Re: [Openchain-japan-wg] A question about license scanners for the OpenChain community


Oliver Fendt
 

Hi Shane,

 

to my understanding sw360-antenna is a tool they can use.

Sw360-antenna checks the dependencies and downloads them. It further has an integration to sw360 where then the BOM of the projects is created and the packages are uploaded.

I think that antenna can also call scancode to check the downloaded packages. Sw360-antenna is licensed under EPL-2.0 (sw360 under EPL-1.0). It is available at https://github.com/eclipse/antenna

As similar functionality is also covered by ORT (open source review toolkit) . This is licensed under Apache-2.0, It is available at https://github.com/heremaps/oss-review-toolkit

 

I hope that helps

 

Ciao

Oliver

 

Von: openchain-bounces@... <openchain-bounces@...> Im Auftrag von Shane Coughlan
Gesendet: Donnerstag, 18. April 2019 05:25
An: / WATANABEAYUMI 渡邊歩 <ayumi.watanabe.ze@...>
Cc: openchain@...; openchain-japan-wg@...; Openchain-korea-wg@...
Betreff: Re: [OpenChain] [Openchain-japan-wg] A question about license scanners for the OpenChain community

 

Thank you Ayumi San! That is fantastic!

 

Shane

 

PS: What a GREAT community :) Answers from all over the world within 30 minutes...



On Apr 18, 2019, at 12:14, 渡邊歩 / WATANABEAYUMI <ayumi.watanabe.ze@...> wrote:

 

Hello Shane-san,

How about FOSSA? I think their scan module is OSS.
https://github.com/fossas/fossa-cli

Regards,

Ayumi Watanabe


-----Original Message-----
From:
openchain-japan-wg-bounces@...
<
openchain-japan-wg-bounces@...> On Behalf Of
Shane Coughlan
Sent: Thursday, April 18, 2019 11:35 AM
To:
openchain@...
Cc:
openchain-japan-wg@...;
Openchain-korea-wg@...
Subject: [!][Openchain-japan-wg] A question about license scanners for the
OpenChain community

Hello all!

I recently received a question about open source license scanners that you may
be able to answer:

A company in China is looking for open source tools that can scan packages
and code. One example of their use-case is a Java Project where the code scan
would be useful and it would be great to parse the pom.xml file to check if they
are importing LGPL/GPL jar libraries.

It seems that FOSSology cannot parse Maven files and ScanCode will parse the
files but does not have the required feature in the current feature set.

Any ideas?

Regards

Shane

--
Shane Coughlan
General Manager, OpenChain
e:
coughlan@...
p: +81 (0) 80 4035 8083
w:
https://clicktime.symantec.com/3W3KfYYoBQjReyssL6sf7j77Vc?u=www.ope
nchainproject.org

Schedule a call:
https://clicktime.symantec.com/3eeqhFDoahKhCfemyTH1GS7Vc?u=https%
3A%2F%2Fcalendly.com%2Fshanecoughlan

_______________________________________________
Openchain-japan-wg mailing list
Openchain-japan-wg@...
https://clicktime.symantec.com/3NdXkA7HriFp9vzEY2oofdz7Vc?u=https%3
A%2F%2Flists.linuxfoundation.org%2Fmailman%2Flistinfo%2Fopenchain-jap
an-wg

 

--
Shane Coughlan
General Manager, OpenChain
e: coughlan@...            
p: +81 (0) 80 4035 8083                
w: www.openchainproject.org

 

 

Join main@lists.openchainproject.org to automatically receive all group messages.