어야 변경이 가능합니다. +- **주요 메뉴** : Project, 3rd Party(Status 변경 없음) +ListChange + +### Division 변경 +{: .specific-title } +- 일괄적으로 project의 Division을 변경할 수 있습니다. +- **변경 방법** + 1. Division 변경이 필요한 project들을 선택 > Change 버튼 클릭 > Division을 클릭합니다. + 2. 변경할 Division을 선택한 후 OK 버튼을 클릭합니다. + ChangeDivisionPopup_1 + 3. OK 버튼을 클릭합니다. + ChangeDivisionPopup_2 + 만약 Edit Permission이 없는 project가 한 개라도 선택된 경우에는 권한이 없는 project ID를 팝업으로 알려주고, Division이 변경되지 않습니다. + ChangeDivisionPopup_3 + +### Edit Permission 변경 +{: .specific-title } +- 일괄적으로 project의 Edit Permission을 추가 또는 삭제할 수 있습니다. +- **변경 방법** + 1. Edit Permission을 추가 또는 삭제할 project들을 선택 > Change 버튼 클릭 > Edit Permission을 클릭합니다. + 2. Edit Permission으로 추가할 대상을 선택한 후 Add 버튼을 클릭합니다. + ChangeEditPermission + - **Select Division** : Division 별로 대상을 선택할 수 있습니다. + - **Input AD ID** : AD 계정을 입력하고, 도메인을 선택하여 대상을 선택할 수 있습니다. + 3. Add 버튼을 클릭한 후 OK 버튼을 클릭합니다. + 기존 Edit Permission 대상을 삭제하고 싶은 경우, 대상을 선택한 후 Add 버튼을 클릭합니다. + +### Status 변경 +{: .specific-title } +- project의 Status를 변경할 수 있습니다. + +- **변경 방법:** + 1. 목록에서 변경하고자 하는 project를 선택합니다. + 2. Change 버튼 클릭 > Status를 클릭합니다. + 3. 변경하고자 하는 Status를 선택하고, 사유를 입력한 뒤 OK를 클릭한다. + ChangeStatus + +- **변경 가능한 Status 종류** + - Status의 경우 사용자의 권한 별로 변경할 수 있는 Status 종류가 다릅니다. + - **일반 사용자** : project를 Drop, Restart Identification 상태로 변경할 수 있습니다. + - **Admin** : project를 Drop, Restart Identification, Complete 상태로 변경할 수 있습니다. +


+ +## Custom Columns +{: .left-bar-title } +- 각 메뉴의 List 화면에서 보이는 Column을 개인별로 설정하고 저장할 수 있습니다. +![ChangeDivisionInList](../../images/common/list_view_buttons/custom_columns.png){: .styled-image} + +- **해당 메뉴** + - License + - Open Source + - Project + - 3rd party + - Self-Check +
+ +- **Default Column 확인** + 각 메뉴별로 기본적으로 설정된 Column 값은 다음과 같습니다. + - **License** : License Name, Restriction, Notice, Source + - **Open Source** : ID, OSS Name, OSS Version, License Name, Notice, Source + - **Project** : ID, Project Name, Status, OSC Process, Download + - **3rd party** : ID, 3rd Party Name, Software Name(Version), Status + - **Self-Check** : ID, Project Name(Version) +
+ +- **Column 추가 및 삭제 방법** + - Grid 왼쪽 상단의 ![ChangeDivisionInList](../../images/common/list_view_buttons/custom_columns_button.png) 버튼 클릭 > 원하는 Column 선택 or 해제 > Save를 클릭합니다. + - 설정된 column은 저장되며, 다음 로그인 시에도 동일한 설정으로 List 화면을 사용할 수 있습니다. \ No newline at end of file diff --git a/tips/1_common/7_project_link/README.md b/tips/1_common/7_project_link/README.md new file mode 100644 index 00000000..d6bc0590 --- /dev/null +++ b/tips/1_common/7_project_link/README.md @@ -0,0 +1,26 @@ +--- +sort: 7 +published: true +--- + +# Project & 3rd Party Link +- Project와 3rd party로 연결되는 link를 추가할 수 있습니다. +- Link 클릭 시, 새 창에서 "Share URL" 링크로 연결됩니다. + +## Link 생성 방법 +{: .left-bar-title } + +- Text 패턴 + - **PRJ-ID** or **prj-ID** + - **3RD-ID** or **3rd-ID** +- Link가 동작하는 메뉴 + - Comment History + - Project, 3rd Party, Open Source(Admin Only), License(Admin Only) + ![CommentLink](../../images/common/project_link/comment_link.png){: .styled-image } + - Project > Project Information > Additional Information + ![AdditionalInfoLink](../../images/common/project_link/additional_info_link.png){: .styled-image } + - 3rd party > Description + ![DescriptionLink](../../images/common/project_link/description_link.png){: .styled-image } + - E-mail (Enterprise Only) + ![EmailLink](../../images/common/project_link/email_link.png){: .styled-image } + \ No newline at end of file diff --git a/tips/1_common/8_edit_permission/README.md b/tips/1_common/8_edit_permission/README.md new file mode 100644 index 00000000..9de2fe77 --- /dev/null +++ b/tips/1_common/8_edit_permission/README.md @@ -0,0 +1,21 @@ +--- +sort: 8 +published: true +--- + +# Edit 권한 요청 + +## 권한을 요청하는 User +{: .left-bar-title } +1. 권한이 필요한 Project나 3rd Party의 Project Information, 3rd Party Information 화면의 우측 상단의 "Request Permission" 버튼을 클릭합니다. +select +2. 만약, 권한 요청을 하였지만 필요가 없어진 경우 Creator/Editor의 승인 전에 "Cancel Request Permission" 버튼 클릭을 통해 취소할 수 있습니다. +select + +## Project/3rd Party의 Creator/Editor +{: .left-bar-title } +1. User가 권한을 요청한 경우, 권한 요청 메일이 발송됩니다. +select +2. 메일의 Approve/Reject를 클릭하거나, 해당 project 나 3rd party의 information에 진입시 아래와 같은 팝업이 뜨게 됩니다. +select +3. Approve를 클릭시 Edit 권한이 부여되고, Reject 클릭시 권한이 부여되지 않습니다. diff --git a/tips/1_common/9_update_notice/README.md b/tips/1_common/9_update_notice/README.md new file mode 100644 index 00000000..45147380 --- /dev/null +++ b/tips/1_common/9_update_notice/README.md @@ -0,0 +1,24 @@ +--- +sort: 9 +published: true +--- + +# 업데이트 알림 메일 + +## 메일 발송 대상 +{: .left-bar-title } +- 최근 6개월 동안 업데이트된 내역이 없는 Project, 3rd Party, Self-Check +- Project, 3rd Party는 Progress 상태인 경우에만 대상이 됩니다. + +## 메일 발송 시기 +{: .left-bar-title } +- 매월 1일 기준으로 발송됩니다. + +## 메일 내용 +{: .left-bar-title } +- Project +select +- 3rd Party +select +- Self-Check +select diff --git a/tips/1_common/README.md b/tips/1_common/README.md new file mode 100644 index 00000000..d7d8aead --- /dev/null +++ b/tips/1_common/README.md @@ -0,0 +1,12 @@ +--- +sort: 1 +published: true +--- + +# Tips: Common + +> **Info** +> +> 시스템 전반적으로 사용되는 기능에 대해 확인할 수 있습니다. + +{% include list.liquid all=true %} diff --git a/tips/2_project/1_status_bar/README.md b/tips/2_project/1_status_bar/README.md new file mode 100644 index 00000000..a7114382 --- /dev/null +++ b/tips/2_project/1_status_bar/README.md @@ -0,0 +1,53 @@ +--- +sort: 1 +published: true +--- + +# Project Status + +## Project Status 이동 +{: .left-bar-title } +- Project List에서 Project Name, OSC Process (Identification, Packaging, Distribution) 각 단계를 클릭하면 해당 단계의 tab으로 이동할 수 있습니다. + +- 각 단계의 상단 Status bar에서도 Project 상태를 확인할 수 있으며, 각 단계를 클릭하여 해당 단계의 tab으로 이동할 수 있습니다. + +


+ +## Self-Reject +{: .left-bar-title } +- Project Status가 인 상태에서 Identification과 Packaging 단계의 수정이 필요한 경우, 사용자는 Project Status를 변경할 수 있습니다. + 1. Identification(SBOM), Packaging 단계에서 우측 상단의 버튼을 클릭합니다. + + + 2. 변경이 필요한 사유를 입력하고, OK 버튼을 클릭합니다. 이때 Project Status는 상태로 변경됩니다. + +


+ +## Reopen +{: .left-bar-title } +- Project Status가 인 경우, Reopen으로 Project Status를 로 변경 요청할 수 있습니다. + 1. Project List에서 Project Name을 클릭하여 Project Information 탭으로 이동합니다. + + 2. Project Information tab 우측 상단의 버튼을 클릭합니다. + + 3. 변경이 필요한 사유를 입력하고, 재수행이 필요한 단계(Identification 또는 Packaging)를 선택한 후 OK를 클릭합니다. + +


+ +## Drop & Reopen +{: .left-bar-title } + +### Drop +{: .specific-title } +- 더 이상 Project의 OSC Process를 진행하지 않아도 되는 경우, Project를 중지할 수 있습니다. + 1. Project Information 탭 우측 상단의 버튼을 클릭합니다. Project Status가 인 경우에는 Drop 기능이 동작하지 않습니다. + + 2. Drop 사유를 입력하고 OK 버튼을 클릭합니다. + + + +### Reopen +{: .specific-title } +- Project Status가 Drop인데, 다시 OSC Process를 진행해야 하는 경우 Project를 Open 할 수 있습니다. + 1. Project Information 탭 우측 상단의 버튼을 클릭합니다. + diff --git a/tips/2_project/2_using_project_info/README.md b/tips/2_project/2_using_project_info/README.md new file mode 100644 index 00000000..dc239e19 --- /dev/null +++ b/tips/2_project/2_using_project_info/README.md @@ -0,0 +1,46 @@ +--- +sort: 2 +published: true +--- + +# Project 활용법 + +## SBOM Compare +{: .left-bar-title } +- 두 Project의 SBOM을 비교하는 기능으로, Project 간 add/change/delete 된 OSS 정보를 확인할 수 있습니다. +- **SBOM Compare 방법** + 1. Project 목록에서 비교할 Project 2개를 선택합니다. + 2. 'SBOM Compare' 버튼을 클릭합니다. + SBOMCompare + 3. SBOM 목록을 비교하는 탭에서 before, after 프로젝트 간 차이를 확인할 수 있습니다. + SBOMCompareReuslt +


+ +## Project 복사 +{: .left-bar-title } +- 기존 모델과 유사한 Software를 사용하는 파생 모델이 있을 경우, 이미 등록되어 있는 Project를 재사용할 수 있습니다. +- **Project 복사 방법** + 1. 복사하려는 Project의 이름을 클릭하여 'Project 상세정보' 탭을 엽니다. + ProjectCopy_1 + 2. 'Project 상세정보' 탭에서 'Copy' 버튼을 클릭하여 Project를 복사합니다. + ProjectCopy_2 + 3. 복사된 'Project 상세정보' 탭에서 Project 명과 버전을 작성하고 'Save' 버튼을 클릭합니다. + ProjectCopy_3 + Save 클릭 시 Identification이 Confirm된 project의 경우, 복사할 'Status'를 선택할 수 있습니다. + ProjectCopy_4 + - Identification Progress: 사용하는 Open Source가 변경되어 Identification 단계부터 진행이 필요한 경우 + - Identification Confirm: packaging 파일 변경 또는 고지문 수정이 필요한 경우 + - Packaging Confirm: 기존 프로젝트와 변동 사항이 없는 경우 + 4. Project List에서 복사된 Project를 확인할 수 있습니다. +


+ + +## 특정 오픈소스가 포함된 project 검색 +{: .left-bar-title } +- Search 조건을 통해 특정 오픈소스가 포함된 Project를 검색할 수 있습니다. + 1. Search 창에서 'Advanced Search'를 클릭합니다. + 2. 오픈소스 정보를 'OSS Name'과 'OSS Version'에 입력합니다. + 3. 'Search' 버튼을 클릭합니다. + Search + 4. 2번에서 입력한 오픈소스를 포함한 project 목록을 확인할 수 있습니다. + diff --git a/tips/2_project/4_oss_notice/README.md b/tips/2_project/4_oss_notice/README.md new file mode 100644 index 00000000..9d528821 --- /dev/null +++ b/tips/2_project/4_oss_notice/README.md @@ -0,0 +1,61 @@ +--- +sort: 4 +published: true +--- + +# 오픈소스 고지문 종류와 다운로드 방법 + +## OSS 고지문이란? +{: .left-bar-title } +- OSS 고지문은 "사용된 Open Source와 각 License를 나열하고, Source code 수령방법 등에 대해 안내하며, +각 License의 원문 전체를 포함하는 문서" 입니다. +


+ +## OSS 고지문 다운로드 방법 +{: .left-bar-title } +- Packaging 단계가 confirm 되면 OSS 고지문을 다운로드 받을 수 있습니다. + - 단, Project의 Distribution type에 따라 OSS고지문이 발행되지 않을 수 있습니다. (ex. 사내이관, 선행개발 등) + +- **발행된 고지문을 다운받는 방법** + - 방법1. Project 목록의 Download column에서 아이콘(![FileCodeIcon](../../images/project/search/file-code-regular.png){: width="10px" height="12px"})을 클릭합니다. + ![DownloadColumnNotice](../../images/project/notice/download_column_notice.png){: width="700px" height="100px" .styled-image } + - 방법2. Share Url을 통해 Project Information을 확인하는 경우, Download에서 (![FileCodeIcon](../../images/project/search/file-code-regular.png){: width="10px" height="12px"})을 클릭합니다. + ![ShareUrlIconNotice](../../images/project/notice/shareurl_download_icon_notice.png){: width="400" height="500" .styled-image } + +


+ +## OSS 고지문 종류 +{: .left-bar-title } +- FOSSLight Hub에서 발급 가능한 OSS 고지문 종류입니다. + - HTML + - 일반적인 OSS 고지문 형식으로 사용한 OSS에 대하여 OSS Name, OSS Version, License, Copyright text, License text, Homepage를 출력합니다. + - Example: [OSS Notice HTML](../../oss_notice_format/OSSNotice-4022_Sample%20Project_2021_20211230211005.html) + - Text + - HTML 형식과 contents가 동일하나, 일반 text 파일 형식으로 출력하는 OSS 고지문입니다. + - Example: [OSS Notice Text](../../oss_notice_format/OSSNotice-4022_Sample%20Project_2021_20211230211007.txt) + - Simple HTML + - HTML 형식의 OSS Notice와 동일하나, License 원문 대신 License 원문을 확인할 수 있는 링크로 대체된 OSS 고지문입니다. + - Example: [OSS Notice Simple HTML](../../oss_notice_format/simple_OSSNotice-4022_Sample%20Project_2021_20211230211010.html) + - Simple Text + - Simple HTML과 동일하나 파일 형식이 text인 OSS 고지문입니다. + - Example: [OSS Notice Simple Text](../../oss_notice_format/simple_OSSNotice-4022_Sample%20Project_2021_20211230211012.txt) + - SPDX(fileformat) + - SPDX의 다양한 파일 형식으로 출력하는 OSS 고지문입니다. + - Example: + - [OSS Notice SPDX (SpreadSheet)](../../oss_notice_format/SPDXRdf-SampleProject-2021_20211230.xls) + - [OSS Notice SPDX (RDF)](../../oss_notice_format/SPDXRdf-SampleProject-2021_20211230.rdf) + - [OSS Notice SPDX (TAG)](../../oss_notice_format/SPDXRdf-SampleProject-2021_20211230.tag) + - [OSS Notice SPDX (JSON)](../../oss_notice_format/SPDXRdf-SampleProject-2021_20211230.json) + - [OSS Notice SPDX (YAML)](../../oss_notice_format/SPDXRdf-SampleProject-2021_20211230.yaml) + - CycloneDX(fileformat) + - CycloneDX의 다양한 파일 형식으로 출력하는 OSS 고지문입니다. + - Example: + - [OSS Notice CycloneDX (JSON)](../../oss_notice_format/CycloneDX-testproject.json) + - [OSS Notice CycloneDX (XML)](../../oss_notice_format/CycloneDX-testproject.xml) +


+ +## 다른 고지문 포맷으로 발급하는 방법 +{: .left-bar-title } +- 기본 형식인 HTML 형식 외, 다른 형식의 OSS 고지문 발행이 필요한 경우 Packaging단계의 Notice탭에서 선택하시기 바랍니다. + - Notice 탭에서 선택하는 법 + ![PackagingNoticeFormat](../../images/project/notice/packaging_notice_format.png){: .styled-image } \ No newline at end of file diff --git a/tips/2_project/5_distribution/README.md b/tips/2_project/5_distribution/README.md new file mode 100644 index 00000000..8d9ba41b --- /dev/null +++ b/tips/2_project/5_distribution/README.md @@ -0,0 +1,67 @@ +--- +sort: 5 +published: true +--- + +# [Enterprise Only] Distribution 정보 변경 +- Distribution은 Enterprise only 기능입니다. +- [LG 오픈소스 사이트](http://opensource.lge.com/)에 배포된 프로젝트의 정보 수정이 필요한 경우에 사용합니다. + +## Description 수정 +{: .left-bar-title } +1. Distribution 탭으로 이동합니다. +2. Description을 원하는 내용으로 수정 후 저장(![SaveIcon](../../images/common/information_view_button/floppy-disk-solid.png){: width="10px" height="15px"})버튼을 클릭합니다. + ![DescriptionEdit](../../images/project/distribution/dist_description.png){: width="600px" height="70px" .styled-image } +3. Distribution Information(To be Updated)화면에 업데이트 되는 정보를 확인한 후 "Distribute" 버튼을 클릭합니다. + ![DistDescriptionUpdate](../../images/project/distribution/dist_description_update.png){: .styled-image } +


+ +## OSS Package 수정 +{: .left-bar-title } +배포가 완료되었으나 minor 변경이 필요하여 Package 파일을 수정하고 싶은 경우 사용합니다. (ex. README 파일 보완) +1. Distribution 탭으로 이동합니다. +2. 수정하고자 하는 Package File 오른쪽의 'X'버튼을 클릭합니다. + ![DistPackagingDelete](../../images/project/distribution/dist_packaging_delete.png){: .styled-image } +3. Upload 버튼을 클릭하여 변경할 OSS Package 파일을 업로드하고, 'Updated'가 표시되면서 정상적으로 업로드된 것을 확인한 뒤, Start to Verify 버튼을 클릭합니다. + ![DistPackagingStartVerify](../../images/project/distribution/dist_packaging_start_verify.png){: .styled-image } +4. 정상적으로 verify 성공한 경우, 다음과 같이 Complete로 버튼이 변경되는 것을 확인합니다. + ![DistPackagingComplete](../../images/project/distribution/dist_packaging_complete.png){: .styled-image } + - Verify 실패한 경우 재시도 할 것인지 팝업이 나타납니다. + - 계속 실패한다면, 업로드한 파일이 기존 Packaging탭에서 작성한 Path 정보와 일치하는지 다시 확인합니다. +5. Distribution 탭의 저장(![SaveIcon](../../images/common/information_view_button/floppy-disk-solid.png){: width="10px" height="15px" })버튼을 클릭합니다. + Distribution Information(To be Updated)화면에 업데이트 되는 정보를 확인한 후 "Distribute" 버튼을 클릭합니다. + ![DistPackagingUpdateConfirm](../../images/project/distribution/dist_packaging_update.png){: width="600px" height="250px" .styled-image } + +


+ +## Model Information 수정 +{: .left-bar-title } +1. Distribution 탭으로 이동합니다. +2. Model Information에 추가/삭제 버튼을 이용하여 변경하고자 하는 모델 정보를 입력합니다. + ![DistModelInfo](../../images/project/distribution/dist_model_info.png){: width="600px" height="350px" .styled-image } +3. Distribution 탭의 저장(![SaveIcon](../../images/common/information_view_button/floppy-disk-solid.png){: width="10px" height="15px" })버튼을 클릭합니다. + Distribution Information(To be Updated)화면에 업데이트 되는 정보를 확인한 후 "Distribute" 버튼을 클릭합니다. + ![DistModelInfoUpdate](../../images/project/distribution/dist_model_info_update.png){: width="600px" height="300px" .styled-image } + +


+ +## OSS Notice 수정 +{: .left-bar-title } +Notice를 수정하기 위해서는 **Packaging 단계 재수행**이 필요합니다. +1. Project Information에서 "Reopen" 버튼을 클릭합니다. +2. Reopen 팝업에서 "Packaging"을 선택한 후, 신청 사유를 적고 OK를 누릅니다. + ![DistReopenProject](../../images/project/distribution/dist_info_reopen.png){: width="700px" height="300px" .styled-image } +3. Reviewer가 확인 후 Reopen을 승인하면, Packaging 탭에 들어가 변경하려는 정보로 notice를 수정한 후 리뷰요청합니다. +4. Packaging 단계가 완료되면, Distribution을 다시 진행합니다. + +


+ + +## Distribution 취소 +{: .left-bar-title } +Distribution을 취소하고 싶은 경우 다음과 같이 진행합니다. +1. Complete된 프로젝트의 Project Information에서 "Reopen" 버튼을 클릭합니다. +2. Reopen 팝업에서 "Distribution"을 선택한 후, Reject 사유를 적고 OK를 누릅니다. + ![DistReopenProject](../../images/project/distribution/dist_complete_prj_reopen.png){: width="700px" height="400px" .styled-image } +3. Reviewer가 확인 후 Reopen 합니다. Distribution 단계가 취소됩니다. + diff --git a/tips/2_project/6_review_report/README.md b/tips/2_project/6_review_report/README.md new file mode 100644 index 00000000..f1f2256a --- /dev/null +++ b/tips/2_project/6_review_report/README.md @@ -0,0 +1,69 @@ +--- +sort: 6 +published: true +--- + +# Review Report +
+Review Report는 오픈소스 컴플라이언스(Compliance) 검토 자료로 활용될 수 있으며, 제품 배포 전 OSS 구성 요소의 점검 및 보안 취약점에 대한 사전 대응 등 리스크 기반 관리를 보다 효율적으로 수행하는 데에 유용합니다.

+
+
+ +Review Report는 Project의 Identification Confirm시 BOM 내용을 바탕으로 발급됩니다. +- Review Report는 FOSSLight DB의 데이터를 기반으로 생성됩니다. 따라서 신뢰성 있는 리포트를 제공받기 위해서는 DB에 입력된 OSS 및 License 정보가 반드시 정확해야 합니다 + +## Review Report Details +{: .left-bar-title} +![StatusBarProgress](../../images/project/review_report/reiew_report.png){: .styled-image width="70%" } + +### Title +{: .specific-title } +- Project Name(Version) +- 해당 project share url 링크 + +### Report Summary +{: .specific-title } +- Project Name(Version), Date, Requestor, Reviewer 정보가 표기됩니다 + +### License Review +{: .specific-title } +- License Name, User Guide, Restriction 정보가 표기됩니다. + +### OSS Review (Important Notes) +{: .specific-title } +- OSS Name, Important Notes 정보가 표기됩니다. + +### OSS Review (Summary Description) +{: .specific-title } +- OSS Name, Summary Description 정보가 표기됩니다. + +### Vulnerability Review +{: .specific-title } +- OSS Name, OSS Version, Max Score, Vulnerability Link 정보가 표기됩니다. + +## Review Report 확인 +{: .left-bar-title} +### Project List +{: .specific-title } +- Projct List에서 다운로드 받을 수 있습니다. +![StatusBarProgress](../../images/project/review_report/review_report_list.png){: .styled-image width="70%" } + +### e-mail 발송 +{: .specific-title } +- Projct의 Identification confirm 시 발송되는 메일에 첨부 파일로 추가됩니다. + + +## Review Report 생성 조건 +{: .left-bar-title} +BOM 탭 기준으로, OSS Review(Summary Description), OSS Review (Important Notes), License Review 또는 Vulnerability Review 대상이 1건이라도 있는 경우 생성됩니다. + +- OSS Review (Summary Description) + - Summary Description이 있는 OSS +- OSS Review (Important Notes) + - Important Notes가 있는 OSS +- License Review + - Project의 **Distribution Type**이 Network service only가 아니고 Source Code 공개 범위가 있으며 User Guide가 있는 경우 + - Restriction이 있는 경우 +- Vulnerability Review + - Admin에 의해 설정된 Max Score 이상 항목 표기 + diff --git a/tips/2_project/README.md b/tips/2_project/README.md new file mode 100644 index 00000000..de4cd06d --- /dev/null +++ b/tips/2_project/README.md @@ -0,0 +1,12 @@ +--- +sort: 2 +published: true +--- + +# Tips: Project + +> **Info** +> +> Project 메뉴의 기능들에 대한 Tip 입니다. + +{% include list.liquid all=true %} diff --git a/tips/3_usecase/README.md b/tips/3_usecase/README.md new file mode 100644 index 00000000..fd75e5a2 --- /dev/null +++ b/tips/3_usecase/README.md @@ -0,0 +1,131 @@ +--- +sort: 3 +published: true +--- + +# Tips: Use Case +Use case 별 프로젝트 생성 방법을 확인할 수 있습니다. +

+ +## 파생 모델 프로젝트 +{: .left-bar-title } +기존 모델과 유사한 소프트웨어를 사용하는 파생 모델의 OSC Process는, +완료된 이전 모델의 [프로젝트를 복사](https://fosslight.org/hub-guide/tips/2_project/2_using_project_info/#project-%EB%B3%B5%EC%82%AC)하여 효율적으로 진행할 수 있습니다. + +### 베이스모델에 Open Source 일부 추가 +{: .specific-title } +- 프로젝트 복사 시 **Identification Progress**를 선택하면 베이스 모델 프로젝트의 Open Source 목록이 복사됩니다. 이후 추가된 Open Source는 Identification 탭에서 입력합니다. + +### OSS 사용 내역이 기존과 동일한 새로운 프로젝트 +{: .specific-title } +[SBOM Compare](https://fosslight.org/hub-guide/tips/2_project/2_using_project_info/#sbom-compare)를 활용하면 최종 OSS 목록 동일 여부를 확인할 수 있습니다.
+- **OSS 사용 내역과 공개 대상 소스코드가 동일한 경우** + - Packaging Confirm으로 프로젝트를 복사 후 Distribution을 수행하거나, 기존 프로젝트의 Distribution에서 Model을 추가합니다. +- **OSS 사용 내역은 동일하나, 공개 대상 소스코드가 다른 경우** + - OSS Package의 README 또는 Notice 파일 수정 등과 같이 변경 사항이 minor한 경우입니다. + - [프로젝트 복사](https://fosslight.org/hub-guide/tips/2_project/2_using_project_info/#project-%EB%B3%B5%EC%82%AC)할 때 **Identification Confirm** 단계를 선택한 후 변경된 OSS Package로 Packaging과 Distribution을 수행합니다. +


+ +## B2B 모델 프로젝트 +{: .left-bar-title } +- B2B 프로젝트는 Project > Project Information > Distribution Type을 **'B2B'**로 선택합니다. +- 고객사에서 요구하는 고지문 형태에 따라 Distribution Site를 다르게 선택해야 합니다.
+ ![DistributionType](../images/usecase/dist_type/distribution_type_site.png){: .styled-image } + +### 고객사 납품 시 자사명으로 제품이 배포되는 경우 +{: .specific-title } +고객사에 OSS Package 및 OSS 고지문 전달 후, 고객사 요청에 따라 해당 파일을 자사 LG Open Source 사이트에 게시하는 경우입니다. +- 프로젝트 생성 시 옵션 + - Distribution Type : B2B + - Distribution Site : opensource.lge.com +- OSC Process 수행 단계 + - 일반적인 프로젝트와 동일하게 Distribution 단계까지 진행하여 LG Open Source 사이트에 고지합니다. + + +### 고객사 납품 시 고객사명으로 제품이 배포되는 경우 +{: .specific-title } +고객사에 OSS Package 및 OSS 고지문 전달 후, 고객사 요청으로 LG Open Source 사이트에 해당 파일이 게시되지 않아야 하는 경우입니다. +- 프로젝트 생성 시 옵션 + - Distribution Type : B2B + - Distribution Site : N/A +- OSC Process 수행 단계 + - Distribution 단계는 진행하지 않고 Packaging 단계에서 OSC Process를 종료합니다. + - Packaging 단계(Notice)에서 수정되어야 할 내용 + ![B2BPackagingModify](../images/usecase/dist_type/b2b_packaging_modify.png){: .styled-image } + - Modified OSS Notice 발급 요청 선택 + - Company Name, OSS Distribution Site, Email(Written Offer) 선택 해제 ( LG전자 관련 내용 삭제 ) + +


+ +## 사내이관 / 선행개발 / 사내사용 프로젝트 +{: .left-bar-title } +사내이관 / 선행개발 / 사내사용의 경우, 배포 및 고지문 발급 없이 OSC Process가 종료됩니다. +- 프로젝트 생성 시 옵션 + - Distribution Type + ![DistTypeInCompany](../images/usecase/dist_type/distribution_type.png){: .styled-image } + - Transfer-in-house (사내이관): 타 부서에 오픈소스 목록 및 OSS Package를 전달해야 하는 경우 + - Preceding (선행개발) : 선행개발이지만 추후 프로젝트 배포 가능성이 있는 경우 + - In-house only (사내사용) : 사내에서만 사용하는 경우 + - OSS Notice + - Distribution Type이 해당 조건일 경우, OSS Notice가 N/A로 설정됩니다. 'OSS Notice'가 필요한 경우에는 OSS Notice 옵션을 직접 선택하시기 바랍니다. +- OSC Process 수행 단계 + - 소스코드 공개 의무가 있는 오픈소스 사용 시 + - **Packaging 단계**까지 진행합니다. + - 소스코드 공개 의무 없는 오픈소스 사용 시 + - **Identification 단계**까지 진행합니다. + +


+ +## Network 서비스로 배포되는 프로젝트 +{: .left-bar-title } +Network Service를 통해 외부 디바이스, 애플리케이션, 또는 사용자에게 기능이나 데이터를 제공하는 Software 개발을 의미합니다. +- 프로젝트 생성 시 옵션 + - Distribution Type : 현재 프로젝트의 배포 대상에 맞춰 선택합니다. + - Network service only? : Yes + ![NetworkService](../images/usecase/dist_type/network_service_yes.png){: .styled-image } +- OSC Process 수행 단계 + - **Network 상의 서비스 제공을 배포로 간주하는 License**의 오픈소스가 사용된 경우 : **Distribution 단계**까지 진행 + - **Network 상의 서비스 제공을 배포로 간주하는 License**의 오픈소스가 사용되지 않은 경우 : **Identification 단계**까지 진행 + + +- License 제약 사항 확인 방법 + - Identification > SBOM의 Restriction 컬럼 또는 License 메뉴에서 검색하여 Restriction(Network Triggered)을 확인할 수 있습니다. + **ex) AGPL-3.0:**
+ ![AGPL-3.0Example](../images/usecase/dist_type/network_restriction.png){: .styled-image } + +


+ +## 3rd party 단독 프로젝트 +{: .left-bar-title } +3rd party로부터 받은 소프트웨어로만 구성된 프로젝트의 경우, Project에서 3rd party 탭만 로드하여 OSC Process를 진행할 수 있습니다.
+1. 3rd Party Software 생성 및 리뷰 완료 (참고: [3rd Party Software 생성 가이드](../../menu/5_third-party.md)) +2. OSS 고지문 발급을 위한 프로젝트 생성 + - 리뷰 완료된 3rd Party Software에서 Create Project for OSS Notice 버튼을 클릭합니다. + ![3rdPartySWConfirm](../images/usecase/dist_type/3rdsw_only.png){: .styled-image } +3. 프로젝트 정보 입력 + - New Project 창에 현재 프로젝트에 해당하는 정보로 입력한 후 Save합니다. + - Additional Information에서 3rd party SW 정보를 가져왔다는 메시지를 확인할 수 있습니다. + ![3rdPartySWPrj](../images/usecase/dist_type/3rdsw_new_prj.png){: .styled-image } +4. 생성된 프로젝트 확인 + - 새로 생성된 프로젝트의 3rd party 탭을 확인합니다. + - 1단계에서 3rd Party Software가 로드된 상태임을 확인할 수 있습니다. + - Identification Confirm 상태로 프로젝트가 생성되니, 이후 Packaging 단계를 진행하시기 바랍니다. + ![3rdPartySWLoaded](../images/usecase/dist_type/3rdsw_prj_loaded.png){: .styled-image } + +


+ +## (Enterprise Only) Android & Yocto 플랫폼 프로젝트 +{: .left-bar-title } +플랫폼에서 자체적으로 고지문을 생성하는 경우, 플랫폼 고지문을 리뷰하기 위한 프로젝트를 생성해야 합니다. +- Fosslight Hub 지원 플랫폼 : Android, Yocto +- 프로젝트 생성 시 옵션 + - **Android 모델** + - Operating System : Android (platform version) 선택 + - OSS Notice : Platform-generated (Android) 선택 + ![AndroidModel](../images/usecase/dist_type/android_prj.png){: .styled-image } + - **Yocto 모델** + - Operating System : webOS (platform version) 선택 + - OSS Notice : Platform-generated (Yocto) 선택 + ![YoctoModel](../images/usecase/dist_type/yocto_prj.png){: .styled-image } + +


\ No newline at end of file diff --git a/tips/4_vul_info/README.md b/tips/4_vul_info/README.md new file mode 100644 index 00000000..9a8594cd --- /dev/null +++ b/tips/4_vul_info/README.md @@ -0,0 +1,49 @@ +--- +sort: 4 +published: true +--- + +# Tips: Vulnerability +Vulnerability 정보 수집, 알림, Score 표시 방법에 대한 내용입니다. +

+ +## Vulnerability 정보 수집 +{: .left-bar-title } +- Vulnerability 정보는 매일 [NVD Data Feed](https://nvd.nist.gov/vuln/data-feeds) 에서 다운로드되어 FOSSLight Hub에 저장됩니다. +- FOSSLight Hub의 Vulnerability Score는 기본적으로 CVSS v4.0 Base Score를 기준으로 표기합니다. 다음의 우선순위를 적용하여 수집합니다. + 1. CVSS v4.0 + 2. CVSS v3.1 + 3. CVSS v3.0 + 4. CVSS v2.0 +


+ +## Project Vulnerability 정보 알림 +{: .left-bar-title #project-vul-notice } +- Project의 Identification 단계가 Confirm된 상태에서 BOM에 포함된 OSS 중 CVSS Score 7.0 이상인 CVE ID가 발견되거나 OSS의 Max CVSS Score가 7.0 이상에서 7.0 미만으로 변경될 경우 Vulnerability Score 변경 알림 메일이 발송됩니다. + - 알림 메일 대상자 : Creator, Edit 권한이 있는 사용자, Reviewer + - 알림 메일을 더 이상 받고 싶지 않은 경우, [Project Information에서 Security Mail (Vulnerability) 항목을 Disable로 변경](#security-mail)할 수 있습니다. +


+ +## Vulnerability Score 표시 방법 +{: .left-bar-title } +- Project, 3rd Party, Self-Check에서 사용자가 입력한 OSS Name/Nick name, Version이 동일한 Vulnerability가 존재하는 경우, 해당 OSS의 Max Score를 표시합니다. + - 사용자가 입력한 OSS Version의 Vulnerability가 존재하는 경우, Vulnerability의 Max Score를 표시합니다. + - 사용자가 입력한 OSS Version의 Vulnerability가 존재하지 않는 경우에는, 값이 존재하지 않으므로 표시하지 않습니다. + - 사용자가 OSS Version을 공란으로 입력한 경우, 해당 OSS의 모든 Version 중 Max Score를 표시합니다. + - OSS Name이 '-'인 경우, Vulnerability를 표시하지 않습니다. +


+ +## Security Mail(Vulnerability) +{: .left-bar-title #security-mail } +[Project Vulnerability 정보 알림](#project-vul-notice) 메일 수신을 Enable / Disable 할 수 있습니다. + +### Security Mail(Vulnerability) 설정 +{: .specific-title} +- Project Information > Security Mail (Vulnerability)를 **Disable**로 설정하면 해당 Project의 Vulnerability 메일이 더 이상 발송되지 않습니다. +- Disable로 설정할 경우, 반드시 사유가 입력되어야 합니다. +![vul_mail_setting](../images/vulnerability/vul_mail_setting.png){: .styled-image} + +### Security Mail(Vulnerability) 설정 검색 +{: .specific-title} + - Project List에서 Security Mail(Vulnerability)의 Setting 값(Enable or Disable)으로 검색할 수 있습니다. +![vul_mail_search](../images/vulnerability/vul_mail_search.png){: .styled-image} diff --git a/tips/5_etc/1_user_settings.md b/tips/5_etc/1_user_settings.md new file mode 100644 index 00000000..53e7ff6c --- /dev/null +++ b/tips/5_etc/1_user_settings.md @@ -0,0 +1,18 @@ +--- +sort: 1 +published: true +--- + +# User Settings +로그인 후 개인 설정을 확인하고 변경할 수 있습니다. +
+![User Settings](../images/etc/token/1.user_settings.png) + +1. **User Info** + - User Name과 Division은 변경할 수 있으며, 설정된 Division은 Project 및 3rd Party 메뉴에서 프로젝트 생성 시 기본값으로 사용됩니다. + - Password : 왼쪽의 체크박스를 선택한 후, 새로운 비밀번호로 변경할 수 있습니다. + - Token : 발급받은 Token 정보를 확인할 수 있습니다. +2. **Default Language** + - 한국어와 영어 중에서 기본 언어를 선택할 수 있습니다. +3. **Default List** + - 로그인 시, 왼쪽 navigator 영역에 기본으로 표시될 메뉴를 선택할 수 있습니다. \ No newline at end of file diff --git a/tips/5_etc/README.md b/tips/5_etc/README.md new file mode 100644 index 00000000..cfd72df8 --- /dev/null +++ b/tips/5_etc/README.md @@ -0,0 +1,12 @@ +--- +sort: 5 +published: true +--- + +# Tips: Etc + +> **Info** +> +> FOSSLight Hub관련 기타 유용한 기능을 확인할 수 있습니다. + +{% include list.liquid all=true %} diff --git a/started/README.md b/tips/README.md similarity index 60% rename from started/README.md rename to tips/README.md index e5cfa8a0..d1dc876e 100644 --- a/started/README.md +++ b/tips/README.md @@ -1,7 +1,8 @@ --- -sort: 2 +sort: 5 published: true --- -# FOSSLight Hub Getting Started + +# FOSSLight Hub Tips {% include list.liquid all=true %} diff --git a/tips/images/common/comment/btn_add_comment.png b/tips/images/common/comment/btn_add_comment.png new file mode 100644 index 00000000..48b79094 Binary files /dev/null and b/tips/images/common/comment/btn_add_comment.png differ diff --git a/tips/images/common/comment/btn_edit_del_comment.png b/tips/images/common/comment/btn_edit_del_comment.png new file mode 100644 index 00000000..2d6d24b9 Binary files /dev/null and b/tips/images/common/comment/btn_edit_del_comment.png differ diff --git a/tips/images/common/comment/comment_edit_popup.png b/tips/images/common/comment/comment_edit_popup.png new file mode 100644 index 00000000..041e9130 Binary files /dev/null and b/tips/images/common/comment/comment_edit_popup.png differ diff --git a/tips/images/common/comment/comment_view.png b/tips/images/common/comment/comment_view.png new file mode 100644 index 00000000..e17bfebd Binary files /dev/null and b/tips/images/common/comment/comment_view.png differ diff --git a/tips/images/common/comment/comment_view_add.png b/tips/images/common/comment/comment_view_add.png new file mode 100644 index 00000000..cf26a0e6 Binary files /dev/null and b/tips/images/common/comment/comment_view_add.png differ diff --git a/tips/images/common/comment/comment_window_add.png b/tips/images/common/comment/comment_window_add.png new file mode 100644 index 00000000..5a58d6c4 Binary files /dev/null and b/tips/images/common/comment/comment_window_add.png differ diff --git a/tips/images/common/comment/hide_comment_view.png b/tips/images/common/comment/hide_comment_view.png new file mode 100644 index 00000000..ceb7b7c2 Binary files /dev/null and b/tips/images/common/comment/hide_comment_view.png differ diff --git a/tips/images/common/comment/show_comment_window.png b/tips/images/common/comment/show_comment_window.png new file mode 100644 index 00000000..6ef373e9 Binary files /dev/null and b/tips/images/common/comment/show_comment_window.png differ diff --git a/tips/images/common/comment/show_hide_btn.png b/tips/images/common/comment/show_hide_btn.png new file mode 100644 index 00000000..e8b99c0a Binary files /dev/null and b/tips/images/common/comment/show_hide_btn.png differ diff --git a/tips/images/common/edit_permission/cancel.png b/tips/images/common/edit_permission/cancel.png new file mode 100644 index 00000000..7ab52302 Binary files /dev/null and b/tips/images/common/edit_permission/cancel.png differ diff --git a/tips/images/common/edit_permission/request.png b/tips/images/common/edit_permission/request.png new file mode 100644 index 00000000..56af8803 Binary files /dev/null and b/tips/images/common/edit_permission/request.png differ diff --git a/tips/images/common/edit_permission/request_mail.png b/tips/images/common/edit_permission/request_mail.png new file mode 100644 index 00000000..b3e9e94d Binary files /dev/null and b/tips/images/common/edit_permission/request_mail.png differ diff --git a/tips/images/common/edit_permission/request_project_information.png b/tips/images/common/edit_permission/request_project_information.png new file mode 100644 index 00000000..c395942a Binary files /dev/null and b/tips/images/common/edit_permission/request_project_information.png differ diff --git a/tips/images/common/information_view/btn_project_identification.png b/tips/images/common/information_view/btn_project_identification.png new file mode 100644 index 00000000..e2e4fad5 Binary files /dev/null and b/tips/images/common/information_view/btn_project_identification.png differ diff --git a/tips/images/common/information_view/btn_project_information.png b/tips/images/common/information_view/btn_project_information.png new file mode 100644 index 00000000..be604715 Binary files /dev/null and b/tips/images/common/information_view/btn_project_information.png differ diff --git a/tips/images/common/information_view/btn_selfcheck.png b/tips/images/common/information_view/btn_selfcheck.png new file mode 100644 index 00000000..96d343ec Binary files /dev/null and b/tips/images/common/information_view/btn_selfcheck.png differ diff --git a/tips/images/common/information_view_button/common_icon.png b/tips/images/common/information_view_button/common_icon.png new file mode 100644 index 00000000..d8095f67 Binary files /dev/null and b/tips/images/common/information_view_button/common_icon.png differ diff --git a/tips/images/common/information_view_button/copy-regular.png b/tips/images/common/information_view_button/copy-regular.png new file mode 100644 index 00000000..9d96d219 Binary files /dev/null and b/tips/images/common/information_view_button/copy-regular.png differ diff --git a/tips/images/common/information_view_button/ex_copy_oss.png b/tips/images/common/information_view_button/ex_copy_oss.png new file mode 100644 index 00000000..388ac08e Binary files /dev/null and b/tips/images/common/information_view_button/ex_copy_oss.png differ diff --git a/tips/images/common/information_view_button/ex_copy_oss_page.png b/tips/images/common/information_view_button/ex_copy_oss_page.png new file mode 100644 index 00000000..7a6503ba Binary files /dev/null and b/tips/images/common/information_view_button/ex_copy_oss_page.png differ diff --git a/tips/images/common/information_view_button/ex_share_url_project_info.png b/tips/images/common/information_view_button/ex_share_url_project_info.png new file mode 100644 index 00000000..10757380 Binary files /dev/null and b/tips/images/common/information_view_button/ex_share_url_project_info.png differ diff --git a/tips/images/common/information_view_button/ex_share_url_project_info_view.png b/tips/images/common/information_view_button/ex_share_url_project_info_view.png new file mode 100644 index 00000000..33ede262 Binary files /dev/null and b/tips/images/common/information_view_button/ex_share_url_project_info_view.png differ diff --git a/tips/images/common/information_view_button/floppy-disk-solid.png b/tips/images/common/information_view_button/floppy-disk-solid.png new file mode 100644 index 00000000..a1b6df43 Binary files /dev/null and b/tips/images/common/information_view_button/floppy-disk-solid.png differ diff --git a/tips/images/common/information_view_button/rotate-left-solid.png b/tips/images/common/information_view_button/rotate-left-solid.png new file mode 100644 index 00000000..5d1b3b6b Binary files /dev/null and b/tips/images/common/information_view_button/rotate-left-solid.png differ diff --git a/tips/images/common/information_view_button/rotate-solid.png b/tips/images/common/information_view_button/rotate-solid.png new file mode 100644 index 00000000..78bf371a Binary files /dev/null and b/tips/images/common/information_view_button/rotate-solid.png differ diff --git a/tips/images/common/information_view_button/share-nodes-solid.png b/tips/images/common/information_view_button/share-nodes-solid.png new file mode 100644 index 00000000..ec5f8864 Binary files /dev/null and b/tips/images/common/information_view_button/share-nodes-solid.png differ diff --git a/tips/images/common/information_view_button/share_url_3rd_party.png b/tips/images/common/information_view_button/share_url_3rd_party.png new file mode 100644 index 00000000..02ed1aeb Binary files /dev/null and b/tips/images/common/information_view_button/share_url_3rd_party.png differ diff --git a/tips/images/common/information_view_button/share_url_project.png b/tips/images/common/information_view_button/share_url_project.png new file mode 100644 index 00000000..7ae5e93e Binary files /dev/null and b/tips/images/common/information_view_button/share_url_project.png differ diff --git a/tips/images/common/information_view_button/share_url_self_check.png b/tips/images/common/information_view_button/share_url_self_check.png new file mode 100644 index 00000000..57b0713b Binary files /dev/null and b/tips/images/common/information_view_button/share_url_self_check.png differ diff --git a/tips/images/common/list_view_buttons/change_division_popup_1.png b/tips/images/common/list_view_buttons/change_division_popup_1.png new file mode 100644 index 00000000..c799fc02 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_division_popup_1.png differ diff --git a/tips/images/common/list_view_buttons/change_division_popup_2.png b/tips/images/common/list_view_buttons/change_division_popup_2.png new file mode 100644 index 00000000..458f06d1 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_division_popup_2.png differ diff --git a/tips/images/common/list_view_buttons/change_division_popup_3.png b/tips/images/common/list_view_buttons/change_division_popup_3.png new file mode 100644 index 00000000..1ef62d45 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_division_popup_3.png differ diff --git a/tips/images/common/list_view_buttons/change_edit.png b/tips/images/common/list_view_buttons/change_edit.png new file mode 100644 index 00000000..39195c45 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_edit.png differ diff --git a/tips/images/common/list_view_buttons/change_edit_delete_icon.png b/tips/images/common/list_view_buttons/change_edit_delete_icon.png new file mode 100644 index 00000000..198e1606 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_edit_delete_icon.png differ diff --git a/tips/images/common/list_view_buttons/change_status.png b/tips/images/common/list_view_buttons/change_status.png new file mode 100644 index 00000000..462dcb15 Binary files /dev/null and b/tips/images/common/list_view_buttons/change_status.png differ diff --git a/tips/images/common/list_view_buttons/custom_columns.png b/tips/images/common/list_view_buttons/custom_columns.png new file mode 100644 index 00000000..4f2867fd Binary files /dev/null and b/tips/images/common/list_view_buttons/custom_columns.png differ diff --git a/tips/images/common/list_view_buttons/custom_columns_button.png b/tips/images/common/list_view_buttons/custom_columns_button.png new file mode 100644 index 00000000..4c3b9657 Binary files /dev/null and b/tips/images/common/list_view_buttons/custom_columns_button.png differ diff --git a/tips/images/common/list_view_buttons/list_changes.png b/tips/images/common/list_view_buttons/list_changes.png new file mode 100644 index 00000000..3d09ec1a Binary files /dev/null and b/tips/images/common/list_view_buttons/list_changes.png differ diff --git a/tips/images/common/list_view_buttons/list_export.png b/tips/images/common/list_view_buttons/list_export.png new file mode 100644 index 00000000..80fe7897 Binary files /dev/null and b/tips/images/common/list_view_buttons/list_export.png differ diff --git a/tips/images/common/list_view_buttons/list_export_icon.png b/tips/images/common/list_view_buttons/list_export_icon.png new file mode 100644 index 00000000..218b4ed0 Binary files /dev/null and b/tips/images/common/list_view_buttons/list_export_icon.png differ diff --git a/tips/images/common/list_view_buttons/status_edit_2_icon.png b/tips/images/common/list_view_buttons/status_edit_2_icon.png new file mode 100644 index 00000000..d2a1942e Binary files /dev/null and b/tips/images/common/list_view_buttons/status_edit_2_icon.png differ diff --git a/tips/images/common/list_view_buttons/status_edit_add_icon.png b/tips/images/common/list_view_buttons/status_edit_add_icon.png new file mode 100644 index 00000000..bf7d7c8d Binary files /dev/null and b/tips/images/common/list_view_buttons/status_edit_add_icon.png differ diff --git a/tips/images/common/oss_table_buttons/bulk_edit.png b/tips/images/common/oss_table_buttons/bulk_edit.png new file mode 100644 index 00000000..61904ae8 Binary files /dev/null and b/tips/images/common/oss_table_buttons/bulk_edit.png differ diff --git a/tips/images/common/oss_table_buttons/bulk_edit_detail.png b/tips/images/common/oss_table_buttons/bulk_edit_detail.png new file mode 100644 index 00000000..4bdfdc0e Binary files /dev/null and b/tips/images/common/oss_table_buttons/bulk_edit_detail.png differ diff --git a/tips/images/common/oss_table_buttons/download.png b/tips/images/common/oss_table_buttons/download.png new file mode 100644 index 00000000..5fc40ce7 Binary files /dev/null and b/tips/images/common/oss_table_buttons/download.png differ diff --git a/tips/images/common/oss_table_buttons/export_popup_1.png b/tips/images/common/oss_table_buttons/export_popup_1.png new file mode 100644 index 00000000..8f908ab3 Binary files /dev/null and b/tips/images/common/oss_table_buttons/export_popup_1.png differ diff --git a/tips/images/common/oss_table_buttons/export_popup_2.png b/tips/images/common/oss_table_buttons/export_popup_2.png new file mode 100644 index 00000000..e99b18fd Binary files /dev/null and b/tips/images/common/oss_table_buttons/export_popup_2.png differ diff --git a/tips/images/common/oss_table_buttons/image.png b/tips/images/common/oss_table_buttons/image.png new file mode 100644 index 00000000..ac3686f1 Binary files /dev/null and b/tips/images/common/oss_table_buttons/image.png differ diff --git a/tips/images/common/oss_table_buttons/license_delete.png b/tips/images/common/oss_table_buttons/license_delete.png new file mode 100644 index 00000000..ea05dd3c Binary files /dev/null and b/tips/images/common/oss_table_buttons/license_delete.png differ diff --git a/tips/images/common/oss_table_buttons/plus.png b/tips/images/common/oss_table_buttons/plus.png new file mode 100644 index 00000000..560dc3ee Binary files /dev/null and b/tips/images/common/oss_table_buttons/plus.png differ diff --git a/tips/images/common/oss_table_buttons/row_edit.png b/tips/images/common/oss_table_buttons/row_edit.png new file mode 100644 index 00000000..e079ee82 Binary files /dev/null and b/tips/images/common/oss_table_buttons/row_edit.png differ diff --git a/tips/images/common/oss_table_buttons/search_condition.png b/tips/images/common/oss_table_buttons/search_condition.png new file mode 100644 index 00000000..2301b576 Binary files /dev/null and b/tips/images/common/oss_table_buttons/search_condition.png differ diff --git a/tips/images/common/oss_table_buttons/search_input.png b/tips/images/common/oss_table_buttons/search_input.png new file mode 100644 index 00000000..45e8bd1c Binary files /dev/null and b/tips/images/common/oss_table_buttons/search_input.png differ diff --git a/tips/images/common/oss_table_buttons/search_reset.png b/tips/images/common/oss_table_buttons/search_reset.png new file mode 100644 index 00000000..96cf5b11 Binary files /dev/null and b/tips/images/common/oss_table_buttons/search_reset.png differ diff --git a/tips/images/common/oss_table_buttons/trash_can.png b/tips/images/common/oss_table_buttons/trash_can.png new file mode 100644 index 00000000..53fa1085 Binary files /dev/null and b/tips/images/common/oss_table_buttons/trash_can.png differ diff --git a/tips/images/common/oss_table_functions/oss_cell_editable.png b/tips/images/common/oss_table_functions/oss_cell_editable.png new file mode 100644 index 00000000..5103d341 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_cell_editable.png differ diff --git a/tips/images/common/oss_table_functions/oss_table_autofill.png b/tips/images/common/oss_table_functions/oss_table_autofill.png new file mode 100644 index 00000000..3a322f61 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_table_autofill.png differ diff --git a/tips/images/common/oss_table_functions/oss_table_edit.png b/tips/images/common/oss_table_functions/oss_table_edit.png new file mode 100644 index 00000000..e9c811a3 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_table_edit.png differ diff --git a/tips/images/common/oss_table_functions/oss_table_search.png b/tips/images/common/oss_table_functions/oss_table_search.png new file mode 100644 index 00000000..57949c21 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_table_search.png differ diff --git a/tips/images/common/oss_table_functions/oss_version_detail.png b/tips/images/common/oss_table_functions/oss_version_detail.png new file mode 100644 index 00000000..e5298bf6 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_version_detail.png differ diff --git a/tips/images/common/oss_table_functions/oss_version_detail_popup.png b/tips/images/common/oss_table_functions/oss_version_detail_popup.png new file mode 100644 index 00000000..8964c419 Binary files /dev/null and b/tips/images/common/oss_table_functions/oss_version_detail_popup.png differ diff --git a/tips/images/common/pre_review/pre_review.png b/tips/images/common/pre_review/pre_review.png new file mode 100644 index 00000000..59d3c8c0 Binary files /dev/null and b/tips/images/common/pre_review/pre_review.png differ diff --git a/tips/images/common/pre_review/pre_review_invalid_url.png b/tips/images/common/pre_review/pre_review_invalid_url.png new file mode 100644 index 00000000..b5a9b033 Binary files /dev/null and b/tips/images/common/pre_review/pre_review_invalid_url.png differ diff --git a/tips/images/common/pre_review/pre_review_license.png b/tips/images/common/pre_review/pre_review_license.png new file mode 100644 index 00000000..09921853 Binary files /dev/null and b/tips/images/common/pre_review/pre_review_license.png differ diff --git a/tips/images/common/pre_review/pre_review_multi_recommand.png b/tips/images/common/pre_review/pre_review_multi_recommand.png new file mode 100644 index 00000000..3d24c5e4 Binary files /dev/null and b/tips/images/common/pre_review/pre_review_multi_recommand.png differ diff --git a/tips/images/common/pre_review/pre_review_nickname.png b/tips/images/common/pre_review/pre_review_nickname.png new file mode 100644 index 00000000..553eef4b Binary files /dev/null and b/tips/images/common/pre_review/pre_review_nickname.png differ diff --git a/tips/images/common/pre_review/pre_review_opensource.png b/tips/images/common/pre_review/pre_review_opensource.png new file mode 100644 index 00000000..ab0229c3 Binary files /dev/null and b/tips/images/common/pre_review/pre_review_opensource.png differ diff --git a/tips/images/common/pre_review/pre_review_redirect_url.png b/tips/images/common/pre_review/pre_review_redirect_url.png new file mode 100644 index 00000000..4582fc21 Binary files /dev/null and b/tips/images/common/pre_review/pre_review_redirect_url.png differ diff --git a/tips/images/common/project_link/additional_info_link.png b/tips/images/common/project_link/additional_info_link.png new file mode 100644 index 00000000..e42be2ac Binary files /dev/null and b/tips/images/common/project_link/additional_info_link.png differ diff --git a/tips/images/common/project_link/comment_link.png b/tips/images/common/project_link/comment_link.png new file mode 100644 index 00000000..b588e512 Binary files /dev/null and b/tips/images/common/project_link/comment_link.png differ diff --git a/tips/images/common/project_link/description_link.png b/tips/images/common/project_link/description_link.png new file mode 100644 index 00000000..e918b201 Binary files /dev/null and b/tips/images/common/project_link/description_link.png differ diff --git a/tips/images/common/project_link/email_link.png b/tips/images/common/project_link/email_link.png new file mode 100644 index 00000000..1dc116ed Binary files /dev/null and b/tips/images/common/project_link/email_link.png differ diff --git a/tips/images/common/update_notice/3rd.png b/tips/images/common/update_notice/3rd.png new file mode 100644 index 00000000..81f949a8 Binary files /dev/null and b/tips/images/common/update_notice/3rd.png differ diff --git a/tips/images/common/update_notice/project.png b/tips/images/common/update_notice/project.png new file mode 100644 index 00000000..38c56212 Binary files /dev/null and b/tips/images/common/update_notice/project.png differ diff --git a/tips/images/common/update_notice/self-check.png b/tips/images/common/update_notice/self-check.png new file mode 100644 index 00000000..14f49c34 Binary files /dev/null and b/tips/images/common/update_notice/self-check.png differ diff --git a/tips/images/etc/token/1.user_settings.png b/tips/images/etc/token/1.user_settings.png new file mode 100644 index 00000000..a64b940e Binary files /dev/null and b/tips/images/etc/token/1.user_settings.png differ diff --git a/tips/images/project/bom_compare/bom_compare_how.png b/tips/images/project/bom_compare/bom_compare_how.png new file mode 100644 index 00000000..1380e21a Binary files /dev/null and b/tips/images/project/bom_compare/bom_compare_how.png differ diff --git a/tips/images/project/bom_compare/bom_compare_result.png b/tips/images/project/bom_compare/bom_compare_result.png new file mode 100644 index 00000000..29483a4e Binary files /dev/null and b/tips/images/project/bom_compare/bom_compare_result.png differ diff --git a/tips/images/project/copy_project/project_copy_status_popup.png b/tips/images/project/copy_project/project_copy_status_popup.png new file mode 100644 index 00000000..5ed411f9 Binary files /dev/null and b/tips/images/project/copy_project/project_copy_status_popup.png differ diff --git a/tips/images/project/distribution/dist_complete_prj_reopen.png b/tips/images/project/distribution/dist_complete_prj_reopen.png new file mode 100644 index 00000000..cb17763d Binary files /dev/null and b/tips/images/project/distribution/dist_complete_prj_reopen.png differ diff --git a/tips/images/project/distribution/dist_description.png b/tips/images/project/distribution/dist_description.png new file mode 100644 index 00000000..89f01748 Binary files /dev/null and b/tips/images/project/distribution/dist_description.png differ diff --git a/tips/images/project/distribution/dist_description_update.png b/tips/images/project/distribution/dist_description_update.png new file mode 100644 index 00000000..0f81f3fe Binary files /dev/null and b/tips/images/project/distribution/dist_description_update.png differ diff --git a/tips/images/project/distribution/dist_info_reopen.png b/tips/images/project/distribution/dist_info_reopen.png new file mode 100644 index 00000000..d43ee281 Binary files /dev/null and b/tips/images/project/distribution/dist_info_reopen.png differ diff --git a/tips/images/project/distribution/dist_model_info.png b/tips/images/project/distribution/dist_model_info.png new file mode 100644 index 00000000..53a3e3db Binary files /dev/null and b/tips/images/project/distribution/dist_model_info.png differ diff --git a/tips/images/project/distribution/dist_model_info_update.png b/tips/images/project/distribution/dist_model_info_update.png new file mode 100644 index 00000000..07b26807 Binary files /dev/null and b/tips/images/project/distribution/dist_model_info_update.png differ diff --git a/tips/images/project/distribution/dist_packaging_complete.png b/tips/images/project/distribution/dist_packaging_complete.png new file mode 100644 index 00000000..bbbe84cf Binary files /dev/null and b/tips/images/project/distribution/dist_packaging_complete.png differ diff --git a/tips/images/project/distribution/dist_packaging_delete.png b/tips/images/project/distribution/dist_packaging_delete.png new file mode 100644 index 00000000..877c6c7e Binary files /dev/null and b/tips/images/project/distribution/dist_packaging_delete.png differ diff --git a/tips/images/project/distribution/dist_packaging_start_verify.png b/tips/images/project/distribution/dist_packaging_start_verify.png new file mode 100644 index 00000000..332a39f0 Binary files /dev/null and b/tips/images/project/distribution/dist_packaging_start_verify.png differ diff --git a/tips/images/project/distribution/dist_packaging_update.png b/tips/images/project/distribution/dist_packaging_update.png new file mode 100644 index 00000000..66170f94 Binary files /dev/null and b/tips/images/project/distribution/dist_packaging_update.png differ diff --git a/tips/images/project/notice/download_column_notice.png b/tips/images/project/notice/download_column_notice.png new file mode 100644 index 00000000..ada1028a Binary files /dev/null and b/tips/images/project/notice/download_column_notice.png differ diff --git a/tips/images/project/notice/packaging_notice_format.png b/tips/images/project/notice/packaging_notice_format.png new file mode 100644 index 00000000..73370abd Binary files /dev/null and b/tips/images/project/notice/packaging_notice_format.png differ diff --git a/tips/images/project/notice/shareurl_download_icon_notice.png b/tips/images/project/notice/shareurl_download_icon_notice.png new file mode 100644 index 00000000..51a10b66 Binary files /dev/null and b/tips/images/project/notice/shareurl_download_icon_notice.png differ diff --git a/tips/images/project/project_copy/project_copy_1.png b/tips/images/project/project_copy/project_copy_1.png new file mode 100644 index 00000000..ca1c2073 Binary files /dev/null and b/tips/images/project/project_copy/project_copy_1.png differ diff --git a/tips/images/project/project_copy/project_copy_2.png b/tips/images/project/project_copy/project_copy_2.png new file mode 100644 index 00000000..b5a72d5c Binary files /dev/null and b/tips/images/project/project_copy/project_copy_2.png differ diff --git a/tips/images/project/project_copy/project_copy_3.png b/tips/images/project/project_copy/project_copy_3.png new file mode 100644 index 00000000..6ad7028e Binary files /dev/null and b/tips/images/project/project_copy/project_copy_3.png differ diff --git a/tips/images/project/project_copy/project_copy_4.png b/tips/images/project/project_copy/project_copy_4.png new file mode 100644 index 00000000..c77676a8 Binary files /dev/null and b/tips/images/project/project_copy/project_copy_4.png differ diff --git a/tips/images/project/review_report/reiew_report.png b/tips/images/project/review_report/reiew_report.png new file mode 100644 index 00000000..c03ba0a9 Binary files /dev/null and b/tips/images/project/review_report/reiew_report.png differ diff --git a/tips/images/project/review_report/review_report_list.png b/tips/images/project/review_report/review_report_list.png new file mode 100644 index 00000000..e42af176 Binary files /dev/null and b/tips/images/project/review_report/review_report_list.png differ diff --git a/tips/images/project/search/file-code-regular.png b/tips/images/project/search/file-code-regular.png new file mode 100644 index 00000000..998fcb61 Binary files /dev/null and b/tips/images/project/search/file-code-regular.png differ diff --git a/tips/images/project/search/file-code-regular.svg b/tips/images/project/search/file-code-regular.svg new file mode 100644 index 00000000..e42d7697 --- /dev/null +++ b/tips/images/project/search/file-code-regular.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/tips/images/project/search/search.png b/tips/images/project/search/search.png new file mode 100644 index 00000000..1b9a26c2 Binary files /dev/null and b/tips/images/project/search/search.png differ diff --git a/tips/images/project/status_bar/status_complete_icon.png b/tips/images/project/status_bar/status_complete_icon.png new file mode 100644 index 00000000..798ce650 Binary files /dev/null and b/tips/images/project/status_bar/status_complete_icon.png differ diff --git a/tips/images/project/status_bar/status_drop.png b/tips/images/project/status_bar/status_drop.png new file mode 100644 index 00000000..9131ca03 Binary files /dev/null and b/tips/images/project/status_bar/status_drop.png differ diff --git a/tips/images/project/status_bar/status_drop_icon.png b/tips/images/project/status_bar/status_drop_icon.png new file mode 100644 index 00000000..1a5af6c4 Binary files /dev/null and b/tips/images/project/status_bar/status_drop_icon.png differ diff --git a/tips/images/project/status_bar/status_drop_reason.png b/tips/images/project/status_bar/status_drop_reason.png new file mode 100644 index 00000000..31d1af82 Binary files /dev/null and b/tips/images/project/status_bar/status_drop_reason.png differ diff --git a/tips/images/project/status_bar/status_identification_reject.png b/tips/images/project/status_bar/status_identification_reject.png new file mode 100644 index 00000000..3b81d9c5 Binary files /dev/null and b/tips/images/project/status_bar/status_identification_reject.png differ diff --git a/tips/images/project/status_bar/status_packaging_reject.png b/tips/images/project/status_bar/status_packaging_reject.png new file mode 100644 index 00000000..ca45cd2c Binary files /dev/null and b/tips/images/project/status_bar/status_packaging_reject.png differ diff --git a/tips/images/project/status_bar/status_progress_icon.png b/tips/images/project/status_bar/status_progress_icon.png new file mode 100644 index 00000000..50ce44f6 Binary files /dev/null and b/tips/images/project/status_bar/status_progress_icon.png differ diff --git a/tips/images/project/status_bar/status_project.png b/tips/images/project/status_bar/status_project.png new file mode 100644 index 00000000..27454b21 Binary files /dev/null and b/tips/images/project/status_bar/status_project.png differ diff --git a/tips/images/project/status_bar/status_projectname.png b/tips/images/project/status_bar/status_projectname.png new file mode 100644 index 00000000..14e99c93 Binary files /dev/null and b/tips/images/project/status_bar/status_projectname.png differ diff --git a/tips/images/project/status_bar/status_reject_icon.png b/tips/images/project/status_bar/status_reject_icon.png new file mode 100644 index 00000000..db649cbe Binary files /dev/null and b/tips/images/project/status_bar/status_reject_icon.png differ diff --git a/tips/images/project/status_bar/status_reject_popup.png b/tips/images/project/status_bar/status_reject_popup.png new file mode 100644 index 00000000..6cd875a7 Binary files /dev/null and b/tips/images/project/status_bar/status_reject_popup.png differ diff --git a/tips/images/project/status_bar/status_reopen.png b/tips/images/project/status_bar/status_reopen.png new file mode 100644 index 00000000..e5aa4661 Binary files /dev/null and b/tips/images/project/status_bar/status_reopen.png differ diff --git a/tips/images/project/status_bar/status_reopen2.png b/tips/images/project/status_bar/status_reopen2.png new file mode 100644 index 00000000..ce8da851 Binary files /dev/null and b/tips/images/project/status_bar/status_reopen2.png differ diff --git a/tips/images/project/status_bar/status_reopen_icon.png b/tips/images/project/status_bar/status_reopen_icon.png new file mode 100644 index 00000000..59dd2707 Binary files /dev/null and b/tips/images/project/status_bar/status_reopen_icon.png differ diff --git a/tips/images/project/status_bar/status_reopen_icon2.png b/tips/images/project/status_bar/status_reopen_icon2.png new file mode 100644 index 00000000..9022b54c Binary files /dev/null and b/tips/images/project/status_bar/status_reopen_icon2.png differ diff --git a/tips/images/project/status_bar/status_reopen_popup.png b/tips/images/project/status_bar/status_reopen_popup.png new file mode 100644 index 00000000..cbc9a258 Binary files /dev/null and b/tips/images/project/status_bar/status_reopen_popup.png differ diff --git a/tips/images/project/status_bar/status_request_icon.png b/tips/images/project/status_bar/status_request_icon.png new file mode 100644 index 00000000..a6f72d24 Binary files /dev/null and b/tips/images/project/status_bar/status_request_icon.png differ diff --git a/tips/images/project/status_bar/status_review_icon.png b/tips/images/project/status_bar/status_review_icon.png new file mode 100644 index 00000000..52763e9d Binary files /dev/null and b/tips/images/project/status_bar/status_review_icon.png differ diff --git a/tips/images/project/status_bar/status_topbar.png b/tips/images/project/status_bar/status_topbar.png new file mode 100644 index 00000000..3fc418b8 Binary files /dev/null and b/tips/images/project/status_bar/status_topbar.png differ diff --git a/tips/images/usecase/dist_type/3rdsw_new_prj.png b/tips/images/usecase/dist_type/3rdsw_new_prj.png new file mode 100644 index 00000000..94e30e06 Binary files /dev/null and b/tips/images/usecase/dist_type/3rdsw_new_prj.png differ diff --git a/tips/images/usecase/dist_type/3rdsw_only.png b/tips/images/usecase/dist_type/3rdsw_only.png new file mode 100644 index 00000000..299a4d77 Binary files /dev/null and b/tips/images/usecase/dist_type/3rdsw_only.png differ diff --git a/tips/images/usecase/dist_type/3rdsw_prj_loaded.png b/tips/images/usecase/dist_type/3rdsw_prj_loaded.png new file mode 100644 index 00000000..ed9ee7b7 Binary files /dev/null and b/tips/images/usecase/dist_type/3rdsw_prj_loaded.png differ diff --git a/tips/images/usecase/dist_type/android_prj.png b/tips/images/usecase/dist_type/android_prj.png new file mode 100644 index 00000000..339071de Binary files /dev/null and b/tips/images/usecase/dist_type/android_prj.png differ diff --git a/tips/images/usecase/dist_type/b2b_dist_lgsite.png b/tips/images/usecase/dist_type/b2b_dist_lgsite.png new file mode 100644 index 00000000..843848ea Binary files /dev/null and b/tips/images/usecase/dist_type/b2b_dist_lgsite.png differ diff --git a/tips/images/usecase/dist_type/b2b_dist_na.png b/tips/images/usecase/dist_type/b2b_dist_na.png new file mode 100644 index 00000000..38db3428 Binary files /dev/null and b/tips/images/usecase/dist_type/b2b_dist_na.png differ diff --git a/tips/images/usecase/dist_type/b2b_packaging_modify.png b/tips/images/usecase/dist_type/b2b_packaging_modify.png new file mode 100644 index 00000000..33d4d26d Binary files /dev/null and b/tips/images/usecase/dist_type/b2b_packaging_modify.png differ diff --git a/tips/images/usecase/dist_type/distribution_site_1.png b/tips/images/usecase/dist_type/distribution_site_1.png new file mode 100644 index 00000000..39576d97 Binary files /dev/null and b/tips/images/usecase/dist_type/distribution_site_1.png differ diff --git a/tips/images/usecase/dist_type/distribution_site_2.png b/tips/images/usecase/dist_type/distribution_site_2.png new file mode 100644 index 00000000..280c3b28 Binary files /dev/null and b/tips/images/usecase/dist_type/distribution_site_2.png differ diff --git a/tips/images/usecase/dist_type/distribution_type.png b/tips/images/usecase/dist_type/distribution_type.png new file mode 100644 index 00000000..1fff092e Binary files /dev/null and b/tips/images/usecase/dist_type/distribution_type.png differ diff --git a/tips/images/usecase/dist_type/distribution_type_site.png b/tips/images/usecase/dist_type/distribution_type_site.png new file mode 100644 index 00000000..79402aac Binary files /dev/null and b/tips/images/usecase/dist_type/distribution_type_site.png differ diff --git a/tips/images/usecase/dist_type/network_restriction.png b/tips/images/usecase/dist_type/network_restriction.png new file mode 100644 index 00000000..263f884f Binary files /dev/null and b/tips/images/usecase/dist_type/network_restriction.png differ diff --git a/tips/images/usecase/dist_type/network_service_yes.png b/tips/images/usecase/dist_type/network_service_yes.png new file mode 100644 index 00000000..48435e95 Binary files /dev/null and b/tips/images/usecase/dist_type/network_service_yes.png differ diff --git a/tips/images/usecase/dist_type/transfer_preceding_inhouse.png b/tips/images/usecase/dist_type/transfer_preceding_inhouse.png new file mode 100644 index 00000000..e9706f35 Binary files /dev/null and b/tips/images/usecase/dist_type/transfer_preceding_inhouse.png differ diff --git a/tips/images/usecase/dist_type/yocto_prj.png b/tips/images/usecase/dist_type/yocto_prj.png new file mode 100644 index 00000000..325b17a1 Binary files /dev/null and b/tips/images/usecase/dist_type/yocto_prj.png differ diff --git a/tips/images/vulnerability/vul_mail_search.png b/tips/images/vulnerability/vul_mail_search.png new file mode 100644 index 00000000..89d133e5 Binary files /dev/null and b/tips/images/vulnerability/vul_mail_search.png differ diff --git a/tips/images/vulnerability/vul_mail_setting.png b/tips/images/vulnerability/vul_mail_setting.png new file mode 100644 index 00000000..f5b35472 Binary files /dev/null and b/tips/images/vulnerability/vul_mail_setting.png differ diff --git a/tips/oss_notice_format/CycloneDX-testproject.json b/tips/oss_notice_format/CycloneDX-testproject.json new file mode 100644 index 00000000..52cc385f --- /dev/null +++ b/tips/oss_notice_format/CycloneDX-testproject.json @@ -0,0 +1,597 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.4", + "version" : 1, + "metadata" : { + "timestamp" : "2023-10-12T01:23:01Z", + "tools" : [ + { + "vendor" : "LG Electronics", + "name" : "FOSSLIhgt Hub", + "version" : "1.6.1" + } + ], + "authors" : [ + { + "name" : "jiyeong.seok" + } + ], + "supplier" : { + "name" : "LG Electronics", + "url" : [ + "https://opensource.lge.com" + ] + } + }, + "components" : [ + { + "name" : "curl", + "version" : "", + "licenses" : [ + { + "license" : { + "id" : "curl" + } + } + ], + "copyright" : "Copyright (c) 1996 - 2008, Daniel Stenberg, .", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://github.com/curl/curl/releases" + } + ], + "type" : "library", + "bom-ref" : "50547058" + }, + { + "name" : "curl", + "version" : "7.21.7", + "licenses" : [ + { + "license" : { + "id" : "curl" + } + } + ], + "copyright" : "Copyright (c) 1998 - 2011, Daniel Stenberg, , et al.", + "externalReferences" : [ + { + "type" : "website", + "url" : "https://curl.haxx.se/download" + } + ], + "type" : "library", + "bom-ref" : "50547057" + }, + { + "name" : "npm:@kurkle/color", + "version" : "0.3.2", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2018-2021 Jukka Kurkela", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547059" + }, + { + "name" : "npm:anymatch", + "version" : "3.1.3", + "licenses" : [ + { + "license" : { + "id" : "ISC" + } + } + ], + "copyright" : "Copyright (c) 2019 Elan Shanker, Paul Miller (https://paulmillr.com)", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547060" + }, + { + "name" : "npm:binary-extensions", + "version" : "2.2.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2019 Sindre Sorhus (https://sindresorhus.com), Paul Miller (https://paulmillr.com)", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547061" + }, + { + "name" : "npm:braces", + "version" : "3.0.2", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-2018, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547062" + }, + { + "name" : "npm:chart.js", + "version" : "4.3.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-2022 Chart.js Contributors", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547063" + }, + { + "name" : "npm:chartist", + "version" : "0.11.4", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + }, + { + "license" : { + "id" : "WTFPL" + } + } + ], + "copyright" : "Copyright (c) 2013 Gion Kunz Copyright (c) 2004 Sam Hocevar ", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547064" + }, + { + "name" : "npm:chokidar", + "version" : "3.5.3", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2012-2019 Paul Miller (https://paulmillr.com), Elan Shanker", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547065" + }, + { + "name" : "npm:classnames", + "version" : "2.3.2", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2018 Jed Watson", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547066" + }, + { + "name" : "npm:fill-range", + "version" : "7.0.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-present, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547067" + }, + { + "name" : "npm:glob-parent", + "version" : "5.1.2", + "licenses" : [ + { + "license" : { + "id" : "ISC" + } + } + ], + "copyright" : "Copyright (c) 2015, 2019 Elan Shanker", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547068" + }, + { + "name" : "npm:immutable", + "version" : "4.3.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-present, Lee Byron and other contributors", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547069" + }, + { + "name" : "npm:is-binary-path", + "version" : "2.1.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) Sindre Sorhus (sindresorhus.com)", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547070" + }, + { + "name" : "npm:is-extglob", + "version" : "2.1.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-2015, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547071" + }, + { + "name" : "npm:is-glob", + "version" : "4.0.3", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-2017, Jon Schlinkert", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547072" + }, + { + "name" : "npm:is-number", + "version" : "7.0.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-present, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547073" + }, + { + "name" : "npm:js-tokens", + "version" : "4.0.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547074" + }, + { + "name" : "npm:loose-envify", + "version" : "1.4.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2015 Andres Suarez ", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547075" + }, + { + "name" : "npm:normalize-path", + "version" : "3.0.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014-2018, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547076" + }, + { + "name" : "npm:object-assign", + "version" : "4.1.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) Sindre Sorhus (sindresorhus.com)", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547077" + }, + { + "name" : "npm:picomatch", + "version" : "2.3.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2017-present, Jon Schlinkert", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547078" + }, + { + "name" : "npm:prop-types", + "version" : "15.8.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2013-present, Facebook, Inc.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547079" + }, + { + "name" : "npm:react-chartist", + "version" : "0.14.4", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2014 xvfeng", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547080" + }, + { + "name" : "npm:react-chartjs-2", + "version" : "5.2.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2017 Jeremy Ayerst Copyright 2020 Jeremy Ayerst", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547081" + }, + { + "name" : "npm:react-intersection-observer", + "version" : "9.5.2", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2023 React Intersection Observer", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547082" + }, + { + "name" : "npm:react-is", + "version" : "16.13.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) Facebook, Inc. and its affiliates. Copyright (c) bvaughn (https://github.com/bvaughn) Copyright (c) 2014-present Sebastian McKenzie and other contributors", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547083" + }, + { + "name" : "npm:readdirp", + "version" : "3.6.0", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2012-2019 Thorsten Lorenz, Paul Miller (https://paulmillr.com)", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547084" + }, + { + "name" : "npm:sass", + "version" : "1.63.6", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2016, Google Inc.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547085" + }, + { + "name" : "npm:source-map-js", + "version" : "1.0.2", + "licenses" : [ + { + "license" : { + "id" : "BSD-3-Clause" + } + } + ], + "copyright" : "Copyright (c) 2009-2011, Mozilla Foundation and contributors", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547086" + }, + { + "name" : "npm:to-regex-range", + "version" : "5.0.1", + "licenses" : [ + { + "license" : { + "id" : "MIT" + } + } + ], + "copyright" : "Copyright (c) 2015-present, Jon Schlinkert.", + "externalReferences" : [ ], + "type" : "library", + "bom-ref" : "50547087" + } + ], + "dependencies" : [ + { + "ref" : "50547063", + "dependsOn" : [ + "50547059" + ] + } + ], + "vulnerabilities" : [ + { + "bom-ref" : "50547057", + "id" : "CVE-2011-3389", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2011-3389" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2012-0036", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2012-0036" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2013-1944", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2013-1944" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2013-2174", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2013-2174" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2013-4545", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2013-4545" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2014-0015", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2014-0015" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2014-0138", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2014-0138" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2014-0139", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2014-0139" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2014-3613", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2014-3613" + } + }, + { + "bom-ref" : "50547057", + "id" : "CVE-2014-3620", + "source" : { + "name" : "NVD", + "url" : "https://nvd.nist.gov/vuln/detail/CVE-2014-3620" + } + } + ] +} \ No newline at end of file diff --git a/tips/oss_notice_format/CycloneDX-testproject.xml b/tips/oss_notice_format/CycloneDX-testproject.xml new file mode 100644 index 00000000..cd7bb351 --- /dev/null +++ b/tips/oss_notice_format/CycloneDX-testproject.xml @@ -0,0 +1,449 @@ + + + + 2023-10-12T01:23:01Z + + + LG Electronics + FOSSLIhgt Hub + 1.6.1 + + + + + jiyeong.seok + + + + LG Electronics + https://opensource.lge.com + + + + + curl + + + curl + + + Copyright (c) 1996 - 2008, Daniel Stenberg, <daniel@haxx.se>. + https://github.com/curl/curl/releases + + + curl + 7.21.7 + + + curl + + + Copyright (c) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + https://curl.haxx.se/download + + + npm:@kurkle/color + 0.3.2 + + + MIT + + + Copyright (c) 2018-2021 Jukka Kurkela + + + + npm:anymatch + 3.1.3 + + + ISC + + + Copyright (c) 2019 Elan Shanker, Paul Miller (https://paulmillr.com) + + + + npm:binary-extensions + 2.2.0 + + + MIT + + + Copyright (c) 2019 Sindre Sorhus <sindresorhus@gmail.com> (https://sindresorhus.com), Paul Miller (https://paulmillr.com) + + + + npm:braces + 3.0.2 + + + MIT + + + Copyright (c) 2014-2018, Jon Schlinkert. + + + + npm:chart.js + 4.3.0 + + + MIT + + + Copyright (c) 2014-2022 Chart.js Contributors + + + + npm:chartist + 0.11.4 + + + MIT + + + WTFPL + + + Copyright (c) 2013 Gion Kunz <gion.kunz@gmail.com> +Copyright (c) 2004 Sam Hocevar <sam@hocevar.net> + + + + npm:chokidar + 3.5.3 + + + MIT + + + Copyright (c) 2012-2019 Paul Miller (https://paulmillr.com), Elan Shanker + + + + npm:classnames + 2.3.2 + + + MIT + + + Copyright (c) 2018 Jed Watson + + + + npm:fill-range + 7.0.1 + + + MIT + + + Copyright (c) 2014-present, Jon Schlinkert. + + + + npm:glob-parent + 5.1.2 + + + ISC + + + Copyright (c) 2015, 2019 Elan Shanker + + + + npm:immutable + 4.3.0 + + + MIT + + + Copyright (c) 2014-present, Lee Byron and other contributors + + + + npm:is-binary-path + 2.1.0 + + + MIT + + + Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) + + + + npm:is-extglob + 2.1.1 + + + MIT + + + Copyright (c) 2014-2015, Jon Schlinkert. + + + + npm:is-glob + 4.0.3 + + + MIT + + + Copyright (c) 2014-2017, Jon Schlinkert + + + + npm:is-number + 7.0.0 + + + MIT + + + Copyright (c) 2014-present, Jon Schlinkert. + + + + npm:js-tokens + 4.0.0 + + + MIT + + + + + + npm:loose-envify + 1.4.0 + + + MIT + + + Copyright (c) 2015 Andres Suarez <zertosh@gmail.com> + + + + npm:normalize-path + 3.0.0 + + + MIT + + + Copyright (c) 2014-2018, Jon Schlinkert. + + + + npm:object-assign + 4.1.1 + + + MIT + + + Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com) + + + + npm:picomatch + 2.3.1 + + + MIT + + + Copyright (c) 2017-present, Jon Schlinkert + + + + npm:prop-types + 15.8.1 + + + MIT + + + Copyright (c) 2013-present, Facebook, Inc. + + + + npm:react-chartist + 0.14.4 + + + MIT + + + Copyright (c) 2014 xvfeng + + + + npm:react-chartjs-2 + 5.2.0 + + + MIT + + + Copyright (c) 2017 Jeremy Ayerst +Copyright 2020 Jeremy Ayerst + + + + npm:react-intersection-observer + 9.5.2 + + + MIT + + + Copyright (c) 2023 React Intersection Observer + + + + npm:react-is + 16.13.1 + + + MIT + + + Copyright (c) Facebook, Inc. and its affiliates. +Copyright (c) bvaughn (https://github.com/bvaughn) +Copyright (c) 2014-present Sebastian McKenzie and other contributors + + + + npm:readdirp + 3.6.0 + + + MIT + + + Copyright (c) 2012-2019 Thorsten Lorenz, Paul Miller (https://paulmillr.com) + + + + npm:sass + 1.63.6 + + + MIT + + + Copyright (c) 2016, Google Inc. + + + + + npm:source-map-js + 1.0.2 + + + BSD-3-Clause + + + Copyright (c) 2009-2011, Mozilla Foundation and contributors + + + + + npm:to-regex-range + 5.0.1 + + + MIT + + + Copyright (c) 2015-present, Jon Schlinkert. + + + + + + + + + + + CVE-2011-3389 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2011-3389 + + + + CVE-2012-0036 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2012-0036 + + + + CVE-2013-1944 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2013-1944 + + + + CVE-2013-2174 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2013-2174 + + + + CVE-2013-4545 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2013-4545 + + + + CVE-2014-0015 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2014-0015 + + + + CVE-2014-0138 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2014-0138 + + + + CVE-2014-0139 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2014-0139 + + + + CVE-2014-3613 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2014-3613 + + + + CVE-2014-3620 + + NVD + https://nvd.nist.gov/vuln/detail/CVE-2014-3620 + + + + diff --git a/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211005.html b/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211005.html new file mode 100644 index 00000000..2347be36 --- /dev/null +++ b/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211005.html @@ -0,0 +1,121 @@ + + + + + + + + +
+

+ Open Source Software Notice + OSSNotice-4022_Sample Project_2021_211230.html +

+

This product from LG Electronics, Inc. contains the open source software detailed below. Please refer to the indicated open source licenses (as are included following this notice) for the terms and conditions of their use.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Open source lists under Copyleft license.
Open SourceLicenseCopyright
+ base-files 3.0.14 +

GPL-2.0

+ 		Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project.
+ usbutils 007 +

GPL-2.0

+
+ avahi 0.6.31 +

LGPL-2.1

+ 		Copyright (c) 2003, 2004 Porchdog Software
Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+ apmd 3.2.2-14 +

GPL-2.0

+ 		Copyright (c) 1996, Rik E. Faith
Copyright (c) 1999, Avery Pennarun
+
+

+ The source code for the above may be obtained free of charge from LG Electronics, Inc. at https://opensource.lge.com. LG Electronics, Inc. will also provide open source code to you on CD-ROM for a charge covering the cost of performing such distribution (such as the cost of media, shipping, and handling) upon email request to opensource@lge.com. This offer is valid for a period of three years after our last shipment of this product. This offer is valid to anyone in receipt of this information. +
+

+ +
+

Please be informed that LG Electronics, Inc. product may contain open source software listed in the tables below.

+ + + + + + + + + + + + +
Open source lists under Pemissive License.
Open SourceLicenseCopyright
+ Toast 3.1.0 +

MIT +

Copyright (c) 2011-2015 Charles Scalesse.

+
+ + +

+ GPL-2.0

+
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

The precise terms and conditions for copying, distribution and modification follow.

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

How to Apply These Terms to Your New Programs

If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.

To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.

one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this when it starts in an interactive mode:

Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:

Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker.

signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice
+

+

+ LGPL-2.1

+
GNU LESSER GENERAL PUBLIC LICENSE

Version 2.1, February 1999

Copyright (C) 1991, 1999 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.]

Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.

When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.

For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.

In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.

The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

a) The modified work must itself be a software library.

b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License.

d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library.

In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.

This option is useful when you wish to copy part of the code of the Library into a program that is not a library.

4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.

If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy.

For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

How to Apply These Terms to Your New Libraries

If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License).

To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.

one line to give the library's name and an idea of what it does.
Copyright (C) year name of author

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail.

You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names:

Yoyodyne, Inc., hereby disclaims all copyright interest in
the library `Frob' (a library for tweaking knobs) written
by James Random Hacker.

signature of Ty Coon, 1 April 1990
Ty Coon, President of Vice
That's all there is to it!
+

+

+ MIT

+
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

+ + + +
+ + \ No newline at end of file diff --git a/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211007.txt b/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211007.txt new file mode 100644 index 00000000..c7c915c1 --- /dev/null +++ b/tips/oss_notice_format/OSSNotice-4022_Sample Project_2021_20211230211007.txt @@ -0,0 +1,350 @@ +### Open Source Software Notice ### + +This product from LG Electronics, Inc. contains the open source software detailed below. Please refer to the indicated open source licenses (as are included following this notice) for the terms and conditions of their use. + +base-files 3.0.14 (GPL-2.0) +Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project. + +usbutils 007 (GPL-2.0) + + +avahi 0.6.31 (LGPL-2.1) +Copyright (c) 2003, 2004 Porchdog Software +Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + +apmd 3.2.2-14 (GPL-2.0) +Copyright (c) 1996, Rik E. Faith +Copyright (c) 1999, Avery Pennarun + +The source code for the above may be obtained free of charge from LG Electronics, Inc. at https://opensource.lge.com.LG Electronics, Inc. will also provide open source code to you on CD-ROM for a charge covering the cost of performing such distribution (such as the cost of media, shipping, and handling) upon email request to opensource@lge.com. This offer is valid for a period of three years after our last shipment of this product. This offer is valid to anyone in receipt of this information. +Please be informed that LG Electronics, Inc. product may contain open source software listed in to tables below. + +Toast 3.1.0 (MIT) +Copyright (c) 2011-2015 Charles Scalesse. + + + +_________________________________________________________________________________________________________________________ + + +GPL-2.0 + + +GNU GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + +10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author + + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice + + +_________________________________________________________________________________________________________________________ + + +LGPL-2.1 + + +GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". + +A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + +The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + +"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + +(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + +Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + +This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + +If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + +However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + +When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + +If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + +Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + +You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + +For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. + +11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the library's name and an idea of what it does. + Copyright (C) year name of author + + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! + + +_________________________________________________________________________________________________________________________ + + +MIT + + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + + + +(OSSNotice-4022_Sample Project_2021_211230) \ No newline at end of file diff --git a/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.json b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.json new file mode 100644 index 00000000..a144538b --- /dev/null +++ b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.json @@ -0,0 +1,100 @@ +{ + "SPDXID" : "SPDXRef-DOCUMENT", + "spdxVersion" : "SPDX-2.2", + "creationInfo" : { + "created" : "2021-12-30T21:10:20Z", + "creators" : [ "Person: soim.kim (soim.kim@lge.com)", "Organization: LG Electronics (opensource@lge.com)", "Tool: SPDXTools-2.2.2" ], + "licenseListVersion" : "3.10" + }, + "name" : "Sample Project-2021", + "dataLicense" : "CC0-1.0", + "documentNamespace" : "http://osc.lge.comSPDXRef-SampleProject-2021-202112300910", + "documentDescribes" : [ "SPDXRef-Package-5536", "SPDXRef-Package-5702", "SPDXRef-Package-2924", "SPDXRef-Package-3836", "SPDXRef-Package-534" ], + "packages" : [ { + "SPDXID" : "SPDXRef-Package-534", + "copyrightText" : "NOASSERTION", + "downloadLocation" : "https://www.kernel.org/pub/linux/utils/usb/usbutils", + "filesAnalyzed" : false, + "homepage" : "http://www.linux-usb.org", + "licenseConcluded" : "GPL-2.0", + "licenseDeclared" : "GPL-2.0", + "licenseInfoFromFiles" : [ "GPL-2.0" ], + "name" : "usbutils", + "originator" : "Organization: \"\"", + "supplier" : "Person: \"\"", + "versionInfo" : "007" + }, { + "SPDXID" : "SPDXRef-Package-3836", + "copyrightText" : "Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project.", + "downloadLocation" : "https://layers.openembedded.org/layerindex/recipe/577", + "filesAnalyzed" : false, + "homepage" : "https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-core/base-files", + "licenseConcluded" : "GPL-2.0", + "licenseDeclared" : "GPL-2.0", + "licenseInfoFromFiles" : [ "GPL-2.0" ], + "name" : "base-files", + "originator" : "Organization: \"\"", + "supplier" : "Person: \"\"", + "versionInfo" : "3.0.14" + }, { + "SPDXID" : "SPDXRef-Package-5536", + "copyrightText" : "Copyright (c) 2011-2015 Charles Scalesse.", + "downloadLocation" : "https://github.com/scalessec/Toast/releases", + "filesAnalyzed" : false, + "homepage" : "https://github.com/scalessec/Toast", + "licenseConcluded" : "MIT", + "licenseDeclared" : "MIT", + "licenseInfoFromFiles" : [ "MIT" ], + "name" : "Toast", + "originator" : "Organization: \"\"", + "supplier" : "Person: \"\"", + "versionInfo" : "3.1.0" + }, { + "SPDXID" : "SPDXRef-Package-2924", + "copyrightText" : "Copyright (c) 2003, 2004 Porchdog Software\nCopyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.", + "downloadLocation" : "http://pkgs.fedoraproject.org/repo/pkgs/avahi/avahi-0.6.31.tar.gz", + "filesAnalyzed" : false, + "homepage" : "http://avahi.org", + "licenseConcluded" : "LGPL-2.1", + "licenseDeclared" : "LGPL-2.1", + "licenseInfoFromFiles" : [ "LGPL-2.1" ], + "name" : "avahi", + "originator" : "Organization: \"\"", + "supplier" : "Person: \"\"", + "versionInfo" : "0.6.31" + }, { + "SPDXID" : "SPDXRef-Package-5702", + "copyrightText" : "Copyright (c) 1996, Rik E. Faith\nCopyright (c) 1999, Avery Pennarun", + "downloadLocation" : "http://apenwarr.ca/apmd", + "filesAnalyzed" : false, + "homepage" : "http://apenwarr.ca/apmd", + "licenseConcluded" : "GPL-2.0", + "licenseDeclared" : "GPL-2.0", + "licenseInfoFromFiles" : [ "GPL-2.0" ], + "name" : "apmd", + "originator" : "Organization: \"\"", + "supplier" : "Person: \"\"", + "versionInfo" : "3.2.2-14" + } ], + "relationships" : [ { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package-5536", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package-5702", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package-2924", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package-3836", + "relationshipType" : "DESCRIBES" + }, { + "spdxElementId" : "SPDXRef-DOCUMENT", + "relatedSpdxElement" : "SPDXRef-Package-534", + "relationshipType" : "DESCRIBES" + } ] +} \ No newline at end of file diff --git a/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.rdf b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.rdf new file mode 100644 index 00000000..4c35b107 --- /dev/null +++ b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.rdf @@ -0,0 +1,2576 @@ + + + + + + + false + Organization: "" + https://github.com/scalessec/Toast/releases + + + MIT License + <<beginOptional>>MIT License + +<<endOptional>> <<var;name="copyright";original="Copyright (c) <year> <copyright holders> ";match=".{0,5000}">> + +Permission is hereby granted, free of charge, to any person obtaining a copy of <<var;name="software";original="this software and associated documentation files";match="this software and associated documentation files|this source file">> (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice<<beginOptional>> (including the next paragraph)<<endOptional>> shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL <<var;name="copyrightHolder";original="THE AUTHORS OR COPYRIGHT HOLDERS";match=".+">> BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + + true + https://opensource.org/licenses/MIT + + + 0 + 2021-11-14T17:21:53Z + https://opensource.org/licenses/MIT + false + false + true + true + + + true + false + MIT + MIT License + +Copyright (c) <year> <copyright holders> + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + + + <div class="optional-license-text"> + <p>MIT License</p> + + </div> + <div class="replacable-license-text"> + <p>Copyright (c) &lt;year&gt; &lt;copyright holders&gt; + </p> + + </div> + + <p>Permission is hereby granted, free of charge, to any person obtaining a copy of <var class="replacable-license-text"> this software and + associated documentation files</var> (the &quot;Software&quot;), to deal in the Software without restriction, + including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, + and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, + subject to the following conditions:</p> + + <p>The above copyright notice and this permission notice + <var class="optional-license-text"> (including the next paragraph)</var> + shall be included in all copies or substantial + portions of the Software.</p> + + <p>THE SOFTWARE IS PROVIDED &quot;AS IS&quot;, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + NO EVENT SHALL <var class="replacable-license-text"> THE AUTHORS OR COPYRIGHT HOLDERS</var> BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</p> + + + + + + + Copyright (c) 2011-2015 Charles Scalesse. + 3.1.0 + Toast + https://github.com/scalessec/Toast + Person: "" + + + + + + + + + + https://www.kernel.org/pub/linux/utils/usb/usbutils + usbutils + NOASSERTION + + + 3.0 + https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html + true + GPL-2.0 + true + GNU General Public License v2.0 only + GNU GENERAL PUBLIC LICENSE +Version 2, June 1991 + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + +1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + + c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + +4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + +6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + +7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + +10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the program's name and an idea of what it does. Copyright (C) yyyy name of author + + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice + + Copyright (C) yyyy name of author + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + + Copyright (C) <<var;name="copyright";original="yyyy name of author";match=".+">> + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<<beginOptional>>, <<endOptional>> USA. + + + + <div class="optional-license-text"> + <p> + GNU GENERAL PUBLIC LICENSE<br /> + + Version 2, June 1991 + </p> + + </div> + <p> + Copyright (C) 1989, 1991 Free Software Foundation, Inc.<var class="replacable-license-text"> </var><br /> + + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<var class="optional-license-text">, </var> + USA + </p> + + <p> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + </p> + + <p> + Preamble + </p> + + <p> + The licenses for most software are designed to take away your freedom + to share and change it. By contrast, the GNU General Public License is + intended to guarantee your freedom to share and change free software--to + make sure the software is free for all its users. This General Public + License applies to most of the Free Software Foundation&apos;s software + and to any other program whose authors commit to using it. (Some other + Free Software Foundation software is covered by the GNU Lesser General + Public License instead.) You can apply it to your programs, too. + </p> + + <p> + When we speak of free software, we are referring to freedom, not price. + Our General Public Licenses are designed to make sure that you have + the freedom to distribute copies of free software (and charge for + this service if you wish), that you receive source code or can get + it if you want it, that you can change the software or use pieces of + it in new free programs; and that you know you can do these things. + </p> + + <p> + To protect your rights, we need to make restrictions that forbid + anyone to deny you these rights or to ask you to surrender the + rights. These restrictions translate to certain responsibilities for + you if you distribute copies of the software, or if you modify it. + </p> + + <p> + For example, if you distribute copies of such a program, whether gratis + or for a fee, you must give the recipients all the rights that you + have. You must make sure that they, too, receive or can get the source + code. And you must show them these terms so they know their rights. + </p> + + <p> + We protect your rights with two steps: (1) copyright the + software, and (2) offer you this license which gives you legal + permission to copy, distribute and/or modify the software. + </p> + + <p> + Also, for each author&apos;s protection and ours, we want to make + certain that everyone understands that there is no warranty for + this free software. If the software is modified by someone else + and passed on, we want its recipients to know that what they + have is not the original, so that any problems introduced by + others will not reflect on the original authors&apos; reputations. + </p> + + <p> + Finally, any free program is threatened constantly by software patents. + We wish to avoid the danger that redistributors of a free program + will individually obtain patent licenses, in effect making the program + proprietary. To prevent this, we have made it clear that any patent + must be licensed for everyone&apos;s free use or not licensed at all. + </p> + + <p> + The precise terms and conditions for copying, + distribution and modification follow. + </p> + + <p> + <var class="replacable-license-text"> </var> + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + </p> + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> 0.</var> + This License applies to any program or other work which contains a + notice placed by the copyright holder saying it may be distributed + under the terms of this General Public License. The &quot;Program&quot;, below, + refers to any such program or work, and a &quot;work based on the Program&quot; + means either the Program or any derivative work under copyright law: + that is to say, a work containing the Program or a portion of it, + either verbatim or with modifications and/or translated into another + language. (Hereinafter, translation is included without limitation + in the term &quot;modification&quot;.) Each licensee is addressed as &quot;you&quot;. + <p> + Activities other than copying, distribution and modification are + not covered by this License; they are outside its scope. The act + of running the Program is not restricted, and the output from the + Program is covered only if its contents constitute a work based + on the Program (independent of having been made by running the + Program). Whether that is true depends on what the Program does. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 1.</var> + You may copy and distribute verbatim copies of the Program&apos;s source + code as you receive it, in any medium, provided that you conspicuously + and appropriately publish on each copy an appropriate copyright notice + and disclaimer of warranty; keep intact all the notices that refer to + this License and to the absence of any warranty; and give any other + recipients of the Program a copy of this License along with the Program. + <p> + You may charge a fee for the physical act of + transferring a copy, and you may at your option + offer warranty protection in exchange for a fee. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 2.</var> + You may modify your copy or copies of the Program or any portion + of it, thus forming a work based on the Program, and copy and + distribute such modifications or work under the terms of Section + 1 above, provided that you also meet all of these conditions: + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a)</var> + You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + </li> + +<li> + <var class="replacable-license-text"> b)</var> + You must cause any work that you distribute or publish, + that in whole or in part contains or is derived from the + Program or any part thereof, to be licensed as a whole at no + charge to all third parties under the terms of this License. + </li> + +<li> + <var class="replacable-license-text"> c)</var> + If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display + an announcement including an appropriate copyright notice and + a notice that there is no warranty (or else, saying that you + provide a warranty) and that users may redistribute the program + under these conditions, and telling the user how to view a copy + of this License. (Exception: if the Program itself is interactive + but does not normally print such an announcement, your work + based on the Program is not required to print an announcement.) + </li> + +</ul> + <p> + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the + Program, and can be reasonably considered independent and separate + works in themselves, then this License, and its terms, do not + apply to those sections when you distribute them as separate + works. But when you distribute the same sections as part of a + whole which is a work based on the Program, the distribution + of the whole must be on the terms of this License, whose + permissions for other licensees extend to the entire whole, + and thus to each and every part regardless of who wrote it. + </p> + + <p> + Thus, it is not the intent of this section to claim rights or + contest your rights to work written entirely by you; rather, + the intent is to exercise the right to control the distribution + of derivative or collective works based on the Program. + </p> + + <p> + In addition, mere aggregation of another work not based on + the Program with the Program (or with a work based on the + Program) on a volume of a storage or distribution medium does + not bring the other work under the scope of this License. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 3.</var> + You may copy and distribute the Program (or a work based on it, + under Section 2) in object code or executable form under the terms of + Sections 1 and 2 above provided that you also do one of the following: + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a)</var> + Accompany it with the complete corresponding machine-readable source + code, which must be distributed under the terms of Sections 1 and + 2 above on a medium customarily used for software interchange; or, + </li> + +<li> + <var class="replacable-license-text"> b)</var> + Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to + be distributed under the terms of Sections 1 and 2 above + on a medium customarily used for software interchange; or, + </li> + +<li> + <var class="replacable-license-text"> c)</var> + Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative + is allowed only for noncommercial distribution and only if + you received the program in object code or executable form + with such an offer, in accord with Subsection b above.) + </li> + +</ul> + <p> + The source code for a work means the preferred form of the work + for making modifications to it. For an executable work, complete + source code means all the source code for all modules it contains, + plus any associated interface definition files, plus the scripts + used to control compilation and installation of the executable. + However, as a special exception, the source code distributed + need not include anything that is normally distributed (in either + source or binary form) with the major components (compiler, + kernel, and so on) of the operating system on which the executable + runs, unless that component itself accompanies the executable. + </p> + + <p> + If distribution of executable or object code is made by offering + access to copy from a designated place, then offering equivalent + access to copy the source code from the same place counts as + distribution of the source code, even though third parties are + not compelled to copy the source along with the object code. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 4.</var> + You may not copy, modify, sublicense, or distribute the Program + except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense or distribute the Program + is void, and will automatically terminate your rights under + this License. However, parties who have received copies, or + rights, from you under this License will not have their licenses + terminated so long as such parties remain in full compliance. + </li> + +<li> + <var class="replacable-license-text"> 5.</var> + You are not required to accept this License, since you have + not signed it. However, nothing else grants you permission to + modify or distribute the Program or its derivative works. These + actions are prohibited by law if you do not accept this License. + Therefore, by modifying or distributing the Program (or any + work based on the Program), you indicate your acceptance of this + License to do so, and all its terms and conditions for copying, + distributing or modifying the Program or works based on it. + </li> + +<li> + <var class="replacable-license-text"> 6.</var> + Each time you redistribute the Program (or any work based on the + Program), the recipient automatically receives a license from the + original licensor to copy, distribute or modify the Program subject to + these terms and conditions. You may not impose any further restrictions + on the recipients&apos; exercise of the rights granted herein. You are not + responsible for enforcing compliance by third parties to this License. + </li> + +<li> + <var class="replacable-license-text"> 7.</var> + If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement + or otherwise) that contradict the conditions of this License, + they do not excuse you from the conditions of this License. If you + cannot distribute so as to satisfy simultaneously your obligations + under this License and any other pertinent obligations, then as a + consequence you may not distribute the Program at all. For example, + if a patent license would not permit royalty-free redistribution of + the Program by all those who receive copies directly or indirectly + through you, then the only way you could satisfy both it and this + License would be to refrain entirely from distribution of the Program. + <p> + If any portion of this section is held invalid or + unenforceable under any particular circumstance, the + balance of the section is intended to apply and the section + as a whole is intended to apply in other circumstances. + </p> + + <p> + It is not the purpose of this section to induce you to infringe + any patents or other property right claims or to contest + validity of any such claims; this section has the sole purpose + of protecting the integrity of the free software distribution + system, which is implemented by public license practices. Many + people have made generous contributions to the wide range of + software distributed through that system in reliance on consistent + application of that system; it is up to the author/donor to + decide if he or she is willing to distribute software through + any other system and a licensee cannot impose that choice. + </p> + + <p> + This section is intended to make thoroughly clear what is + believed to be a consequence of the rest of this License. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 8.</var> + If the distribution and/or use of the Program is restricted in + certain countries either by patents or by copyrighted interfaces, + the original copyright holder who places the Program under this + License may add an explicit geographical distribution limitation + excluding those countries, so that distribution is permitted only + in or among countries not thus excluded. In such case, this License + incorporates the limitation as if written in the body of this License. + </li> + +<li> + <var class="replacable-license-text"> 9.</var> + The Free Software Foundation may publish revised and/or new + versions of the General Public License from time to time. Such + new versions will be similar in spirit to the present version, + but may differ in detail to address new problems or concerns. + <p> + Each version is given a distinguishing version number. If the + Program specifies a version number of this License which applies + to it and &quot;any later version&quot;, you have the option of following + the terms and conditions either of that version or of any later + version published by the Free Software Foundation. If the Program + does not specify a version number of this License, you may choose + any version ever published by the Free Software Foundation. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 10.</var> + If you wish to incorporate parts of the Program into other free + programs whose distribution conditions are different, write to the + author to ask for permission. For software which is copyrighted by the + Free Software Foundation, write to the Free Software Foundation; we + sometimes make exceptions for this. Our decision will be guided by the + two goals of preserving the free status of all derivatives of our free + software and of promoting the sharing and reuse of software generally. + <p> + NO WARRANTY + </p> + + </li> + +<li> + <var class="replacable-license-text"> 11.</var> + BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT + WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER + PARTIES PROVIDE THE PROGRAM &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, + EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF + THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU + ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + </li> + +<li> + <var class="replacable-license-text"> 12.</var> + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR + DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM + (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED + INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF + THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER + OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + </li> + +</ul> + <div class="optional-license-text"> + <p> + END OF TERMS AND CONDITIONS + </p> + + <p> + How to Apply These Terms to Your New Programs + </p> + + <p> + If you develop a new program, and you want it to be + of the greatest possible use to the public, the best + way to achieve this is to make it free software which + everyone can redistribute and change under these terms. + </p> + + <p> + To do so, attach the following notices to the program. It is safest + to attach them to the start of each source file to most effectively + convey the exclusion of warranty; and each file should have at least + the &quot;copyright&quot; line and a pointer to where the full notice is found. + </p> + + <p> + <var class="optional-license-text">&lt;</var>one line to give the program&apos;s name and <var class="replacable-license-text"> an</var> idea of what it does.<var class="optional-license-text">&gt;</var> + <br /> + + Copyright (C) + <var class="optional-license-text"> &lt;</var><var class="replacable-license-text"> yyyy</var><var class="optional-license-text">&gt; </var> + <var class="optional-license-text"> &lt;</var>name of author<var class="optional-license-text">&gt;</var> + </p> + + <p> + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version + 2 of the License, or (at your option) any later version. + </p> + + <p> + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more details. + </p> + + <p> + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<var class="optional-license-text">, </var> + USA. + </p> + + <p> + Also add information on how to + contact you by electronic and paper mail. + </p> + + <p> + If the program is interactive, make it output a short + notice like this when it starts in an interactive mode: + </p> + + <p> + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details + type `show w&apos;. This is free software, and you are welcome to + redistribute it under certain conditions; type `show c&apos; for details. + </p> + + <p> + The hypothetical commands `show w&apos; and `show c&apos; should show the + appropriate parts of the General Public License. Of course, the commands + you use may be called something other than `show w&apos; and `show c&apos;; they + could even be mouse-clicks or menu items--whatever suits your program. + </p> + + <p> + You should also get your employer (if you work as a programmer) + or your school, if any, to sign a &quot;copyright disclaimer&quot; for + the program, if necessary. Here is a sample; alter the names: + </p> + + <p> + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision&apos; (which makes passes at compilers) written by James Hacker. + </p> + + <p> + <var class="optional-license-text">&lt;</var>signature of Ty Coon<var class="optional-license-text">&gt;</var>, + 1 April 1989 Ty Coon, President of Vice + </p> + + </div> + <div class="optional-license-text"> + <p> + This General Public License does not permit incorporating your program into + proprietary programs. If your program is a subroutine library, you may + consider it more useful to permit linking proprietary applications with the + library. If this is what you want to do, use the GNU Lesser General + Public License instead of this License. + </p> + + </div> + + + + 0 + 2021-11-14T17:31:36Z + https://www.gnu.org/licenses/old-licenses/gpl-2.0-standalone.html + true + false + true + true + + + + Copyright (C) <var class="replacable-license-text"> yyyy name of author</var> + <p> + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; version 2. + </p> + + <p> + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more details. + </p> + + <p> + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<var class="optional-license-text">, </var> + USA. + </p> + + + true + https://opensource.org/licenses/GPL-2.0 + <<beginOptional>>GNU GENERAL PUBLIC LICENSE + +Version 2, June 1991 + +<<endOptional>> + +Copyright (C) 1989, 1991 Free Software Foundation, Inc. <<var;name="incComma";original="";match=",|">> + +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<<beginOptional>>, <<endOptional>> USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. + +To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. + +For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. + +We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. + +Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. + +Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. + +The precise terms and conditions for copying, distribution and modification follow. + +<<var;name="termsTitle";original="";match="GNU GENERAL PUBLIC LICENSE|">> TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + <<var;name="bullet";original="0.";match=".{0,20}">> This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". + + Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. + + <<var;name="bullet";original="1.";match=".{0,20}">> You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. + + You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + + <<var;name="bullet";original="2.";match=".{0,20}">> You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + <<var;name="bullet";original="a)";match=".{0,20}">> You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. + + <<var;name="bullet";original="b)";match=".{0,20}">> You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. + + <<var;name="bullet";original="c)";match=".{0,20}">> If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) + + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. + + In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + + <<var;name="bullet";original="3.";match=".{0,20}">> You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: + + <<var;name="bullet";original="a)";match=".{0,20}">> Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + <<var;name="bullet";original="b)";match=".{0,20}">> Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, + + <<var;name="bullet";original="c)";match=".{0,20}">> Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) + + The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + + If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. + + <<var;name="bullet";original="4.";match=".{0,20}">> You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + + <<var;name="bullet";original="5.";match=".{0,20}">> You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. + + <<var;name="bullet";original="6.";match=".{0,20}">> Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. + + <<var;name="bullet";original="7.";match=".{0,20}">> If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. + + If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. + + It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + + This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + + <<var;name="bullet";original="8.";match=".{0,20}">> If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + + <<var;name="bullet";original="9.";match=".{0,20}">> The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. + + <<var;name="bullet";original="10.";match=".{0,20}">> If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + + NO WARRANTY + + <<var;name="bullet";original="11.";match=".{0,20}">> BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + <<var;name="bullet";original="12.";match=".{0,20}">> IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<<beginOptional>> END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + +<<beginOptional>><<<endOptional>>one line to give the program's name and <<var;name="ideaArticle";original="an";match="a brief|an">> idea of what it does.<<beginOptional>>><<endOptional>> + +Copyright (C)<<beginOptional>> <<<endOptional>> <<var;name="templateYear";original="yyyy";match="yyyy|year">><<beginOptional>>> <<endOptional>><<beginOptional>> <<<endOptional>>name of author<<beginOptional>>><<endOptional>> + +This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301<<beginOptional>>, <<endOptional>> USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this when it starts in an interactive mode: + +Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. + +<<beginOptional>><<<endOptional>>signature of Ty Coon<<beginOptional>>><<endOptional>>, 1 April 1989 Ty Coon, President of Vice + +<<endOptional>><<beginOptional>> This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. + +<<endOptional>> + + + 1 + 2021-11-14T17:31:36Z + https://opensource.org/licenses/GPL-2.0 + false + false + true + true + + + + + http://www.linux-usb.org + false + + Person: "" + Organization: "" + 007 + + + + + + + SPDX-2.2 + Sample Project-2021 + + + + + + + Copyright (c) 1996, Rik E. Faith +Copyright (c) 1999, Avery Pennarun + + false + apmd + Organization: "" + http://apenwarr.ca/apmd + Person: "" + 3.2.2-14 + http://apenwarr.ca/apmd + + + + + + + + + + 0 + 2021-11-14T17:31:18Z + https://creativecommons.org/publicdomain/zero/1.0/legalcode + false + false + true + true + + + true + <<beginOptional>><<beginOptional>>Creative Commons<<beginOptional>> Legal Code<<endOptional>> + +<<endOptional>> + +CC0 1.0 Universal + +<<endOptional>><<beginOptional>> CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. + +<<endOptional>> + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. + + <<var;name="bullet";original="1.";match=".{0,20}">> Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: + + <<var;name="bullet";original="i.";match=".{0,20}">> the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; + + <<var;name="bullet";original="ii.";match=".{0,20}">> moral rights retained by the original author(s) and/or performer(s); + + <<var;name="bullet";original="iii.";match=".{0,20}">> publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; + + <<var;name="bullet";original="iv.";match=".{0,20}">> rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; + + <<var;name="bullet";original="v.";match=".{0,20}">> rights protecting the extraction, dissemination, use and reuse of data in a Work; + + <<var;name="bullet";original="vi.";match=".{0,20}">> database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and + + <<var;name="bullet";original="vii.";match=".{0,20}">> other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. + + <<var;name="bullet";original="2.";match=".{0,20}">> Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. + + <<var;name="bullet";original="3.";match=".{0,20}">> Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. + + <<var;name="bullet";original="4.";match=".{0,20}">> Limitations and Disclaimers. + + <<var;name="bullet";original="a.";match=".{0,20}">> No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. + + <<var;name="bullet";original="b.";match=".{0,20}">> Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. + + <<var;name="bullet";original="c.";match=".{0,20}">> Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. + + <<var;name="bullet";original="d.";match=".{0,20}">> Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.<<beginOptional>> <<var;name="upstreamLink";original="";match="For more information, please see <http://creativecommons.org/publicdomain/zero/1.0/>">><<endOptional>> + + <div class="optional-license-text"> + <div class="optional-license-text"> + <p>Creative Commons<var class="optional-license-text"> Legal Code</var></p> + + </div> + <p>CC0 1.0 Universal</p> + + </div> + <div class="optional-license-text"> + <p>CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS + DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION + ON AN &quot;AS-IS&quot; BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT + OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE + USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.</p> + + </div> + + <p>Statement of Purpose</p> + + <p>The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related + Rights (defined below) upon the creator and subsequent owner(s) (each and all, an &quot;owner&quot;) + of an original work of authorship and/or a database (each, a &quot;Work&quot;).</p> + + <p>Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a + commons of creative, cultural and scientific works (&quot;Commons&quot;) that the public can reliably + and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse + and redistribute as freely as possible in any form whatsoever and for any purposes, including without + limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a + free culture and the further production of creative, cultural and scientific works, or to gain + reputation or greater distribution for their Work in part through the use and efforts of others.</p> + + <p>For these and/or other purposes and motivations, and without any expectation of additional consideration + or compensation, the person associating CC0 with a Work (the &quot;Affirmer&quot;), to the extent that + he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to + the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and + Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.</p> + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> 1.</var> + Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and + related or neighboring rights (&quot;Copyright and Related Rights&quot;). Copyright and + Related Rights include, but are not limited to, the following: + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> i.</var> + the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; + </li> + +<li> + <var class="replacable-license-text"> ii.</var> + moral rights retained by the original author(s) and/or performer(s); + </li> + +<li> + <var class="replacable-license-text"> iii.</var> + publicity and privacy rights pertaining to a person&apos;s image or likeness depicted in a Work; + </li> + +<li> + <var class="replacable-license-text"> iv.</var> + rights protecting against unfair competition in regards to a Work, subject to the limitations + in paragraph 4(a), below; + </li> + +<li> + <var class="replacable-license-text"> v.</var> + rights protecting the extraction, dissemination, use and reuse of data in a Work; + </li> + +<li> + <var class="replacable-license-text"> vi.</var> + database rights (such as those arising under Directive 96/9/EC of the European Parliament and + of the Council of 11 March 1996 on the legal protection of databases, and under any + national implementation thereof, including any amended or successor version of such + directive); and + </li> + +<li> + <var class="replacable-license-text"> vii.</var> + other similar, equivalent or corresponding rights throughout the world based on applicable + law or treaty, and any national implementations thereof. + </li> + +</ul> + </li> + +<li> + <var class="replacable-license-text"> 2.</var> + Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, + Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, + and surrenders all of Affirmer&apos;s Copyright and Related Rights and associated claims and + causes of action, whether now known or unknown (including existing as well as future claims + and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum + duration provided by applicable law or treaty (including future time extensions), (iii) in any + current or future medium and for any number of copies, and (iv) for any purpose whatsoever, + including without limitation commercial, advertising or promotional purposes (the + &quot;Waiver&quot;). Affirmer makes the Waiver for the benefit of each member of the public at + large and to the detriment of Affirmer&apos;s heirs and successors, fully intending that such + Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other + legal or equitable action to disrupt the quiet enjoyment of the Work by the public as + contemplated by Affirmer&apos;s express Statement of Purpose. + </li> + +<li> + <var class="replacable-license-text"> 3.</var> + Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid + or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent + permitted taking into account Affirmer&apos;s express Statement of Purpose. In addition, to + the extent the Waiver is so judged Affirmer hereby grants to each affected person a + royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and + unconditional license to exercise Affirmer&apos;s Copyright and Related Rights in the Work (i) + in all territories worldwide, (ii) for the maximum duration provided by applicable law or + treaty (including future time extensions), (iii) in any current or future medium and for any + number of copies, and (iv) for any purpose whatsoever, including without limitation + commercial, advertising or promotional purposes (the &quot;License&quot;). The License shall + be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of + the License for any reason be judged legally invalid or ineffective under applicable law, such + partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and + in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her + remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and + causes of action with respect to the Work, in either case contrary to Affirmer&apos;s express + Statement of Purpose. + </li> + +<li> + <var class="replacable-license-text"> 4.</var> + Limitations and Disclaimers. + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a.</var> + No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed + or otherwise affected by this document. + </li> + +<li> + <var class="replacable-license-text"> b.</var> + Affirmer offers the Work as-is and makes no representations or warranties of any kind + concerning the Work, express, implied, statutory or otherwise, including without + limitation warranties of title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or the present or + absence of errors, whether or not discoverable, all to the greatest extent permissible + under applicable law. + </li> + +<li> + <var class="replacable-license-text"> c.</var> + Affirmer disclaims responsibility for clearing rights of other persons that may apply to the + Work or any use thereof, including without limitation any person&apos;s Copyright and + Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any + necessary consents, permissions or other rights required for any use of the Work. + </li> + +<li> + <var class="replacable-license-text"> d.</var> + Affirmer understands and acknowledges that Creative Commons is not a party to this document + and has no duty or obligation with respect to this CC0 or use of the Work. + </li> + +</ul> + </li> + +</ul> + <var class="optional-license-text"> <var class="replacable-license-text"> </var></var> + + false + Creative Commons Zero v1.0 Universal + CC0-1.0 + Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. + + https://creativecommons.org/publicdomain/zero/1.0/legalcode + false + + + + + 2021-12-30T21:10:16Z + Tool: SPDXTools-2.2.2 + Organization: LG Electronics (opensource@lge.com) + Person: soim.kim (soim.kim@lge.com) + 3.10 + + + + + + + + 3.0.14 + Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project. + Organization: "" + https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-core/base-files + https://layers.openembedded.org/layerindex/recipe/577 + Person: "" + base-files + false + + + + + + + + + + + + Copyright (c) 2003, 2004 Porchdog Software +Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + false + + + + + 1 + 2021-11-14T17:24:29Z + https://opensource.org/licenses/LGPL-2.1 + false + false + true + true + + + LGPL-2.1 + Copyright (C) <<var;name="copyright";original="year name of author";match=".+">> + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; version 2.1. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + + <div class="optional-license-text"> + <p> + GNU LESSER GENERAL PUBLIC LICENSE + </p> + + <p> + Version 2.1, February 1999 + </p> + + </div> + <p> + Copyright (C) 1991, 1999 Free Software Foundation, Inc.<br /> + + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + </p> + + <p> + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + </p> + + <p> + [This is the first released version of the Lesser GPL. + It also counts as the successor of the GNU Library + Public License, version 2, hence the version number 2.1.] + </p> + + <p> + Preamble + </p> + + <p> + The licenses for most software are designed to take away your + freedom to share and change it. By contrast, the GNU General Public + Licenses are intended to guarantee your freedom to share and change + free software--to make sure the software is free for all its users. + </p> + + <p> + This license, the Lesser General Public License, applies to some + specially designated software packages--typically libraries--of the + Free Software Foundation and other authors who decide to use it. You + can use it too, but we suggest you first think carefully about whether + this license or the ordinary General Public License is the better + strategy to use in any particular case, based on the explanations below. + </p> + + <p> + When we speak of free software, we are referring to freedom of use, not + price. Our General Public Licenses are designed to make sure that you + have the freedom to distribute copies of free software (and charge for + this service if you wish); that you receive source code or can get it if + you want it; that you can change the software and use pieces of it in new + free programs; and that you are informed that you can do these things. + </p> + + <p> + To protect your rights, we need to make restrictions that forbid + distributors to deny you these rights or to ask you to surrender + these rights. These restrictions translate to certain responsibilities + for you if you distribute copies of the library or if you modify it. + </p> + + <p> + For example, if you distribute copies of the library, whether gratis + or for a fee, you must give the recipients all the rights that we + gave you. You must make sure that they, too, receive or can get the + source code. If you link other code with the library, you must provide + complete object files to the recipients, so that they can relink them + with the library after making changes to the library and recompiling + it. And you must show them these terms so they know their rights. + </p> + + <p> + We protect your rights with a two-step method: (1) we copyright + the library, and (2) we offer you this license, which gives you + legal permission to copy, distribute and/or modify the library. + </p> + + <p> + To protect each distributor, we want to make it very clear that there + is no warranty for the free library. Also, if the library is modified + by someone else and passed on, the recipients should know that what they + have is not the original version, so that the original author&apos;s reputation + will not be affected by problems that might be introduced by others. + </p> + + <p> + Finally, software patents pose a constant threat to the existence + of any free program. We wish to make sure that a company cannot + effectively restrict the users of a free program by obtaining a + restrictive license from a patent holder. Therefore, we insist that + any patent license obtained for a version of the library must be + consistent with the full freedom of use specified in this license. + </p> + + <p> + Most GNU software, including some libraries, is covered by + the ordinary GNU General Public License. This license, the GNU + Lesser General Public License, applies to certain designated + libraries, and is quite different from the ordinary General + Public License. We use this license for certain libraries in + order to permit linking those libraries into non-free programs. + </p> + + <p> + When a program is linked with a library, whether statically or using + a shared library, the combination of the two is legally speaking a + combined work, a derivative of the original library. The ordinary + General Public License therefore permits such linking only if the entire + combination fits its criteria of freedom. The Lesser General Public + License permits more lax criteria for linking other code with the library. + </p> + + <p> + We call this license the &quot;Lesser&quot; General Public License + because it does Less to protect the user&apos;s freedom than the + ordinary General Public License. It also provides other free + software developers Less of an advantage over competing non-free + programs. These disadvantages are the reason we use the ordinary + General Public License for many libraries. However, the Lesser + license provides advantages in certain special circumstances. + </p> + + <p> + For example, on rare occasions, there may be a special need to + encourage the widest possible use of a certain library, so that + it becomes a de-facto standard. To achieve this, non-free programs + must be allowed to use the library. A more frequent case is that a + free library does the same job as widely used non-free libraries. + In this case, there is little to gain by limiting the free library + to free software only, so we use the Lesser General Public License. + </p> + + <p> + In other cases, permission to use a particular library in non-free + programs enables a greater number of people to use a large body of free + software. For example, permission to use the GNU C Library in non-free + programs enables many more people to use the whole GNU operating + system, as well as its variant, the GNU/Linux operating system. + </p> + + <p> + Although the Lesser General Public License is Less protective of + the users&apos; freedom, it does ensure that the user of a program that + is linked with the Library has the freedom and the wherewithal + to run that program using a modified version of the Library. + </p> + + <p> + The precise terms and conditions for copying, distribution and + modification follow. Pay close attention to the difference between + a &quot;work based on the library&quot; and a &quot;work that uses the library&quot;. + The former contains code derived from the library, whereas + the latter must be combined with the library in order to run. + </p> + + <p> + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + </p> + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> 0.</var> + This License Agreement applies to any software library or + other program which contains a notice placed by the copyright + holder or other authorized party saying it may be distributed + under the terms of this Lesser General Public License (also + called &quot;this License&quot;). Each licensee is addressed as &quot;you&quot;. + <p> + A &quot;library&quot; means a collection of software functions and/or data + prepared so as to be conveniently linked with application programs + (which use some of those functions and data) to form executables. + </p> + + <p> + The &quot;Library&quot;, below, refers to any such software library or work + which has been distributed under these terms. A &quot;work based on + the Library&quot; means either the Library or any derivative work under + copyright law: that is to say, a work containing the Library or a + portion of it, either verbatim or with modifications and/or translated + straightforwardly into another language. (Hereinafter, translation + is included without limitation in the term &quot;modification&quot;.) + </p> + + <p> + &quot;Source code&quot; for a work means the preferred form of the work + for making modifications to it. For a library, complete source + code means all the source code for all modules it contains, + plus any associated interface definition files, plus the scripts + used to control compilation and installation of the library. + </p> + + <p> + Activities other than copying, distribution and modification are + not covered by this License; they are outside its scope. The act of + running a program using the Library is not restricted, and output + from such a program is covered only if its contents constitute a + work based on the Library (independent of the use of the Library + in a tool for writing it). Whether that is true depends on what + the Library does and what the program that uses the Library does. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 1.</var> + You may copy and distribute verbatim copies of the Library&apos;s complete + source code as you receive it, in any medium, provided that you + conspicuously and appropriately publish on each copy an appropriate + copyright notice and disclaimer of warranty; keep intact all the + notices that refer to this License and to the absence of any warranty; + and distribute a copy of this License along with the Library. + <p> + You may charge a fee for the physical act of + transferring a copy, and you may at your option + offer warranty protection in exchange for a fee. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 2.</var> + You may modify your copy or copies of the Library or any portion + of it, thus forming a work based on the Library, and copy and + distribute such modifications or work under the terms of Section + 1 above, provided that you also meet all of these conditions: + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a)</var> + The modified work must itself be a software library. + </li> + +<li> + <var class="replacable-license-text"> b)</var> + You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + </li> + +<li> + <var class="replacable-license-text"> c)</var> + You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + </li> + +<li> + <var class="replacable-license-text"> d)</var> + If a facility in the modified Library refers to a function + or a table of data to be supplied by an application program + that uses the facility, other than as an argument passed + when the facility is invoked, then you must make a good faith + effort to ensure that, in the event an application does not + supply such function or table, the facility still operates, + and performs whatever part of its purpose remains meaningful. + </li> + +</ul> + <p> + (For example, a function in a library to compute square roots + has a purpose that is entirely well-defined independent of + the application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function + must be optional: if the application does not supply it, + the square root function must still compute square roots.) + </p> + + <p> + These requirements apply to the modified work as a whole. If + identifiable sections of that work are not derived from the + Library, and can be reasonably considered independent and separate + works in themselves, then this License, and its terms, do not + apply to those sections when you distribute them as separate + works. But when you distribute the same sections as part of a + whole which is a work based on the Library, the distribution + of the whole must be on the terms of this License, whose + permissions for other licensees extend to the entire whole, + and thus to each and every part regardless of who wrote it. + </p> + + <p> + Thus, it is not the intent of this section to claim rights or + contest your rights to work written entirely by you; rather, + the intent is to exercise the right to control the distribution + of derivative or collective works based on the Library. + </p> + + <p> + In addition, mere aggregation of another work not based on + the Library with the Library (or with a work based on the + Library) on a volume of a storage or distribution medium does + not bring the other work under the scope of this License. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 3.</var> + You may opt to apply the terms of the ordinary GNU General + Public License instead of this License to a given copy of the + Library. To do this, you must alter all the notices that refer + to this License, so that they refer to the ordinary GNU General + Public License, version 2, instead of to this License. (If a + newer version than version 2 of the ordinary GNU General Public + License has appeared, then you can specify that version instead + if you wish.) Do not make any other change in these notices. + <p> + Once this change is made in a given copy, it is irreversible for + that copy, so the ordinary GNU General Public License applies to + all subsequent copies and derivative works made from that copy. + </p> + + <p> + This option is useful when you wish to copy part of the + code of the Library into a program that is not a library. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 4.</var> + You may copy and distribute the Library (or a portion or derivative + of it, under Section 2) in object code or executable form under + the terms of Sections 1 and 2 above provided that you accompany + it with the complete corresponding machine-readable source code, + which must be distributed under the terms of Sections 1 and 2 + above on a medium customarily used for software interchange. + <p> + If distribution of object code is made by offering access to copy + from a designated place, then offering equivalent access to copy + the source code from the same place satisfies the requirement + to distribute the source code, even though third parties are + not compelled to copy the source along with the object code. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 5.</var> + A program that contains no derivative of any portion of the + Library, but is designed to work with the Library by being compiled + or linked with it, is called a &quot;work that uses the Library&quot;. + Such a work, in isolation, is not a derivative work of the + Library, and therefore falls outside the scope of this License. + <p> + However, linking a &quot;work that uses the Library&quot; with the Library + creates an executable that is a derivative of the Library (because + it contains portions of the Library), rather than a &quot;work that uses + the library&quot;. The executable is therefore covered by this License. + Section 6 states terms for distribution of such executables. + </p> + + <p> + When a &quot;work that uses the Library&quot; uses material from a header + file that is part of the Library, the object code for the work may + be a derivative work of the Library even though the source code is + not. Whether this is true is especially significant if the work can + be linked without the Library, or if the work is itself a library. + The threshold for this to be true is not precisely defined by law. + </p> + + <p> + If such an object file uses only numerical parameters, data + structure layouts and accessors, and small macros and small inline + functions (ten lines or less in length), then the use of the + object file is unrestricted, regardless of whether it is legally + a derivative work. (Executables containing this object code + plus portions of the Library will still fall under Section 6.) + </p> + + <p> + Otherwise, if the work is a derivative of the Library, you may + distribute the object code for the work under the terms of Section + 6. Any executables containing that work also fall under Section 6, + whether or not they are linked directly with the Library itself. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 6.</var> + As an exception to the Sections above, you may also combine or + link a &quot;work that uses the Library&quot; with the Library to produce + a work containing portions of the Library, and distribute + that work under terms of your choice, provided that the terms + permit modification of the work for the customer&apos;s own use + and reverse engineering for debugging such modifications. + <p> + You must give prominent notice with each copy of the work + that the Library is used in it and that the Library and its + use are covered by this License. You must supply a copy of + this License. If the work during execution displays copyright + notices, you must include the copyright notice for the Library + among them, as well as a reference directing the user to the + copy of this License. Also, you must do one of these things: + </p> + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a)</var> + Accompany the work with the complete corresponding machine-readable + source code for the Library including whatever changes were used in + the work (which must be distributed under Sections 1 and 2 above); + and, if the work is an executable linked with the Library, with the + complete machine-readable &quot;work that uses the Library&quot;, as object + code and/or source code, so that the user can modify the Library + and then relink to produce a modified executable containing the + modified Library. (It is understood that the user who changes the + contents of definitions files in the Library will not necessarily be + able to recompile the application to use the modified definitions.) + </li> + +<li> + <var class="replacable-license-text"> b)</var> + Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user&apos;s computer system, + rather than copying library functions into the executable, and + (2) will operate properly with a modified version of the library, + if the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + </li> + +<li> + <var class="replacable-license-text"> c)</var> + Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no + more than the cost of performing this distribution. + </li> + +<li> + <var class="replacable-license-text"> d)</var> + If distribution of the work is made by offering access to + copy from a designated place, offer equivalent access to + copy the above specified materials from the same place. + </li> + +<li> + <var class="replacable-license-text"> e)</var> + Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + </li> + +</ul> + <p> + For an executable, the required form of the &quot;work that uses + the Library&quot; must include any data and utility programs needed + for reproducing the executable from it. However, as a special + exception, the materials to be distributed need not include + anything that is normally distributed (in either source or + binary form) with the major components (compiler, kernel, + and so on) of the operating system on which the executable + runs, unless that component itself accompanies the executable. + </p> + + <p> + It may happen that this requirement contradicts the + license restrictions of other proprietary libraries that + do not normally accompany the operating system. Such + a contradiction means you cannot use both them and the + Library together in an executable that you distribute. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 7.</var> + You may place library facilities that are a work based on the + Library side-by-side in a single library together with other library + facilities not covered by this License, and distribute such a + combined library, provided that the separate distribution of the + work based on the Library and of the other library facilities is + otherwise permitted, and provided that you do these two things: + +<ul style="list-style:none"> + +<li> + <var class="replacable-license-text"> a)</var> + Accompany the combined library with a copy of the same work based + on the Library, uncombined with any other library facilities. + This must be distributed under the terms of the Sections above. + </li> + +<li> + <var class="replacable-license-text"> b)</var> + Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + </li> + +</ul> + </li> + +<li> + <var class="replacable-license-text"> 8.</var> + You may not copy, modify, sublicense, link with, or distribute the + Library except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense, link with, or distribute + the Library is void, and will automatically terminate your rights + under this License. However, parties who have received copies, or + rights, from you under this License will not have their licenses + terminated so long as such parties remain in full compliance. + </li> + +<li> + <var class="replacable-license-text"> 9.</var> + You are not required to accept this License, since you have + not signed it. However, nothing else grants you permission to + modify or distribute the Library or its derivative works. These + actions are prohibited by law if you do not accept this License. + Therefore, by modifying or distributing the Library (or any + work based on the Library), you indicate your acceptance of this + License to do so, and all its terms and conditions for copying, + distributing or modifying the Library or works based on it. + </li> + +<li> + <var class="replacable-license-text"> 10.</var> + Each time you redistribute the Library (or any work based on + the Library), the recipient automatically receives a license + from the original licensor to copy, distribute, link with or + modify the Library subject to these terms and conditions. You + may not impose any further restrictions on the recipients&apos; + exercise of the rights granted herein. You are not responsible + for enforcing compliance by third parties with this License. + </li> + +<li> + <var class="replacable-license-text"> 11.</var> + If, as a consequence of a court judgment or allegation of patent + infringement or for any other reason (not limited to patent issues), + conditions are imposed on you (whether by court order, agreement + or otherwise) that contradict the conditions of this License, + they do not excuse you from the conditions of this License. If you + cannot distribute so as to satisfy simultaneously your obligations + under this License and any other pertinent obligations, then as a + consequence you may not distribute the Library at all. For example, + if a patent license would not permit royalty-free redistribution of + the Library by all those who receive copies directly or indirectly + through you, then the only way you could satisfy both it and this + License would be to refrain entirely from distribution of the Library. + <p> + If any portion of this section is held invalid or + unenforceable under any particular circumstance, the + balance of the section is intended to apply, and the section + as a whole is intended to apply in other circumstances. + </p> + + <p> + It is not the purpose of this section to induce you to infringe + any patents or other property right claims or to contest + validity of any such claims; this section has the sole purpose + of protecting the integrity of the free software distribution + system which is implemented by public license practices. Many + people have made generous contributions to the wide range of + software distributed through that system in reliance on consistent + application of that system; it is up to the author/donor to + decide if he or she is willing to distribute software through + any other system and a licensee cannot impose that choice. + </p> + + <p> + This section is intended to make thoroughly clear what is + believed to be a consequence of the rest of this License. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 12.</var> + If the distribution and/or use of the Library is restricted in + certain countries either by patents or by copyrighted interfaces, + the original copyright holder who places the Library under this + License may add an explicit geographical distribution limitation + excluding those countries, so that distribution is permitted only + in or among countries not thus excluded. In such case, this License + incorporates the limitation as if written in the body of this License. + </li> + +<li> + <var class="replacable-license-text"> 13.</var> + The Free Software Foundation may publish revised and/or new + versions of the Lesser General Public License from time to time. + Such new versions will be similar in spirit to the present version, + but may differ in detail to address new problems or concerns. + <p> + Each version is given a distinguishing version number. If + the Library specifies a version number of this License which + applies to it and &quot;any later version&quot;, you have the option of + following the terms and conditions either of that version or of + any later version published by the Free Software Foundation. If + the Library does not specify a license version number, you may + choose any version ever published by the Free Software Foundation. + </p> + + </li> + +<li> + <var class="replacable-license-text"> 14.</var> + If you wish to incorporate parts of the Library into other free programs + whose distribution conditions are incompatible with these, write to + the author to ask for permission. For software which is copyrighted by + the Free Software Foundation, write to the Free Software Foundation; we + sometimes make exceptions for this. Our decision will be guided by the + two goals of preserving the free status of all derivatives of our free + software and of promoting the sharing and reuse of software generally. + <p> + NO WARRANTY + </p> + + </li> + +<li> + <var class="replacable-license-text"> 15.</var> + BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY + FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT + WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER + PARTIES PROVIDE THE LIBRARY &quot;AS IS&quot; WITHOUT WARRANTY OF ANY KIND, + EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF + THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU + ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + </li> + +<li> + <var class="replacable-license-text"> 16.</var> + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING + WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR + REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR + DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY + (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED + INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF + THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER + OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + </li> + +</ul> + <div class="optional-license-text"> + <p> + END OF TERMS AND CONDITIONS + </p> + + <p> + How to Apply These Terms to Your New Libraries + </p> + + <p> + If you develop a new library, and you want it to be of the greatest + possible use to the public, we recommend making it free software + that everyone can redistribute and change. You can do so by + permitting redistribution under these terms (or, alternatively, + under the terms of the ordinary General Public License). + </p> + + <p> + To apply these terms, attach the following notices to the + library. It is safest to attach them to the start of each + source file to most effectively convey the exclusion of + warranty; and each file should have at least the &quot;copyright&quot; + line and a pointer to where the full notice is found. + </p> + + <p> + <var class="optional-license-text"> &lt;</var>one line to give the library&apos;s name + and <var class="replacable-license-text"> an idea</var> of what it does.<var class="optional-license-text"> &gt;</var> + <br /> + + Copyright (C) + <var class="optional-license-text"> &lt;</var>year<var class="optional-license-text"> &gt;</var> + <var class="optional-license-text"> &lt;</var>name of author<var class="optional-license-text"> &gt;</var> + </p> + + <p> + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + </p> + + <p> + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU Lesser General Public License for more details. + </p> + + <p> + You should have received a copy of the GNU Lesser General Public License + along with this library; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also + add information on how to contact you by electronic and paper mail. + </p> + + <p> + You should also get your employer (if you work as a programmer) + or your school, if any, to sign a &quot;copyright disclaimer&quot; for + the library, if necessary. Here is a sample; alter the names: + </p> + + <p> + Yoyodyne, Inc., hereby disclaims all copyright interest in<br /> + + the library `Frob&apos; (a library for tweaking knobs) written<br /> + + by James Random Hacker. + </p> + + <p> + <var class="optional-license-text"> &lt;</var>signature of Ty Coon<var class="optional-license-text"> &gt;</var>, + 1 April 1990<br /> + + Ty Coon, President of Vice<br /> + + That&apos;s all there is to it! + </p> + + </div> + + + + 0 + 2021-11-14T17:24:29Z + https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html + true + false + true + true + + + https://www.gnu.org/licenses/old-licenses/lgpl-2.1-standalone.html + Copyright (C) year name of author + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; version 2.1. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + + true + GNU Lesser General Public License v2.1 only + <<beginOptional>>GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +<<endOptional>> + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. + +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + <<var;name="bullet";original="0.";match=".{0,20}">> This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + + Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + + <<var;name="bullet";original="1.";match=".{0,20}">> You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + + You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + + <<var;name="bullet";original="2.";match=".{0,20}">> You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + <<var;name="bullet";original="a)";match=".{0,20}">> The modified work must itself be a software library. + + <<var;name="bullet";original="b)";match=".{0,20}">> You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + + <<var;name="bullet";original="c)";match=".{0,20}">> You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + + <<var;name="bullet";original="d)";match=".{0,20}">> If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + + (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + + These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + + Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + + In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + + <<var;name="bullet";original="3.";match=".{0,20}">> You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + + Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + + <<var;name="bullet";original="4.";match=".{0,20}">> You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + + <<var;name="bullet";original="5.";match=".{0,20}">> A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + + <<var;name="bullet";original="6.";match=".{0,20}">> As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + <<var;name="bullet";original="a)";match=".{0,20}">> Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + + <<var;name="bullet";original="b)";match=".{0,20}">> Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. + + <<var;name="bullet";original="c)";match=".{0,20}">> Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + + <<var;name="bullet";original="d)";match=".{0,20}">> If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + + <<var;name="bullet";original="e)";match=".{0,20}">> Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + + It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + + <<var;name="bullet";original="7.";match=".{0,20}">> You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + <<var;name="bullet";original="a)";match=".{0,20}">> Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + + <<var;name="bullet";original="b)";match=".{0,20}">> Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + + <<var;name="bullet";original="8.";match=".{0,20}">> You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + + <<var;name="bullet";original="9.";match=".{0,20}">> You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + + <<var;name="bullet";original="10.";match=".{0,20}">> Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. + + <<var;name="bullet";original="11.";match=".{0,20}">> If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + + If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + + It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + + This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + + <<var;name="bullet";original="12.";match=".{0,20}">> If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + + <<var;name="bullet";original="13.";match=".{0,20}">> The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + + Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + + <<var;name="bullet";original="14.";match=".{0,20}">> If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + + NO WARRANTY + + <<var;name="bullet";original="15.";match=".{0,20}">> BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + <<var;name="bullet";original="16.";match=".{0,20}">> IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.<<beginOptional>> END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + +<<beginOptional>><<<endOptional>> one line to give the library's name and <<var;name="ideaClause";original="an idea";match="an idea|a brief idea">> of what it does.<<beginOptional>> ><<endOptional>> + +Copyright (C)<<beginOptional>> <<<endOptional>> year<<beginOptional>> ><<endOptional>><<beginOptional>> <<<endOptional>> name of author<<beginOptional>> ><<endOptional>> + +This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. + +This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in + +the library `Frob' (a library for tweaking knobs) written + +by James Random Hacker. + +<<beginOptional>><<<endOptional>> signature of Ty Coon<<beginOptional>> ><<endOptional>> , 1 April 1990 + +Ty Coon, President of Vice + +That's all there is to it! + +<<endOptional>> + https://opensource.org/licenses/LGPL-2.1 + GNU LESSER GENERAL PUBLIC LICENSE + +Version 2.1, February 1999 + +Copyright (C) 1991, 1999 Free Software Foundation, Inc. +51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] + +Preamble + +The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. + +This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. + +When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. + +To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. + +For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. + +We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. + +To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. + +Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. + +Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. + +When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. + +We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. + +For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. + +In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. + +Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. + +The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. + +TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + +0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". + +A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. + +The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) + +"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. + +Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. + +1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. + +You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. + +2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. + +(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. + +3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. + +Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. + +This option is useful when you wish to copy part of the code of the Library into a program that is not a library. + +4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. + +If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. + +5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. + +However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. + +When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. + +If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) + +Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. + +6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. + +You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: + + a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. + + e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. + +For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. + +It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. + +7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. + + b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. + +8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. + +9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. + +10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. + +11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. + +This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. + +12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. + +13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. + +14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. + +NO WARRANTY + +15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +END OF TERMS AND CONDITIONS + +How to Apply These Terms to Your New Libraries + +If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). + +To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. + + one line to give the library's name and an idea of what it does. + Copyright (C) year name of author + + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: + +Yoyodyne, Inc., hereby disclaims all copyright interest in +the library `Frob' (a library for tweaking knobs) written +by James Random Hacker. + +signature of Ty Coon, 1 April 1990 +Ty Coon, President of Vice +That's all there is to it! + + true + true + + Copyright (C) <var class="replacable-license-text"> year name of author</var> + <p> + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; version 2.1. + </p> + + <p> + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty + of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + See the GNU Lesser General Public License for more details. + </p> + + <p> + You should have received a copy of the GNU Lesser General Public License + along with this library; if not, write to the Free Software Foundation, + Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + </p> + + + 3.0 + + + + avahi + 0.6.31 + Organization: "" + http://avahi.org + http://pkgs.fedoraproject.org/repo/pkgs/avahi/avahi-0.6.31.tar.gz + Person: "" + + + + + + + + diff --git a/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.tag b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.tag new file mode 100644 index 00000000..d005dfea --- /dev/null +++ b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.tag @@ -0,0 +1,97 @@ +SPDXVersion: SPDX-2.2 +DataLicense: CC0-1.0 +DocumentNamespace: http://osc.lge.comSPDXRef-SampleProject-2021-202112300910 +DocumentName: Sample Project-2021 +SPDXID: SPDXRef-DOCUMENT + +## Creation Information +Creator: Person: soim.kim (soim.kim@lge.com) +Creator: Organization: LG Electronics (opensource@lge.com) +Creator: Tool: SPDXTools-2.2.2 +Created: 2021-12-30T21:10:18Z +LicenseListVersion: 3.10 +## Relationships +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-5536 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-5702 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-2924 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-3836 +Relationship: SPDXRef-DOCUMENT DESCRIBES SPDXRef-Package-534 + +## Package Information +PackageName: Toast +SPDXID: SPDXRef-Package-5536 +PackageVersion: 3.1.0 +PackageSupplier: Person: "" +PackageOriginator: Organization: "" +PackageDownloadLocation: https://github.com/scalessec/Toast/releases +PackageHomePage: https://github.com/scalessec/Toast +PackageLicenseConcluded: MIT +## License information from files +PackageLicenseInfoFromFiles: MIT +PackageLicenseDeclared: MIT +PackageCopyrightText: Copyright (c) 2011-2015 Charles Scalesse. +FilesAnalyzed: false + +## Package Information +PackageName: apmd +SPDXID: SPDXRef-Package-5702 +PackageVersion: 3.2.2-14 +PackageSupplier: Person: "" +PackageOriginator: Organization: "" +PackageDownloadLocation: http://apenwarr.ca/apmd +PackageHomePage: http://apenwarr.ca/apmd +PackageLicenseConcluded: GPL-2.0 +## License information from files +PackageLicenseInfoFromFiles: GPL-2.0 +PackageLicenseDeclared: GPL-2.0 +PackageCopyrightText: Copyright (c) 1996, Rik E. Faith +Copyright (c) 1999, Avery Pennarun +FilesAnalyzed: false + +## Package Information +PackageName: avahi +SPDXID: SPDXRef-Package-2924 +PackageVersion: 0.6.31 +PackageSupplier: Person: "" +PackageOriginator: Organization: "" +PackageDownloadLocation: http://pkgs.fedoraproject.org/repo/pkgs/avahi/avahi-0.6.31.tar.gz +PackageHomePage: http://avahi.org +PackageLicenseConcluded: LGPL-2.1 +## License information from files +PackageLicenseInfoFromFiles: LGPL-2.1 +PackageLicenseDeclared: LGPL-2.1 +PackageCopyrightText: Copyright (c) 2003, 2004 Porchdog Software +Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. +FilesAnalyzed: false + +## Package Information +PackageName: base-files +SPDXID: SPDXRef-Package-3836 +PackageVersion: 3.0.14 +PackageSupplier: Person: "" +PackageOriginator: Organization: "" +PackageDownloadLocation: https://layers.openembedded.org/layerindex/recipe/577 +PackageHomePage: https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-core/base-files +PackageLicenseConcluded: GPL-2.0 +## License information from files +PackageLicenseInfoFromFiles: GPL-2.0 +PackageLicenseDeclared: GPL-2.0 +PackageCopyrightText: Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project. +FilesAnalyzed: false + +## Package Information +PackageName: usbutils +SPDXID: SPDXRef-Package-534 +PackageVersion: 007 +PackageSupplier: Person: "" +PackageOriginator: Organization: "" +PackageDownloadLocation: https://www.kernel.org/pub/linux/utils/usb/usbutils +PackageHomePage: http://www.linux-usb.org +PackageLicenseConcluded: GPL-2.0 +## License information from files +PackageLicenseInfoFromFiles: GPL-2.0 +PackageLicenseDeclared: GPL-2.0 +PackageCopyrightText: NOASSERTION +FilesAnalyzed: false + + diff --git a/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.xls b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.xls new file mode 100644 index 00000000..e8da12c8 Binary files /dev/null and b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.xls differ diff --git a/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.yaml b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.yaml new file mode 100644 index 00000000..46a2024e --- /dev/null +++ b/tips/oss_notice_format/SPDXRdf-SampleProject-2021_20211230.yaml @@ -0,0 +1,104 @@ +--- +SPDXID: "SPDXRef-DOCUMENT" +spdxVersion: "SPDX-2.2" +creationInfo: + created: "2021-12-30T21:10:22Z" + creators: + - "Person: soim.kim (soim.kim@lge.com)" + - "Organization: LG Electronics (opensource@lge.com)" + - "Tool: SPDXTools-2.2.2" + licenseListVersion: "3.10" +name: "Sample Project-2021" +dataLicense: "CC0-1.0" +documentNamespace: "http://osc.lge.comSPDXRef-SampleProject-2021-202112300910" +documentDescribes: +- "SPDXRef-Package-5536" +- "SPDXRef-Package-5702" +- "SPDXRef-Package-2924" +- "SPDXRef-Package-3836" +- "SPDXRef-Package-534" +packages: +- SPDXID: "SPDXRef-Package-534" + copyrightText: "NOASSERTION" + downloadLocation: "https://www.kernel.org/pub/linux/utils/usb/usbutils" + filesAnalyzed: false + homepage: "http://www.linux-usb.org" + licenseConcluded: "GPL-2.0" + licenseDeclared: "GPL-2.0" + licenseInfoFromFiles: + - "GPL-2.0" + name: "usbutils" + originator: "Organization: \"\"" + supplier: "Person: \"\"" + versionInfo: "007" +- SPDXID: "SPDXRef-Package-3836" + copyrightText: "Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative\ + \ Project." + downloadLocation: "https://layers.openembedded.org/layerindex/recipe/577" + filesAnalyzed: false + homepage: "https://github.com/openembedded/openembedded-core/tree/master/meta/recipes-core/base-files" + licenseConcluded: "GPL-2.0" + licenseDeclared: "GPL-2.0" + licenseInfoFromFiles: + - "GPL-2.0" + name: "base-files" + originator: "Organization: \"\"" + supplier: "Person: \"\"" + versionInfo: "3.0.14" +- SPDXID: "SPDXRef-Package-5536" + copyrightText: "Copyright (c) 2011-2015 Charles Scalesse." + downloadLocation: "https://github.com/scalessec/Toast/releases" + filesAnalyzed: false + homepage: "https://github.com/scalessec/Toast" + licenseConcluded: "MIT" + licenseDeclared: "MIT" + licenseInfoFromFiles: + - "MIT" + name: "Toast" + originator: "Organization: \"\"" + supplier: "Person: \"\"" + versionInfo: "3.1.0" +- SPDXID: "SPDXRef-Package-2924" + copyrightText: "Copyright (c) 2003, 2004 Porchdog Software\nCopyright (c) 1994,\ + \ 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,\ + \ 2008, 2009, 2010, 2011 Free Software Foundation, Inc." + downloadLocation: "http://pkgs.fedoraproject.org/repo/pkgs/avahi/avahi-0.6.31.tar.gz" + filesAnalyzed: false + homepage: "http://avahi.org" + licenseConcluded: "LGPL-2.1" + licenseDeclared: "LGPL-2.1" + licenseInfoFromFiles: + - "LGPL-2.1" + name: "avahi" + originator: "Organization: \"\"" + supplier: "Person: \"\"" + versionInfo: "0.6.31" +- SPDXID: "SPDXRef-Package-5702" + copyrightText: "Copyright (c) 1996, Rik E. Faith\nCopyright (c) 1999, Avery Pennarun" + downloadLocation: "http://apenwarr.ca/apmd" + filesAnalyzed: false + homepage: "http://apenwarr.ca/apmd" + licenseConcluded: "GPL-2.0" + licenseDeclared: "GPL-2.0" + licenseInfoFromFiles: + - "GPL-2.0" + name: "apmd" + originator: "Organization: \"\"" + supplier: "Person: \"\"" + versionInfo: "3.2.2-14" +relationships: +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package-5536" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package-5702" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package-2924" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package-3836" + relationshipType: "DESCRIBES" +- spdxElementId: "SPDXRef-DOCUMENT" + relatedSpdxElement: "SPDXRef-Package-534" + relationshipType: "DESCRIBES" diff --git a/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211010.html b/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211010.html new file mode 100644 index 00000000..62a10e17 --- /dev/null +++ b/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211010.html @@ -0,0 +1,115 @@ + + + + + + + + +
+

+ Open Source Software Notice + OSSNotice-4022_Sample Project_2021_211230.html +

+

This product from LG Electronics, Inc. contains the open source software detailed below. Please refer to the indicated open source licenses (as are included following this notice) for the terms and conditions of their use.

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Open source lists under Copyleft license.
Open SourceLicenseCopyright
+ base-files 3.0.14 +

GPL-2.0

+ 		Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project.
+ usbutils 007 +

GPL-2.0

+
+ avahi 0.6.31 +

LGPL-2.1

+ 		Copyright (c) 2003, 2004 Porchdog Software
Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+ apmd 3.2.2-14 +

GPL-2.0

+ 		Copyright (c) 1996, Rik E. Faith
Copyright (c) 1999, Avery Pennarun
+
+

+ The source code for the above may be obtained free of charge from LG Electronics, Inc. at https://opensource.lge.com. LG Electronics, Inc. will also provide open source code to you on CD-ROM for a charge covering the cost of performing such distribution (such as the cost of media, shipping, and handling) upon email request to opensource@lge.com. This offer is valid for a period of three years after our last shipment of this product. This offer is valid to anyone in receipt of this information. +
+

+ +
+

Please be informed that LG Electronics, Inc. product may contain open source software listed in the tables below.

+ + + + + + + + + + + + +
Open source lists under Pemissive License.
Open SourceLicenseCopyright
+ Toast 3.1.0 +

MIT +

Copyright (c) 2011-2015 Charles Scalesse.

+
+ + + + +

License URLs

+ + +
+ + \ No newline at end of file diff --git a/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211012.txt b/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211012.txt new file mode 100644 index 00000000..43127ea8 --- /dev/null +++ b/tips/oss_notice_format/simple_OSSNotice-4022_Sample Project_2021_20211230211012.txt @@ -0,0 +1,32 @@ +### Open Source Software Notice ### + +This product from LG Electronics, Inc. contains the open source software detailed below. Please refer to the indicated open source licenses (as are included following this notice) for the terms and conditions of their use. + +base-files 3.0.14 (GPL-2.0) +Copyright (c) 2016 Yocto Project, A Linux Foundation Collaborative Project. + +usbutils 007 (GPL-2.0) + + +avahi 0.6.31 (LGPL-2.1) +Copyright (c) 2003, 2004 Porchdog Software +Copyright (c) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + +apmd 3.2.2-14 (GPL-2.0) +Copyright (c) 1996, Rik E. Faith +Copyright (c) 1999, Avery Pennarun + +The source code for the above may be obtained free of charge from LG Electronics, Inc. at https://opensource.lge.com.LG Electronics, Inc. will also provide open source code to you on CD-ROM for a charge covering the cost of performing such distribution (such as the cost of media, shipping, and handling) upon email request to opensource@lge.com. This offer is valid for a period of three years after our last shipment of this product. This offer is valid to anyone in receipt of this information. +Please be informed that LG Electronics, Inc. product may contain open source software listed in to tables below. + +Toast 3.1.0 (MIT) +Copyright (c) 2011-2015 Charles Scalesse. + + + +GPL-2.0 : https://opensource.lge.com/license/GPL-2.0.html +LGPL-2.1 : https://opensource.lge.com/license/LGPL-2.1.html +MIT : https://opensource.lge.com/license/MIT.html + + +(OSSNotice-4022_Sample Project_2021_211230) \ No newline at end of file diff --git a/tutorial/1_project.md b/tutorial/1_project.md deleted file mode 100644 index b3bc4e4f..00000000 --- a/tutorial/1_project.md +++ /dev/null @@ -1,79 +0,0 @@ ---- -published: true -title: Project ---- - -# Project Tutorial -```note -Project를 생성하고 OSC(Open Source Compliance) Process를 수행합니다. -1. Project 생성 -2. Identification 작성 -3. Packaging 수행 -4. OSS Notice 다운로드 -``` - -## 1. Project 생성 -1-1. Project List에서 Add 버튼을 클릭합니다. -1-2. New_Project 탭에서 Project 정보를 입력합니다. -1-3. Project List에 Project가 생성된 것을 확인합니다. - -## 2. Identification -Project List에서 생성한 Project의 Identification Column 내 버튼을 클릭합니다. - -### 2-1. 3rd Party Tab으로 이동합니다. -- Not Applicable을 체크하고 Save 클릭합니다. - - -### 2-2. SRC Tab으로 이동합니다. -- OSS List가 쓰여진 Sample [FOSSLight Report](result_files/FOSSLight-Report_SampleProject.xlsx)를 다운로드합니다. -- Upload 버튼을 클릭하여 다운로드받은 Sample 파일을 업로드합니다. 이때, Load 할 Sheet로 SRC Sheet를 선택합니다. - ![bin](images/1_prj_sheet.PNG) -- FOSSLight Report의 SRC Sheet가 Load 된 것을 확인하고 Save를 클릭합니다. - -### 2-3. BIN Tab으로 이동합니다. -![bin](images/1_prj_bin.png) -- OSS Table 좌측 상단 + 버튼을 클릭합니다. -- 추가된 Row에 OSS 정보를 기입합니다. -- Save 버튼을 클릭합니다. - -### 2-4. BOM Tab으로 이동합니다. -- Merge And Save 버튼을 클릭합니다. -- Request Review 버튼을 클릭하여 리뷰 요청합니다. - -### 2-5. (Admin Only) Review -- ID: admin, PSWD: admin으로 로그인합니다. -- Project List > Status: Request인 Project의 BOM으로 이동합니다. -- [Warning Message](../started/2_try/4_project.html#warning)를 검토합니다. -- 우측 상단의 Confirm을 클릭합니다. - -## 3. Packaging -### 3-1. Packaging Tab -- [Sample Source code](result_files/sample_src.tar.gz)를 다운로드 받습니다. -``` -$ ls sample_src -CImg-master.zip cairo-1.4.12/ -``` -- Upload 버튼을 클릭하여 다운로드 받은 파일을 업로드합니다. -- 하기와 같이 "Path of source code in the OSS Package"를 기입한 후 Save를 클릭합니다. -![pkg](images/1_prj_pkg.png) -- Verify를 클릭하면 README, File List, Banned List 버튼이 활성화된 것을 확인할 수 있습니다. - -### 3-2. Notice Tab -![pkg](images/1_prj_notice.png) -- "Request to generate a modified OSS Notice. "를 클릭하여 OSS Notice를 변경할 수 있습니다. -- OSS Notice File Format을 추가적으로 체크할 수 있습니다. (발행하는 OSS Notice를 여러 형식으로 설정 가능합니다.) -- Preview 버튼을 클릭하여 OSS Notice를 미리 확인한 후 우측 하단 OK 버튼을 클릭합니다. -- Download 버튼을 클릭하면 OSS Notice 파일을 미리 다운로드할 수 있습니다. -- Save를 클릭합니다. - -### 3-3. 우측 상단 Request Review 버튼을 클릭하여 리뷰 요청합니다. -### 3-4. (Admin Only) Review -- ID: admin, PSWD: admin으로 로그인합니다. -- Packaging 탭 우측 상단 Review Start 버튼을 클릭합니다. -- 우측 상단 Confirm을 클릭합니다. - -## 4. OSS Notice 다운로드 -Project List의 Download column의 아이콘을 클릭하여 각 아이콘별 파일을 확인합니다. -- OSS Notice 아이콘을 클릭하면 발행된 OSS Notice를 모두 다운로드받을 수 있습니다. -- ex. OSS Notice (html 형식) 일부분 : -![notice](images/1_prj_oss_notice.png) diff --git a/tutorial/1_project/1_create_project/README.md b/tutorial/1_project/1_create_project/README.md new file mode 100644 index 00000000..6d80d31c --- /dev/null +++ b/tutorial/1_project/1_create_project/README.md @@ -0,0 +1,176 @@ +--- +sort: 1 +published: true +title: 1.Create a project +--- + +# Create a project +배포하는 Software에 대하여 Project를 생성합니다. + +## YouTube 가이드 +{: .left-bar-title} +
+ +
+


+ +## Project 생성 +{: .left-bar-title } + +1. **Project List**에서 **Add** 버튼을 클릭합니다. +prj_add + +2. **New_Project** 탭에서 Project 관련 정보를 입력합니다. +![prj_add_information](images/1_project_add_information.png){: .styled-image} + +3. 입력이 끝나면 우측 상단의 **Save**( ) 버튼을 클릭합니다. +

+ +### Project Information +{: .specific-title} +Project에 대한 기본 정보를 입력하는 페이지입니다. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
항목설명
Project NameProject의 이름을 입력합니다.
+
    +
  • 모델명과 Project명이 동일할 경우, 모델명을 입력합니다. (Project Name은 영문 작성이 권장됩니다.)
    • +
+
Project VersionProject의 Version을 입력합니다.
+
    +
  • Version 구분이 없다면 공란으로 둡니다.
    • +
+
PriorityOSS 고지문 발급 요청 우선 순위를 선택합니다.
+
    +
  • 기본값으로는 P2가 선택되며, 급한 요청 순위에 따라 우선순위(P0 > P1 > P2)를 선택합니다.
    • +
  • P0를 자주 선택하는 경우, 해당 조직이 OSC 프로세스 점검 대상이 될 수 있으니 참고하시기 바랍니다.
    • +
+
View PermissionProject의 보기 권한을 설정합니다.
+
    +
  • Creator와 Editor에게만 Project 보기 권한을 줄 경우, 'Creator & Editor'를 선택합니다.
    • +
  • (Everyone 체크시 누구나 볼 수 있음.)
    • +
+
Security Mail (Vulnerability)해당 프로젝트에 대한 Vulnerability 메일 수신 여부를 표시합니다.
+
    +
  • 기본값으로 Enable이 선택되어 있습니다.
    • +
  • Disable로 선택하는 경우, 해당 프로젝트에 대해 Vulnerability 메일을 더 이상 수신하지 않습니다.
    • +
  • Disable로 변경 시, Disable 사유를 필수로 입력해야 합니다.
    • +
+
Security Responsible Person보안 담당자를 별도로 지정할 수 있습니다.
+
    +
  • 지정 가능한 대상은 FOSSLight Hub에 등록된 사용자에 한합니다.
    • +
  • 지정된 보안 담당자는 보안 관련 Jira 이슈의 Assignee로 설정되며, FOSSLight Hub에서 발송되는 보안 관련 이메일도 함께 수신하게 됩니다.
    • +
  • 별도로 보안 담당자를 지정하지 않을 경우, 프로젝트 Creator가 보안 담당자로 지정됩니다.
    • +
+
Operating SystemOperating System을 선택합니다.
+
    +
  • (선택 가능한 OS가 없을 경우 '직접입력'을 선택하여 직접 입력.)
    • +
+
Distribution TypeProject의 배포 유형을 다음 중 하나로 선택합니다.
+
    +
  • General Model: 일반적인 Model / Software / Application이 배포되는 경우
    • +
  • Transfer in-house: 사내 이관하는 경우
    • +
  • B2B: 타사로 제공하는 경우
    • +
  • Preceding: 배포 가능성이 있는 선행 개발
    • +
  • In-house only: 사내용 Software로 배포가 예정되지 않은 경우
    • +
  • Self-Check: 배포 목적이 아닌 내부 검토 및 사전 점검하는 경우
    • +
  • Contribution: Open Source 공개 및 기여시 선택
    • +
+
Network Service only?Network Service 형태(ex, Web Service)의 프로젝트인 경우 'Yes' 선택
Distribution SiteOSS 고지문을 등록할 OSS 배포 사이트를 선택합니다.
+
    +
  • [opensource.lge.com](http://opensource.lge.com/): 일반적인 경우의 배포사이트
    • +
  • Network Service 형태의 프로젝트인 경우에도 "opensource.lge.com"을 선택하시기 바랍니다.
    • +
  • N/A: 배포사이트에 등록 불가한 특별한 사유가 있는 경우 선택 (ex, 3rd Party에 직접 소스 코드 전달 등)
    • +
+
OSS NoticeOSS Notice 양식을 선택합니다.
+
    +
  • General: 일반적인 고지문 발급이 필요한 경우
    • +
  • Platform-generated: Platform에서 자체 생성된 OSS Notice를 제품에 탑재하는 경우, 해당 Platform(ex, Android, Yocto)을 선택
    • +
  • N/A: 고지문 발급이 필요하지 않는 경우
    • +
+
Model InformationProject에 해당하는 Model 정보 및 양산 일자를 입력합니다.
Additional InformationCompliance에 필요한 부가정보가 있을 경우, 입력합니다.
Edit Permission해당 Project 정보 및 현황을 공유하고자 하는 사용자를 등록합니다.
+
    +
  • Editor로 등록된 사용자는 해당 Project에 대하여 Creator와 동일한 조회, 편집 권한을 가지고, 시스템에서 프로젝트 관련된 메일이 발송됩니다.
    • +
  • 단, AD ID로 추가한 계정 중 FOSSLight Hub에 가입되지 않은 사용자는 최초 FOSSLight Hub 계정 등록 안내 메일 외 프로젝트 관련 메일이 발송되지 않습니다.
    • +
+
Comment해당 Project 관련하여 Comment로 남기고 싶은 사항을 입력합니다.
+ +### Project의 Share, Copy, Delete, Save 등 +{: .specific-title} +자세한 내용은 [상세 화면의 공통 기능](https://fosslight.org/hub-guide/tips/1_common/3_project_tab_bar/)을 참고하시기 바랍니다. +- **Share**( ): 생성되는 URL을 통해 Project를 공유할 수 있습니다. +- **Copy**( ): Project를 복사하여 새로운 Project를 생성합니다. +- **Delete**( ): Project를 삭제합니다. +- **Save**( ): 기본 정보를 수정한 후에는 클릭해야 저장됩니다. +- **Drop**: Project의 Status를 Drop으로 변경합니다. 다시 Process를 진행하기 위해서는 Reopen 버튼을 클릭해야 합니다. +- **Reopen**: Status가 Drop 또는 Complete인 Project인 경우 표시되며 Status를 Progress로 변경하여 Process를 재수행할 수 있습니다. +- **(Admin Only)** + - Complete: 모든 Process가 완료된 Project에 대하여 Status를 변경합니다. + - Reopen: Status가 Complete 또는 Drop인 경우 표시되며 Status를 Progress로 변경합니다. diff --git a/tutorial/1_project/1_create_project/images/1_project_add.png b/tutorial/1_project/1_create_project/images/1_project_add.png new file mode 100644 index 00000000..18557e4c Binary files /dev/null and b/tutorial/1_project/1_create_project/images/1_project_add.png differ diff --git a/tutorial/1_project/1_create_project/images/1_project_add_information.png b/tutorial/1_project/1_create_project/images/1_project_add_information.png new file mode 100644 index 00000000..44f93b78 Binary files /dev/null and b/tutorial/1_project/1_create_project/images/1_project_add_information.png differ diff --git a/tutorial/1_project/1_create_project/images/copy-regular.png b/tutorial/1_project/1_create_project/images/copy-regular.png new file mode 100644 index 00000000..9d96d219 Binary files /dev/null and b/tutorial/1_project/1_create_project/images/copy-regular.png differ diff --git a/tutorial/1_project/1_create_project/images/floppy-disk-solid.png b/tutorial/1_project/1_create_project/images/floppy-disk-solid.png new file mode 100644 index 00000000..a1b6df43 Binary files /dev/null and b/tutorial/1_project/1_create_project/images/floppy-disk-solid.png differ diff --git a/tutorial/1_project/1_create_project/images/share-nodes-solid.png b/tutorial/1_project/1_create_project/images/share-nodes-solid.png new file mode 100644 index 00000000..ec5f8864 Binary files /dev/null and b/tutorial/1_project/1_create_project/images/share-nodes-solid.png differ diff --git a/tutorial/1_project/1_create_project/images/trash_can.png b/tutorial/1_project/1_create_project/images/trash_can.png new file mode 100644 index 00000000..53fa1085 Binary files /dev/null and b/tutorial/1_project/1_create_project/images/trash_can.png differ diff --git a/tutorial/1_project/2_Identification/1_3rd_DEP_SRC_BIN_Tab.md b/tutorial/1_project/2_Identification/1_3rd_DEP_SRC_BIN_Tab.md new file mode 100644 index 00000000..e6438eee --- /dev/null +++ b/tutorial/1_project/2_Identification/1_3rd_DEP_SRC_BIN_Tab.md @@ -0,0 +1,71 @@ +--- +sort: 1 +published: true +--- + +# 3rd Party/DEP/SRC/BIN Tab +
+분석 결과 Report를 Upload 하거나 Confirm된 3rd Party, Project를 Load 할 수 있습니다. +
+ +## 작성 Process +{: .left-bar-title } +- [FOSSLight Scanner](https://fosslight.org/fosslight-guide/scanner/)의 분석 결과 업로드 +- [**Warning message 검토**](https://fosslight.org/hub-guide/tips/1_common/5_warning_message) + +## 분석 Report Upload +{: .left-bar-title } +1. 기존에 Loaded된 Item이 있는 경우 Upload 영역의 + 버튼을 클릭합니다. (처음 Upload를 하는 경우는 2번 화면이 보이게 됩니다.) +select +2. Upload할 Report 파일을 선택합니다. +select +3. 선택한 report 파일의 sheet list가 좌측에 보이고, 우측에는 upload할 tab을 선택할 수 있습니다. +이때 하나의 sheet는 하나의 tab에만 선택이 가능하며, 각 탭의 이름으로 시작하는 sheet가 default로 선택되어 표시됩니다. +로드를 원하지 않는 sheet가 있는 경우는 좌측의 체크박스를 해제하면 됩니다. +select +4. Save 클릭시, 업로드한 report 파일의 data가 하단의 OSS Table에 로드되면서 저장됩니다. + +## Project/3rd Party Search +{: .left-bar-title } +Status가 Confirm 상태인 Project/3rd Party를 Load합니다. + +1. 기존에 Loaded된 Item이 있는 경우 Upload 영역의 + 버튼을 클릭합니다. (처음 Load를 하는 경우는 2번 화면이 보이게 됩니다.) +select +2. Load할 Project 또는 3rd Party를 검색합니다. +select +select +3. Load할 탭을 선택합니다. 이때 선택한 탭은 동일한 이름의 탭에만 load 됩니다. (예 - SRC를 선택한 경우, SRC탭에만 load되고 다른 탭에는 로드되지 않습니다.) +select +4. Save 클릭시, 하단의 OSS Table에 선택한 project/3rd party의 data가 로드되면서 저장됩니다. + + +## Upload / Load된 데이터 표시 +{: .left-bar-title } +select +1. Load된 3rd party +2. Load된 project +3. Upload된 report 파일 +4. Total : Upload된 Report 파일 수와 Load된 project, 3rd party 수 +OSS Components : 각 탭에 로드된 oss component 수 + +select +- OSS Table의 Comment Column에 출처가 표시됩니다. + +## Delete +{: .left-bar-title } +select + +1. 삭제하고자 하는 하나의 row만을 선택하여 휴지통 아이콘을 클릭하면 아래의 팝업이 뜹니다. +select +2. OK 클릭시, 선택한 row가 삭제되고 선택한 row로 부터 load된 하단의 OSS Table 데이터가 모두 삭제되고 저장됩니다. +3. 이때 아무것도 선택하지 않거나 두개 이상의 row를 선택시 아래의 팝업이 뜹니다. +select + +## Reset +{: .left-bar-title } +select +1. Reset 버튼을 클릭합니다. +2. Upload, load된 모든 row가 체크가 되고 모든 데이터가 삭제된다는 팝업이 뜹니다. +select +3. OK 클릭시 선택된 모든 row가 삭제되고 OSS Table의 모든 데이터가 삭제되고 저장됩니다. +4. 각 탭을 개별로 reset을 하길 원하는 경우, 각 탭 내에 위치한 reset 버튼을 클릭하면 됩니다. diff --git a/tutorial/1_project/2_Identification/2_SBOM_Tab.md b/tutorial/1_project/2_Identification/2_SBOM_Tab.md new file mode 100644 index 00000000..af087ba4 --- /dev/null +++ b/tutorial/1_project/2_Identification/2_SBOM_Tab.md @@ -0,0 +1,71 @@ +--- +sort: 2 +published: true +--- + +# SBOM Tab +3rd Party, DEP, SRC, BIN 탭에 작성된 OSS 목록을 취합하고 리뷰 요청을 합니다. + + +## Review 요청 방법 +{: .left-bar-title } + +### YouTube Guide +{: .specific-title} +
+ +
+ +### Review 요청 절차 +{: .specific-title} +1. Merge And Save 버튼을 클릭합니다. + - 3rd Party, SRC, BIN 탭에 작성한 OSS List를 취합합니다. +2. [**Warning message 검토**](https://fosslight.org/hub-guide/tips/1_common/5_warning_message)을 확인합니다. +3. Request 버튼을 클릭하여 리뷰 요청을 합니다. + - 단, 빨간색 Warning Message가 있을 경우 리뷰 요청이 불가합니다. +![prj](images/2_bom_tap.png){: .styled-image} + + +### (Admin only) Review 방법 +{: .specific-title} +1. SBOM 탭 우측 상단 Review Start 버튼을 클릭합니다. +2. Warning message별 검토 사항을 확인합니다. +3. **Save** 클릭 후 Confirm을 클릭하면 Packaging 탭이 활성화됩니다. + - Creator에게 재확인이 필요한 경우 **Reject**을 클릭하여 Status를 Progress로 변경합니다. +


+ +## OSS Table 설명 +{: .left-bar-title } +각 탭(3rd Party, SRC, BIN) 의 OSS Name, OSS Version별로 Row를 Merge하여 보여줍니다. 단, OSS Name 이 - 인 경우는 Merge되지 않습니다. +- **Reference** : 해당 OSS Name, OSS Version이 작성된 탭을 표시합니다. +- **Obligation**: 배포시 의무사항 + - **Notify** : 저작권 및 License를 고지 의무가 있습니다. + - **Source** : 소스코드 공개 의무가 있습니다. +- **Restriction**: R 아이콘이 표시되어 있는 경우, 해당 License에 제약사항이 존재합니다. +- **admin check**: admin check 된 항목은 하기와 같은 예외사항이 적용됩니다. + - 해당 Row의 License에 해당하는 Obligation 대신, admin이 변경한 Obligation이 적용됩니다. + - OSS Name, OSS Version에 포함되지 않은 License도 표기 가능합니다. + - OSS Name을 nickname으로 작성할 수 있습니다. + - OSS Name, OSS Version에 대하여 OSC system에 저장된 Copyright text, Download location, Homepage 의 정보 대신 해당 Row에 작성된 정보로 OSS Notice에 포함됩니다. +


+ +## Confirm 시점 SBOM data 변경 +{: .left-bar-title } +Identification 단계가 confirm되고 나면, SBOM tab의 download location, homepage, copyright의 정보가 OSS DB에 저장된 값으로 변경되며, 이를 기반으로 생성된 report를 다운로드 할 수 있습니다. +


+ +## Export +{: .left-bar-title } +Export 버튼을 통해 모든 탭의 내용을 추출할 수 있습니다. +- FOSSLight Report (Spreadsheet) 추출시, 각 Row의 Warning message가 추가로 출력됩니다. +- Warning message 앞에는 어떤 Column에 표기된 Warning message인지 표시됩니다. ex. (L) This field is required. (ON) Unconfirmed open source + +| Column Name | Warning Message 표시하는 column name 표기 | +|----------------------------------|-----------------------| +| OSS Name | ON | +| OSS version | OV | +| License | L | +| Download location | D | +| Homepage | H | +| Source Path | S | +| Binary Path | B | \ No newline at end of file diff --git a/tutorial/1_project/2_Identification/README.md b/tutorial/1_project/2_Identification/README.md new file mode 100644 index 00000000..f1879218 --- /dev/null +++ b/tutorial/1_project/2_Identification/README.md @@ -0,0 +1,25 @@ +--- +sort: 2 +published: true +title: 2.Identification +--- + + +# Identification +
+배포하는 Project에 대하여 Open Source Software 분석 결과를 작성하고, OSPO의 리뷰를 받습니다. +
+ +{% include list.liquid all=true %} + +## 일반 Project의 Identification Process +{: .left-bar-title } +- **3rd Party, DEP 탭, SRC, BIN 탭 작성 → SBOM 탭**에서 **Request** 버튼을 클릭하여 리뷰 요청 + - [**3rd Party, DEP, SRC, BIN**](https://fosslight.org/hub-guide/tutorial/1_project/2_Identification/1_3rd_DEP_SRC_BIN_Tab.html): 분석 결과 Report를 업로드 하거나 Confirm된 Project, 3rd Party를 Load합니다. + - [**SBOM**](https://fosslight.org/hub-guide/tutorial/1_project/2_Identification/2_SBOM_Tab.html): 다른 탭에 작성된 OSS List를 취합하고 Warning message를 검토한 후 리뷰 요청을 합니다. + +## (Enterprise Only) Platform-generated Project의 Identification Process +{: .left-bar-title } +- BIN(Android), BIN(Yocto) Tab : 각 탭 작성 → Request 버튼을 클릭하여 리뷰 요청합니다. + - BIN(Android) : [Android binary 분석](https://fosslight.org/fosslight-guide/scanner/6_android.html) 결과를 작성합니다. + - BIN(Yocto) : [Yocto 분석](https://fosslight.org/fosslight-guide/scanner/5_yocto.html) 결과를 작성합니다. \ No newline at end of file diff --git a/tutorial/1_project/2_Identification/images/1_3rd_search.png b/tutorial/1_project/2_Identification/images/1_3rd_search.png new file mode 100644 index 00000000..ea0f8a03 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_3rd_search.png differ diff --git a/tutorial/1_project/2_Identification/images/1_delete1.png b/tutorial/1_project/2_Identification/images/1_delete1.png new file mode 100644 index 00000000..61f35e8b Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_delete1.png differ diff --git a/tutorial/1_project/2_Identification/images/1_delete2.png b/tutorial/1_project/2_Identification/images/1_delete2.png new file mode 100644 index 00000000..2b730229 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_delete2.png differ diff --git a/tutorial/1_project/2_Identification/images/1_delete3.png b/tutorial/1_project/2_Identification/images/1_delete3.png new file mode 100644 index 00000000..f6c945eb Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_delete3.png differ diff --git a/tutorial/1_project/2_Identification/images/1_loaded_item.png b/tutorial/1_project/2_Identification/images/1_loaded_item.png new file mode 100644 index 00000000..2e4596e4 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_loaded_item.png differ diff --git a/tutorial/1_project/2_Identification/images/1_oss_component_comment.png b/tutorial/1_project/2_Identification/images/1_oss_component_comment.png new file mode 100644 index 00000000..a4782462 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_oss_component_comment.png differ diff --git a/tutorial/1_project/2_Identification/images/1_project_search.png b/tutorial/1_project/2_Identification/images/1_project_search.png new file mode 100644 index 00000000..44ce653e Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_project_search.png differ diff --git a/tutorial/1_project/2_Identification/images/1_reset1.png b/tutorial/1_project/2_Identification/images/1_reset1.png new file mode 100644 index 00000000..d2937347 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_reset1.png differ diff --git a/tutorial/1_project/2_Identification/images/1_reset2.png b/tutorial/1_project/2_Identification/images/1_reset2.png new file mode 100644 index 00000000..3bbb960a Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_reset2.png differ diff --git a/tutorial/1_project/2_Identification/images/1_select_sheet.png b/tutorial/1_project/2_Identification/images/1_select_sheet.png new file mode 100644 index 00000000..90b9bb92 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_select_sheet.png differ diff --git a/tutorial/1_project/2_Identification/images/1_select_tab.png b/tutorial/1_project/2_Identification/images/1_select_tab.png new file mode 100644 index 00000000..579816fa Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_select_tab.png differ diff --git a/tutorial/1_project/2_Identification/images/1_upload_report1.png b/tutorial/1_project/2_Identification/images/1_upload_report1.png new file mode 100644 index 00000000..cded17ca Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_upload_report1.png differ diff --git a/tutorial/1_project/2_Identification/images/1_upload_report2.png b/tutorial/1_project/2_Identification/images/1_upload_report2.png new file mode 100644 index 00000000..e7eb7586 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/1_upload_report2.png differ diff --git a/tutorial/1_project/2_Identification/images/2_bom_tap.png b/tutorial/1_project/2_Identification/images/2_bom_tap.png new file mode 100644 index 00000000..35cd29d4 Binary files /dev/null and b/tutorial/1_project/2_Identification/images/2_bom_tap.png differ diff --git a/tutorial/1_project/3_packaging/README.md b/tutorial/1_project/3_packaging/README.md new file mode 100644 index 00000000..4ca0f259 --- /dev/null +++ b/tutorial/1_project/3_packaging/README.md @@ -0,0 +1,63 @@ +--- +sort: 3 +published: true +title: 3.Packaging +--- + +# Packaging +
+• Packaging 단계에서는 Source Code 공개 의무가 있는 Open Source를 사용한 경우 공개할 Source Code를 취합(OSS Package)하고 이를 FOSSLight Hub에 등록합니다.
+• OSS 고지문은 Packaging 단계가 Confirm되면 자동으로 생성됩니다. 만약, OSS 고지문 내용을 변경해야 할 경우, Notice tab에서 수정할 수 있습니다.
+• Project List의 Packaging column 내 버튼을 클릭하여 진입합니다.
+
+
+ +
+ +## Packaging tab +{: .left-bar-title } +![prj](images/3_project_packaging_upload.PNG){: .styled-image} +Packaging tab에서는 OSS Package 파일을 Upload 업로드합니다. +(단, Source Code 공개를 필요로하는 License하의 Open Source를 사용하지 않았다면 이 탭은 비활성화됩니다.) +1. **OSS Package Upload** + - Source code를 취합한 Packaging 파일(압축 파일)을 Upload합니다. + - Verify when file is uploaded 옵션을 체크하면, 파일 업로드가 완료된 후 자동으로 Verify를 실행합니다. +2. **"Path of source code in the OSS Package" column을 기입합니다.** + - 공개해야 할 Open Source 종류가 많아 Path 기입을 일일이 하기 어려운 경우, 'Export Path'()버튼으로 Packaging OSS List 파일을 다운로드 한 후 Path를 기입하고 'Upload Path'()버튼으로 upload 하면 Path 정보가 등록됩니다. + - 'Save' 버튼으로 입력한 Path정보를 저장할 수 있습니다. + - Path정보는 대소문자를 구분하니 입력 시 주의하시기 바랍니다. +3. **'Save'버튼()을 클릭합니다. + - OSS Package 내에서 찾은 File은 File Count란에 개수가 표시됩니다. 찾지 못한 Open Source가 있다면 "path not found"라고 표시됩니다. + - OSS Package 내에서 찾은 README, File List, Banned List를 확인할 수 있습니다. + - **README**: OSS Package 내 포함된 README 파일 + - **File List**: OSS Package 내의 파일 목록 + - **Banned List**: "Proprietary", "Commercial" 등 공개되지 말아야 할 파일 목록 + - **Binary List** : OSS Package 내 포함된 Binary 파일 + - OSS Package가 변경되거나, 입려된 Path가 기존에 저장된 값이랑 다른 경우에는 'Verify 진행중'이라는 팝업이 나타납니다. + +## Notice tab +{: .left-bar-title } +OSS Notice는 Identification > SBOM 탭을 기준으로 자동 생성됩니다. +![prj](images/3_project_packaging_notice.PNG){: .styled-image} + +- Request to generate a default OSS Notice. (Select this in most cases.) + - 수정 없이 OSS Notice를 발행하는 경우 선택합니다. +- Request to generate a modified OSS Notice. (Select this only in exceptional cases.) + - OSS Notice의 포맷이나 Contents를 수정할 수 있습니다. + - Append : OSS Notice에 내용을 추가할 수 있습니다. + - Editor : 추가될 내용을 직접 기입합니다. + - File Upload : 추가될 내용을 파일로 업로드 합니다. + - OSS Notice File Format은 [OSS 고지문 종류](../../../tips/2_project/4_oss_notice/)에서 확인할 수 있습니다. + + +## Review 요청 +{: .left-bar-title } +- Packaging 탭 우측 상단 **Request**() 버튼을 클릭하여 리뷰 요청을 합니다. + +## (Admin only) Review 방법 +{: .left-bar-title } +- 우측 상단 **Review Start**() 버튼을 클릭합니다. +- 우측 상단 **Bypass**() 버튼을 클릭하면 Packaging 수행 없이 Confirm 할 수 있습니다. +- 우측 상단의 **Confirm**() 버튼을 클릭하면 Packaging이 Confirm되고 OSC Process가 완료됩니다. +- Packaging이 Confirm된 Project에 대해서 Project List에서 발행된 OSS Notice를 다운로드 받을 수 있습니다. + - Creator에게 재확인이 필요한 경우 Reject을 클릭하여 Status를 Progress로 변경합니다. \ No newline at end of file diff --git a/tutorial/1_project/3_packaging/images/3_packaging_bypass.png b/tutorial/1_project/3_packaging/images/3_packaging_bypass.png new file mode 100644 index 00000000..56ad23e5 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_packaging_bypass.png differ diff --git a/tutorial/1_project/3_packaging/images/3_packaging_export_path.png b/tutorial/1_project/3_packaging/images/3_packaging_export_path.png new file mode 100644 index 00000000..8c07a944 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_packaging_export_path.png differ diff --git a/tutorial/1_project/3_packaging/images/3_packaging_save.png b/tutorial/1_project/3_packaging/images/3_packaging_save.png new file mode 100644 index 00000000..5cff904c Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_packaging_save.png differ diff --git a/tutorial/1_project/3_packaging/images/3_packaging_upload_path.png b/tutorial/1_project/3_packaging/images/3_packaging_upload_path.png new file mode 100644 index 00000000..bf37035d Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_packaging_upload_path.png differ diff --git a/tutorial/1_project/3_packaging/images/3_packaging_verify.png b/tutorial/1_project/3_packaging/images/3_packaging_verify.png new file mode 100644 index 00000000..70cb60e7 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_packaging_verify.png differ diff --git a/tutorial/1_project/3_packaging/images/3_project_packaging_notice.PNG b/tutorial/1_project/3_packaging/images/3_project_packaging_notice.PNG new file mode 100644 index 00000000..09186f26 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_project_packaging_notice.PNG differ diff --git a/tutorial/1_project/3_packaging/images/3_project_packaging_upload.PNG b/tutorial/1_project/3_packaging/images/3_project_packaging_upload.PNG new file mode 100644 index 00000000..f7f5c5ec Binary files /dev/null and b/tutorial/1_project/3_packaging/images/3_project_packaging_upload.PNG differ diff --git a/tutorial/1_project/3_packaging/images/confirm.png b/tutorial/1_project/3_packaging/images/confirm.png new file mode 100644 index 00000000..7ad23486 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/confirm.png differ diff --git a/tutorial/1_project/3_packaging/images/request.png b/tutorial/1_project/3_packaging/images/request.png new file mode 100644 index 00000000..a7c559dc Binary files /dev/null and b/tutorial/1_project/3_packaging/images/request.png differ diff --git a/tutorial/1_project/3_packaging/images/review_start.png b/tutorial/1_project/3_packaging/images/review_start.png new file mode 100644 index 00000000..2b95b123 Binary files /dev/null and b/tutorial/1_project/3_packaging/images/review_start.png differ diff --git a/tutorial/1_project/4_distribution/README.md b/tutorial/1_project/4_distribution/README.md new file mode 100644 index 00000000..bb6199c7 --- /dev/null +++ b/tutorial/1_project/4_distribution/README.md @@ -0,0 +1,28 @@ +--- +sort: 4 +published: true +title: 4.Distribution +--- + +# Distribution(Enterprise Only) +
+Distribution을 수행하면 배포 사이트에 OSS 고지문 / OSS Package가 등록됩니다. +
+ +
+ +
+ + + +## 배포 사이트 +{: .left-bar-title } + - LG 전자 : LG Open Source 사이트 내 Product 페이지([https://opensource.lge.com/product](https://opensource.lge.com/product)) + - 타사 : 각 회사에서 설정한 배포 사이트에 등록 + +## (Admin Only) 배포 권한 +{: .left-bar-title } +- 외부에 공개되는 사항으로 **Admin 권한의 계정을 가진 사용자**만 Distribution을 수행할 수 있습니다. +- LG 전자 : Admin 계정은 사업부/연구소 내 OSC 담당자에게만 부여됩니다. + - 만약 Project Creator가 OSC 담당자가 아닌 경우, Project > Edit Permission에 조직의 OSC 담당자를 추가한 후, OSC 담당자에게 Distribution 단계 수행을 요청하시기 바랍니다. + \ No newline at end of file diff --git a/tutorial/1_project/5_security/README.md b/tutorial/1_project/5_security/README.md new file mode 100644 index 00000000..5a3a41f4 --- /dev/null +++ b/tutorial/1_project/5_security/README.md @@ -0,0 +1,36 @@ +--- +sort: 5 +published: true +title: 5.Security Tab +--- + +# Security Tab +
+Security 탭에서는 Identification 단계의 BOM 탭 기준 Vulnerability score가 기준 점수 이상인 OSS에 대하여 CVE ID별로 확인 및 조치 상태를 관리할 수 있습니다.
+ • Vulnerability score 기준 점수는 Code Management > 760 (Security Vulnerability Score)에서 설정하실 수 있습니다. +
+ +![prj](images/5_sec_list.PNG){: .styled-image} + +## Column 정보 +{: .left-bar-title } +- **OSS Name, OSS version** + - Identification 단계의 BOM 탭에 작성된 OSS 정보가 자동 출력됩니다. +- **CVE ID, CVSS Score, Published Date** + - CVE ID 및 해당 CVE ID의 CVSS Score, 발행일 정보가 자동 출력됩니다. +- **Vulnerability Resolution** + - 기본값으로 Unresolved로 설정되며, 보안취약점 해결 시 Fixed로 변경할 수 있습니다. + +### OSS version 미 입력시 +{: .specific-title} +- Security 탭에서는 OSS version 미기입된 CVE ID에 대해 정확한 vulnerability 확인이 어렵기에 전체 CVE ID 리스트를 보여주고 있지 않습니다. +- 탭 진입 시 다음 팝업 화면이 뜨는 경우, Identification 탭에서 해당 Open Source의 정확한 version을 입력한 후 BOM 탭 Save하면 +Security 탭에서 정확한 보안취약점 CVE ID 목록을 확인할 수 있습니다. +![prj](images/5_sec_popup.PNG){: .styled-image} + +### Vulnerability Resolution 여부 Identification 단계 반영 +{: .specific-title} +- Identification 단계 탭에서 Vulnerability score 확인 시, Security 탭에서 vulnerability resolution 값을 'Fixed'로 변경한 CVE ID에 대해서는 제외된 Max score를 확인할 수 있습니다. +- Identification 단계 탭에서 Vulnerability Icon 클릭 시, 해당 OSS name 및 version에 대한 전체 CVE ID 리스트 창에서 'Fixed'된 CVE ID는 아래와 같이 비활성화 처리된 것을 확인할 수 있습니다. +![fixed](images/5_sec_fixed.png){: .styled-image} + diff --git a/tutorial/1_project/5_security/images/5_sec_fixed.png b/tutorial/1_project/5_security/images/5_sec_fixed.png new file mode 100644 index 00000000..62cd5517 Binary files /dev/null and b/tutorial/1_project/5_security/images/5_sec_fixed.png differ diff --git a/tutorial/1_project/5_security/images/5_sec_list.PNG b/tutorial/1_project/5_security/images/5_sec_list.PNG new file mode 100644 index 00000000..61546a39 Binary files /dev/null and b/tutorial/1_project/5_security/images/5_sec_list.PNG differ diff --git a/tutorial/1_project/5_security/images/5_sec_popup.PNG b/tutorial/1_project/5_security/images/5_sec_popup.PNG new file mode 100644 index 00000000..e336af28 Binary files /dev/null and b/tutorial/1_project/5_security/images/5_sec_popup.PNG differ diff --git a/tutorial/1_project/README.md b/tutorial/1_project/README.md new file mode 100644 index 00000000..9fb635fa --- /dev/null +++ b/tutorial/1_project/README.md @@ -0,0 +1,26 @@ +--- +sort: 1 +published: true +--- + +# Project + +{% include list.liquid all=true %} + + +## ⭐Tips for Project +{: .left-bar-title } +#### Pre-Review 버튼 (DEP, SRC, BIN Tab) +{: .under-bar-title} +**OSS Table에 작성된 Download location을 기반으로 FOSSLight Hub에 저장된 OSS Name으로 자동 변경합니다.** +- 상세 가이드는 [Tips > Common > Pre-Review](../../tips/1_common/2_pre_review)에서 확인하시기 바랍니다. + +#### Comment 남기기 +{: .under-bar-title} +- Project에 Comment를 남기고 해당 Comment를 Reviewer, Edit Permssion 부여 대상자, Creator에게 메일로 발송할 수 있습니다. +- 상세 가이드는 [Tips > Common > Comment](../../tips/1_common/4_comment)에서 확인하시기 바랍니다. + +#### OSS Table's Warning message +{: .under-bar-title} +- OSS Table에서 Warning Message를 통해 검토가 필요한 사항을 확인할 수 있습니다. +- Warning Message 별 의미는 [Tips > Common > Warning Message](../../tips/1_common/5_warning_message)에서 확인하시기 바랍니다. \ No newline at end of file diff --git a/tutorial/2_self_check.md b/tutorial/2_self_check.md deleted file mode 100644 index 69af68ae..00000000 --- a/tutorial/2_self_check.md +++ /dev/null @@ -1,56 +0,0 @@ ---- -published: true -title: Self-Check ---- - -# Self-Check Tutorial -```note -Self-Check를 생성하고 OSS(Open Source Software)정보를 확인합니다. -1. Self-Check 생성 -2. OSS 정보 작성 -3. OSS 정보 확인 -4. Export하여 파일로 다운로드 -``` - -## 1. Self-Check 생성 -1. Self-Check List에서 Add 버튼 클릭합니다. -2. Self-Check 정보를 입력합니다. - ![new](images/2_self_new.png) -3. 생성된 Self-Check를 확인합니다. - ![new](images/2_self_new_list.png) - -## 2. OSS 정보 작성 -1. Self-Check List에서 생성한 Self-Check를 더블 클릭합니다. -2. Self-Check 상세 정보탭에서 OSS 정보를 작성합니다. - ![new](images/2_self_add.png) - 1. OSS Table 좌측 상단의 + 버튼을 클릭합니다. - 2. 추가된 Row에 정보 (OSS Name, OSS Version, License)를 입력합니다. - - OSS Name, OSS Version를 입력하면 FOSSLight Hub에 저장된 정보인 경우 하기 팝업이 뜹니다. 이 때, OK를 클릭하면 FOSSLight Hub에 저장된 정보 (License, Download location)을 자동으로 불러옵니다. - ![new](images/2_self_auto.png) - 3. OSS Table 좌측 상단의 + 버튼을 클릭하여 Row를 추가할 수 있습니다. - 4. Save를 클릭합니다. -3. Check OSS Name 버튼을 클릭합니다. -![new](images/2_self_check_ossname.png) -작성된 Download location을 기반으로 FOSSLight Hub에 저장된 OSS Name으로 자동 변경합니다. -- 팝업에 자동 변환될 OSS 목록이 표시됩니다. - - Change OSS Name 버튼 : 체크된 Row에 대하여 OSS Table의 OSS Name이 변경됩니다. - - Add Nickname 버튼 : 체크된 Row에 대하여 FOSSLight Hub에 저장된 OSS에 Nickname으로 OSS Table에 쓰여진 OSS Name이 추가됩니다. - -## 3. OSS 정보 확인 -![new](images/2_self_save.png) -- OSS Detail 아이콘 클릭 : 해당 OSS의 버전별 License, Copyright 등 세부정보 팝업창을 확인합니다. - ![new](images/2_self_oss.png) -- License Detail 아이콘 클릭: License의 정보와 License Text가 팝업창으로 제공됩니다. - ![new](images/2_self_lic.png) -- User Guide 아이콘 클릭: 작성된 License에 대한 User Guide를 팝업창으로 확인합니다. - ![new](images/2_self_lic2.png) - -## 4. Export하여 파일로 다운로드 -![new](images/2_self_export.png) -- Self-Check Sheet : OSS Table에 쓰여진 사항을 출력합니다. 이 Sheet를 [Project](../started/2_try/4_project.md)의 Identification 탭에 업로드할 수 있습니다. -- Vulnerability Sheet : OSS별 Vulnerability 정보를 출력합니다. - - OSS Name : OSS Table에 작성한 OSS Name. - - Nick Name : OSS Table에 작성한 OSS의 nickname으로 Vulnerability가 조회된 경우, 매칭된 nickname이 표시됩니다. (매칭된 nickname이 없는 경우 -로 표시) - - OSS Version : Vulnerability 조회된 version. - - Max Score : 해당 OSS, Version에 대한 Vulnerability Max Score. - - Vulnerability Link : 해당 OSS Name, OSS Version으로 조회된 Vulnerability 목록을 확인할 수 있는 팝업 링크를 출력합니다. \ No newline at end of file diff --git a/tutorial/2_self_check/1_create_project.md b/tutorial/2_self_check/1_create_project.md new file mode 100644 index 00000000..4c1efb9a --- /dev/null +++ b/tutorial/2_self_check/1_create_project.md @@ -0,0 +1,45 @@ +--- +sort: 1 +published: true +--- + +# Create Self-Check Project +
+Self-Check 프로젝트를 생성하고, 검토할 OSS 목록을 OSS 보고서를 이용하여 일괄 추가하거나 UI 상에서 하나씩 추가할 수 있습니다. +
+ +## Self-Check Project 생성 +{: .left-bar-title } +1. Self-Check list 좌측 상단의 Add 버튼을 클릭합니다. +![selfcheck_create_project_1](images/1_self_check_create_1.png){: .styled-image} +2. Self-Check 정보를 기입하고, Save 합니다. +![selfcheck_create_project_2](images/1_self_check_create_2.png){: .styled-image} +3. Self-Check List에서 새로 생성한 Self-Check Project를 확인할 수 있고, List에서 클릭 시 상세 내용을 확인할 수 있습니다. + + +## OSS 정보 입력 +{: .left-bar-title } + +### OSS Table에 수기로 작성 +{: .specific-title} +1. OSS Table의 좌측 상단 + 버튼을 클릭하여 OSS 정보를 기입합니다. +2. 추가된 Row에 정보(OSS Name, OSS Version, License)를 입력합니다. + - OSS Name, OSS Version을 입력하면 FOSSLight Hub에 저장된 정보인 경우 [**OSS 정보 자동 완성**](https://fosslight.org/hub-guide/tips/1_common/1_oss_table/3_autofill_oss_info.html)으로 정보를 불러옵니다. + + +### Upload Analysis Result +{: .specific-title} +1. Upload Analysis Result란에 OSS 리스트가 기재된 FOSSLight Report를 업로드합니다. + 업로드 가능한 FOSSLight Report 양식은 Export 버튼을 클릭하여 다운로드 받을 수 있습니다. + ![selfcheck_add_oss_1](images/1_self_check_file_uplad.png){: .styled-image} +2. OSS List가 작성된 Sheet를 선택하고 OK 클릭합니다. +3. Save 버튼()을 클릭합니다. + + +### (Enterprise Only) FOSSLight Scanner Service 분석 결과 Load +{: .specific-title} +**FOSSLight Hub의 Self-check와 [FOSSLight Scanner Service](http://fs.lge.com/)는 연동되어 있습니다.** +방법 1. URL을 선택하여 분석할 소스 링크 (wget 또는 git clone 하여 받을 수 있는 링크)를 입력하고 Send를 클릭합니다. + ![selfcheck_add_oss_3](images/1_self_check_add_oss_url.png){: .styled-image} +방법 2. [FOSSLight Scanner Service](http://fs.lge.com/)에 분석 완료한 Project의 결과 Report를 load합니다. + ![selfcheck_fs_list](images/1_self_check_add_prj_id.png){: .styled-image} diff --git a/tutorial/2_self_check/2_verify_oss_license.md b/tutorial/2_self_check/2_verify_oss_license.md new file mode 100644 index 00000000..4767c0e7 --- /dev/null +++ b/tutorial/2_self_check/2_verify_oss_license.md @@ -0,0 +1,42 @@ +--- +sort: 2 +published: true +--- + +# OSS 및 License 정보 확인 +![oss_table](images/2_self_check_oss_table.png){: .styled-image} + +## Warning Messages +{: .left-bar-title } +입력한 OSS, Version, License 와 FOSSLight Hub에 등록된 정보를 비교하여 관련 알림이 표시됩니다. + +| Message | Meaning | +|------|-----| +| Unconfirmed open source | FOSSLight Hub에 동일한 OSS Name이 등록되어 있지 않은 경우 표시됩니다. | +| Unconfirmed version | FOSSLight Hub에 동일한 OSS Name은 있으나, 동일 Version이 등록되어 있지 않은 경우 표시됩니다. | +| This field is required | License 정보가 기입되어있지 않을 경우에 표시됩니다.
(Self-Check에서는 필수 항목이 아닙니다.) | +| Non-included license | FOSSLight Hub에 동일 OSS Name, OSS Version이 등록되어 있으나, 기존 등록된 License와 다를 경우 표시됩니다. | + + +## OSS 및 License 정보 +{: .left-bar-title } +- 등록된 OSS, License Info가 있을 경우 OSS Detail, License Detail 컬럼에 아이콘이 표시됩니다. +- 아이콘을 클릭하면 OSS의 상세정보, License에 대한 상세정보, 그리고 해당 License에 대한 Guide가 제공됩니다. 단, 등록된 OSS라 할지라도 User Guide가 제공되지 않을 수 있습니다. + - **OSS Detail** : 등록된 OSS의 여러 Version, 각각의 License, Copyright 등 세부정보가 팝업창으로 제공됩니다. + ![selfcheck_oss_detail](images/2_self_check_oss_detail.png){: .styled-image} + - **License Detail** : 해당 OSS가 사용하는 License의 상세 정보와, License Text가 팝업창으로 제공됩니다. + ![selfcheck_license_detail](images/2_self_check_license_detail.png){: .styled-image} + - **User Guide** : 해당 License 사용 시 참고할 수 있는 정보들에 대한 링크가 제공됩니다. + + +## OSS 사용에 따른 의무/제한 사항 +{: .left-bar-title } +상세 내용은 [**License List**](../../menu/2_license.md)에서 확인 가능합니다. +- **Notice Column**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Copyright나 License (혹은 둘 다)에 대한 고지의 의무가 있음을 의미합니다. +- **Source Column**: 체크(![ObligationCheck](images/check_icon.png)) 표시가 되어 있는 경우, + Source Code 공개 의무가 있음을 의미합니다. + - Notice/Source Column의 **물음표 아이콘**(): + 등록되지 않은 Open Source/License로 의무 사항을 알 수 없습니다. +- **Restriction Column** : ![RestrictionIcon](images/restriction_icon.png) 표시가 되어있는 경우, + 해당 OSS를 사용하는데 제약사항이 존재함을 의미합니다. (예 : 수정 제한, 상업적 사용 제한 등) \ No newline at end of file diff --git a/tutorial/2_self_check/3_verify_vulnerability.md b/tutorial/2_self_check/3_verify_vulnerability.md new file mode 100644 index 00000000..88ade61b --- /dev/null +++ b/tutorial/2_self_check/3_verify_vulnerability.md @@ -0,0 +1,40 @@ +--- +sort: 3 +published: true +--- + +# Vulnerability 정보 확인 + +
+ º Vulnerability 열에서 확인 : NIST에서 제공하는 CVE DB에서 해당 OSS가 검색되면 Vulnerability 아이콘이 CVSS Score에 따라 색깔로 구분되어 표시됩니다.
+ º Export 파일 (.xlsx)로 확인 : 기술된 전체 OSS의 리스트와 취약점 정보가 포함된 엑셀 파일이 다운로드 됩니다.
+ º Vulnerability 관련 상세 정보는 Vulnerability 에서 확인 가능합니다. +
+ + +## 1. FOSSLight Hub UI에서 확인 +{: .left-bar-title } +Vulnerability 아이콘을 클릭하면 해당 OSS Name, OSS Version의 취약점 정보가 팝업창으로 제공됩니다. +![self_pop](images/3_self_check_vul.png) + + +## 2. Export 파일로 확인 +{: .left-bar-title } +### Self-Check Sheet +{: .specific-title} +![self_check_sheet](images/3_self_sheet1.png) +- 사용자가 입력한 OSS 리스트가 OSS 보고서 양식에 준하여 기술됩니다. +- 이 탭의 정보는 추후 [Project](../../menu/4_project.md)의 Identification 탭에 업로드할 수 있습니다. + + +### Vulnerability Sheet +{: .specific-title} +![self_check_sheet2](images/3_self_sheet2.png) +- 취약점 정보가 발견된 OSS의 입력한 버전과 상위 버전의 정보들이 기술됩니다. + - OSS Name : OSS Table에 작성한 OSS Name. + - Nick Name : OSS Table에 작성한 OSS의 nickname으로 Vulnerability가 조회된 경우, 매칭된 nickname이 표시됩니다. (매칭된 nickname이 없는 경우 -로 표시) + - OSS Version : Vulnerability 조회된 version. + - Max Score : 해당 OSS, Version에 대한 Vulnerability Max Score. + - Vulnerability Link : 해당 OSS Name, OSS Version으로 조회된 Vulnerability 목록을 확인할 수 있는 팝업 링크를 출력합니다. + + diff --git a/tutorial/2_self_check/4_noitce.md b/tutorial/2_self_check/4_noitce.md new file mode 100644 index 00000000..d9b131c0 --- /dev/null +++ b/tutorial/2_self_check/4_noitce.md @@ -0,0 +1,20 @@ +--- +sort: 4 +published: true +--- + +# Self-Check Notice +
+Self-Check의 Notice 탭을 이용하여 자체적으로 OSS Notice를 발행할 수 있습니다. +
+ +## OSS Notice 발행 방법 +{: .left-bar-title } +- Self-Check 내 OSS Table에 작성된 사항을 기반으로 OSS Notice가 발행됩니다.(License가 미 등록된 경우를 제외) +![self_pop](images/4_self_check_notice.png) + - Request to generate a default OSS Notice. (Select this in most cases.) + - 수정 없이 OSS Notice를 발행하는 경우 선택합니다. + - Request to generate a modified OSS Notice. (Select this only in exceptional cases.) + - OSS Notice의 포맷이나 Contents를 수정할 수 있습니다. + - OSS Notice에 File을 append 하여 내용을 추가할 수 있습니다. + - **download** 버튼을 클릭하여 선택한 format으로 OSS Notice를 다운로드할 수 있습니다. diff --git a/tutorial/2_self_check/README.md b/tutorial/2_self_check/README.md new file mode 100644 index 00000000..44346acb --- /dev/null +++ b/tutorial/2_self_check/README.md @@ -0,0 +1,9 @@ +--- +sort: 2 +published: true +title: Self-Check +--- + +# Self-Check Tutorial + +{% include list.liquid all=true %} \ No newline at end of file diff --git a/tutorial/2_self_check/images/1_self_check_add_oss_url.png b/tutorial/2_self_check/images/1_self_check_add_oss_url.png new file mode 100644 index 00000000..57fc6d41 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_add_oss_url.png differ diff --git a/tutorial/2_self_check/images/1_self_check_add_prj_id.png b/tutorial/2_self_check/images/1_self_check_add_prj_id.png new file mode 100644 index 00000000..4a89e002 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_add_prj_id.png differ diff --git a/tutorial/2_self_check/images/1_self_check_create_1.png b/tutorial/2_self_check/images/1_self_check_create_1.png new file mode 100644 index 00000000..f34060e2 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_create_1.png differ diff --git a/tutorial/2_self_check/images/1_self_check_create_2.png b/tutorial/2_self_check/images/1_self_check_create_2.png new file mode 100644 index 00000000..8b9533f6 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_create_2.png differ diff --git a/tutorial/2_self_check/images/1_self_check_file_uplad.png b/tutorial/2_self_check/images/1_self_check_file_uplad.png new file mode 100644 index 00000000..0c270722 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_file_uplad.png differ diff --git a/tutorial/2_self_check/images/1_self_check_fs_list.png b/tutorial/2_self_check/images/1_self_check_fs_list.png new file mode 100644 index 00000000..10b96416 Binary files /dev/null and b/tutorial/2_self_check/images/1_self_check_fs_list.png differ diff --git a/tutorial/2_self_check/images/2_self_check_license_detail.png b/tutorial/2_self_check/images/2_self_check_license_detail.png new file mode 100644 index 00000000..726b74a8 Binary files /dev/null and b/tutorial/2_self_check/images/2_self_check_license_detail.png differ diff --git a/tutorial/2_self_check/images/2_self_check_oss_detail.png b/tutorial/2_self_check/images/2_self_check_oss_detail.png new file mode 100644 index 00000000..67d2de61 Binary files /dev/null and b/tutorial/2_self_check/images/2_self_check_oss_detail.png differ diff --git a/tutorial/2_self_check/images/2_self_check_oss_table.png b/tutorial/2_self_check/images/2_self_check_oss_table.png new file mode 100644 index 00000000..8157cc1f Binary files /dev/null and b/tutorial/2_self_check/images/2_self_check_oss_table.png differ diff --git a/tutorial/images/2_self_check_ossname.png b/tutorial/2_self_check/images/2_self_check_ossname.png similarity index 100% rename from tutorial/images/2_self_check_ossname.png rename to tutorial/2_self_check/images/2_self_check_ossname.png diff --git a/tutorial/2_self_check/images/2_self_check_unclear_icon.png b/tutorial/2_self_check/images/2_self_check_unclear_icon.png new file mode 100644 index 00000000..3458577c Binary files /dev/null and b/tutorial/2_self_check/images/2_self_check_unclear_icon.png differ diff --git a/tutorial/images/2_self_export.png b/tutorial/2_self_check/images/2_self_export.png similarity index 100% rename from tutorial/images/2_self_export.png rename to tutorial/2_self_check/images/2_self_export.png diff --git a/tutorial/images/2_self_lic.png b/tutorial/2_self_check/images/2_self_lic.png similarity index 100% rename from tutorial/images/2_self_lic.png rename to tutorial/2_self_check/images/2_self_lic.png diff --git a/tutorial/images/2_self_lic2.png b/tutorial/2_self_check/images/2_self_lic2.png similarity index 100% rename from tutorial/images/2_self_lic2.png rename to tutorial/2_self_check/images/2_self_lic2.png diff --git a/tutorial/images/2_self_new.png b/tutorial/2_self_check/images/2_self_new.png similarity index 100% rename from tutorial/images/2_self_new.png rename to tutorial/2_self_check/images/2_self_new.png diff --git a/tutorial/images/2_self_new_list.png b/tutorial/2_self_check/images/2_self_new_list.png similarity index 100% rename from tutorial/images/2_self_new_list.png rename to tutorial/2_self_check/images/2_self_new_list.png diff --git a/tutorial/images/2_self_oss.png b/tutorial/2_self_check/images/2_self_oss.png similarity index 100% rename from tutorial/images/2_self_oss.png rename to tutorial/2_self_check/images/2_self_oss.png diff --git a/tutorial/images/2_self_save.png b/tutorial/2_self_check/images/2_self_save.png similarity index 100% rename from tutorial/images/2_self_save.png rename to tutorial/2_self_check/images/2_self_save.png diff --git a/tutorial/2_self_check/images/3_self_check_vul.png b/tutorial/2_self_check/images/3_self_check_vul.png new file mode 100644 index 00000000..2870d039 Binary files /dev/null and b/tutorial/2_self_check/images/3_self_check_vul.png differ diff --git a/started/images/6_self_sheet1.png b/tutorial/2_self_check/images/3_self_sheet1.png similarity index 100% rename from started/images/6_self_sheet1.png rename to tutorial/2_self_check/images/3_self_sheet1.png diff --git a/started/images/6_self_sheet2.png b/tutorial/2_self_check/images/3_self_sheet2.png similarity index 100% rename from started/images/6_self_sheet2.png rename to tutorial/2_self_check/images/3_self_sheet2.png diff --git a/tutorial/2_self_check/images/4_self_check_notice.png b/tutorial/2_self_check/images/4_self_check_notice.png new file mode 100644 index 00000000..c11118cf Binary files /dev/null and b/tutorial/2_self_check/images/4_self_check_notice.png differ diff --git a/tutorial/2_self_check/images/check_icon.png b/tutorial/2_self_check/images/check_icon.png new file mode 100644 index 00000000..703ffce9 Binary files /dev/null and b/tutorial/2_self_check/images/check_icon.png differ diff --git a/tutorial/2_self_check/images/restriction_icon.png b/tutorial/2_self_check/images/restriction_icon.png new file mode 100644 index 00000000..99ae9f73 Binary files /dev/null and b/tutorial/2_self_check/images/restriction_icon.png differ diff --git a/tutorial/2_self_check/images/save_button.png b/tutorial/2_self_check/images/save_button.png new file mode 100644 index 00000000..c2536c7b Binary files /dev/null and b/tutorial/2_self_check/images/save_button.png differ diff --git a/tutorial/README.md b/tutorial/README.md index e39aa0ce..69e5acee 100644 --- a/tutorial/README.md +++ b/tutorial/README.md @@ -1,5 +1,5 @@ --- -sort: 3 +sort: 4 published: true --- diff --git a/tutorial/images/1_prj_bin.png b/tutorial/images/1_prj_bin.png deleted file mode 100644 index 3a91b2c2..00000000 Binary files a/tutorial/images/1_prj_bin.png and /dev/null differ diff --git a/tutorial/images/1_prj_notice.png b/tutorial/images/1_prj_notice.png deleted file mode 100644 index 4876450f..00000000 Binary files a/tutorial/images/1_prj_notice.png and /dev/null differ diff --git a/tutorial/images/1_prj_oss_notice.png b/tutorial/images/1_prj_oss_notice.png deleted file mode 100644 index a241637f..00000000 Binary files a/tutorial/images/1_prj_oss_notice.png and /dev/null differ diff --git a/tutorial/images/1_prj_pkg.png b/tutorial/images/1_prj_pkg.png deleted file mode 100644 index 1ffd14d0..00000000 Binary files a/tutorial/images/1_prj_pkg.png and /dev/null differ diff --git a/tutorial/images/1_prj_sheet.PNG b/tutorial/images/1_prj_sheet.PNG deleted file mode 100644 index 66f376ee..00000000 Binary files a/tutorial/images/1_prj_sheet.PNG and /dev/null differ diff --git a/tutorial/images/2_self_add.png b/tutorial/images/2_self_add.png deleted file mode 100644 index b49036ea..00000000 Binary files a/tutorial/images/2_self_add.png and /dev/null differ diff --git a/tutorial/images/2_self_auto.png b/tutorial/images/2_self_auto.png deleted file mode 100644 index 76e37161..00000000 Binary files a/tutorial/images/2_self_auto.png and /dev/null differ