Analyze at once for Open Source Compliance.
FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.
- FOSSLight Prechecker Check whether the source code's copyright and license writing rules are complied with.
- FOSSLight Source Scanner Extract license and copyright in the source code using ScanCode.
- FOSSLight Dependency Scanner Extract dependency and OSS information from the package manager's manifest file.
- FOSSLight Binary Scanner Find binary and print OSS information.
FOSSLight Scanner needs a Python 3.6+.
It can be installed using pip3. It is recommended to install it in the python 3.7 + virtualenv environment.
$ pip3 install fosslight_scanner
FOSSLight Scanner is run with the fosslight command.
fosslight [Mode] [option1] <arg1> [option2] <arg2>...
Mode
all Run all scanners(Default)
source Run FOSSLight Source
dependency Run FOSSLight Dependency
binary Run FOSSLight Binary
prechecker Run FOSSLight Prechecker
compare Compare two FOSSLight reports
Options:
-h Print help message
-p <path> Path to analyze (ex, -p {input_path})
* Compare mode input file: Two FOSSLight reports (supports excel, yaml)
(ex, -p {before_name}.xlsx {after_name}.xlsx)
-w <link> Link to be analyzed can be downloaded by wget or git clone
-f <format> FOSSLight Report file format (excel, yaml)
* Compare mode result file: supports excel, json, yaml, html
-o <output> Output directory or file
-c <number> Number of processes to analyze source
-e <path> Path to exclude from analysis (ex, -e {dir} {file})
-r Keep raw data
-t Hide the progress bar
-v Print FOSSLight Scanner version
-s <path> Path to apply setting from json file (check format with 'setting.json' in this repository)
* Direct cli flags have higher priority than setting file
(ex, '-f yaml -s setting.json' - result file extension is .yaml)
- Refs.
- Additional arguments for running dependency analysis. See the FOSSLight Dependency Guide for instructions.
- In the case of DB URL, it is the DB connection information to be used in FOSSLight Binary.
$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"
$ fosslight all -p /home/source_path -e temp_dir src/temp.py
$ fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"
If you want to analyze private repository, set your github token like below.
$ fosslight all -w "https://my_github_token@github.com/Foo/private_repo
Ex 4. Compare the BOM of two FOSSLight reports with yaml or excel format and check the oss status (change/add/delete)
$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel
$ tree
.
├── fosslight_log
│ ├── fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
- FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
- fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis
- Build image using Dockerfile.
$docker build -t fosslight .
- Run with the image you built.
ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output
Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
FOSSLight Scanner is released under Apache-2.0.