BOM based on what they input into fossology.

Similar documents
Managing Open Source Software Supply Chains

Scanning Open Source Software and Managing License Obligations on IBM SmartCloud. Because code travels

Code Estimation Tools Directions for a Services Engagement

Streamlining Open Source License Compliance with SPDX

Software Package Document exchange (SPDX ) Tools. Version 1.2. Copyright The Linux Foundation. All other rights are expressly reserved.

OSS LOGISTICS: DRIVING INNOVATIVE SOFTWARE FROM DEVELOPER TO CUSTOMER Alex Bigmore Senior Architect & Open Source Governance Programme Manager SITA

How To Improve Your Software

Open Source Software and the impact on Mergers & Acquisitions

Using the Cisco OnPlus Scanner to Discover Your Network

ENJOYING OPEN SOURCE WITHOUT COMPROMISING BUSINESS. Dr. Ron Rymon Founder, White Source Software

The FOSSology Project Overview and Discussion. » The Open Compliance Program. ... By Bob Gobeille, Hewlett-Packard

OPEN SOURCE SOFTWARE CUSTODIAN AS A SERVICE

Open Source and the New Software Supply Chain. Mark Tolliver, CEO Palamida Inc.

eeye Digital Security Product Training

nexb- Software Audit for Acquisition Due Diligence

Inside the Binary Analysis Tool

Report Builder Easily create exportable reports

How To Manage An Open Source Software

Delivering IT Security and Compliance as a Service

Qualys PC/SCAP Auditor

StableNet Monitoring out of the Cloud. Using the unified StableNet OSS Solution in a cloud-based environment

IT Security & Compliance. On Time. On Budget. On Demand.

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Nessus Agents. October 2015

Complete Patch Management

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Intelligent Inventory and Professional License Management

Automation for Electronic Forms, Documents and Business Records (NA)

Managing Open Source Code Best Practices

Novell ZENworks Asset Management 7.5

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

USER GUIDE. Snow Inventory Client for Unix Version Release date Document date

FlexMaster First Global Wi-Fi Managed Service

Your world runs on applications. Secure them with Veracode.

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

The Dangers of Consumer Grade File Sharing in a Compliance Driven World

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Meister Going Beyond Maven

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

About Network Data Collector

SecureGRC TM - Cloud based SaaS

Product Comparison List

Halo. for PCI Compliance. Who Needs PCI in the Cloud? What It Takes to be PCI Compliant

Digital Asset Management. Content Control for Valuable Media Assets

Adobe Systems Incorporated

CloudPassage Halo Technical Overview

Open Source Policy Builder

SOFTWARE TESTING TRAINING COURSES CONTENTS

The FOSSology project

Open Source Policy Builder

Drupal and the Media Industry. Stéphane Corlosquet EMWRT IX, Sept 2013, Amsterdam

RTI Quick Start Guide for JBoss Operations Network Users

owncloud Architecture Overview

IBM Proventia Network Enterprise Scanner

SaaS & Cloud Application Development & Delivery

Phil Marshall Black Duck Software ISACA Webinar Program ISACA. All rights reserved.

LabArchives Electronic Lab Notebook:

How equip! for IT asset management is compared to other IT Asset Management Software Solutions

Open Source Management Practices Survey What R&D Teams Are Doing, And Why Their Results Are Poor Despite Their Efforts

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Resolving the Top Three Patch Management Challenges

The Definitive Guide To Docker Containers

IUCLID 5 Guidance and Support

Open EMS Suite. O&M Agent. Functional Overview Version 1.2. Nokia Siemens Networks 1 (18)

Connectivity to Polycom RealPresence Platform Source Data

KASEYA CLOUD SOLUTION CATALOG 2016 Q1. UPDATED & EFFECTIVE AS OF: February 1, Kaseya Catalog Kaseya Copyright All rights reserved.

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

Sentinel Cloud V.3.6 Quick Start Guide

SAP HANA Cloud Platform. Technical Overview Uwe Heinz

Bringing Continuous Security to the Global Enterprise

Contents Introduction... 5 Installation Instructions... 6 Uninstall the Unifier File Transfer Utility... 8 For More Information...

Enterprise level security, the Huddle way.

BarTender Integration Methods. Integrating BarTender s Printing and Design Functionality with Your Custom Application WHITE PAPER

Delivering IT Security and Compliance as a Service

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Continuous security audit automation with Spacewalk, Puppet, Mcollective and SCAP

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

ZITAC IMAGE FACTORY & CUMULUS ASSET BROWSER

rating of 5 out 5 stars

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Open Source Policy Builder

Product Flyer. Ruckus Wireless FlexMaster. First Global Wi-Fi Managed Service Platform for Enterprises and Service Providers

From Private to Hybrid Clouds through Consistency and Portability

HIGH-SPEED BRIDGE TO CLOUD STORAGE

Cloud Computing demystified! ISACA-IIA Joint Meeting Dec 9, 2014 By: Juman Doleh-Alomary Office of Internal Audit

APPLICATION MANAGEMENT SUITE FOR ORACLE E-BUSINESS SUITE APPLICATIONS

Staying Ahead of the Hacker Curve Turn-key Web Application Security Solution

Holger Reinhardt IBM Deutschland Research & Development GmbH holger.reinhardt@de.ibm.com. Cloud Appliances IBM Corporation

Easing embedded Linux software development for SBCs

Enterprise Security. Moving from Chaos to Control with Integrated Security Management. Yanet Manzano. Florida State University.

RayManageSoft. infinity. The new generation of Application Lifecycle Management

5 Steps for a Winning Open Source Compliance Program

Cisco IP Solution Center MPLS VPN Management 5.0

What is Cloud-Based Security? Cloud-based Security = Security Management + Cloud Computing.

Recent Issues in Software Testing: Part B

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Transcription:

SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org BOM based on what they input into fossology. Antepedia Reporter 2.2 http://www.antelink.com/dowload Antepedia Reporter allows your developers, project managers, or legal advisors to create reports about the open source components in your code base. Execute license compliance audits and Intellectual property (IP) rights management Generate automatic Bill-of-Materials (BOM) reports Improve collaboration between sofware developers, project managers, and the legal department of your organization Manage your Catalog Components and setup software tracking for you organization Jenkins Plugin Keep up to date with security vulnerabilities Follow every new release of your third-party software Full web inteface, which is quick and easy to use Your source code never leaves your server Free Edition, Cloud-Based service Black Duck Suite / Protex https://www.blackducksoftware.com/ Black Duck Suite provides a comprehensive, automated approach to open source governance and compliance that integrates across the application development lifecycle. The Suite automates key processes including: code acquisition, approval, scanning, validation, cataloging and monitoring. It is highly scalable and can support development teams of any size, whether colocated or geographically distributed, and can be deployed on premises or as software as a service (SaaS). Black Duck Suite generates SPDX output as part of its reporting capability. FOSSology+SPDX https://github.com/spdx-tools/fossology-spdx SPDX generation from FOSSology scan.

SPDX Tool Website SPDX Tool Description Scans source code for open source code snippet matches, license matches, and copyright text matches. Source Auditor Source Scanner http://www.sourceauditor.com Exports identified open source components in SPDX RDF format which can then be converted to a spreadsheet or tag/value format using the SPDX tools. SPDX Tools OpenLogic Exchange http://spdx.org/tools http://www.openlogic.com/products/olex/ Tools for validating, transforming, reading, writing and comparing SPDX format files. The SPDXViewer tool is a command line driven Java application that formats a valid SPDX RDF document. The SPDXTranslator tools allow for translation between the spreadsheet format, the tag/value format, HTML, and the RDF/XML format. The License RDFa generator will convert the SPDX license spreadsheet to a set of HTML files. The SPDX Compare Utility will compare two SPDX documents and report on any differences. OpenLogic Exchange (OLEX) is a Software-as-a-Service (SaaS) solution for comprehensive governance and provisioning of open source software. OLEX supports SPDX generation from inventory and audit scan results.

SPDX Tool Website SPDX Tool Description Protecode System 4 consists of a highly scalable, suite of open source software license management tools that allow organizations to manage open source and third party code attributes, licenses and copyrights, security vulnerabilities, export control, license obligations, encryption content, license compatibility Protecode System 4 www.protecode.com Protecode System 4 enables the managed adoption of open source and third party software in any size organization. The components of Protecode System 4 work together seamlessly as part of a comprehensive Open Source Software Adoption Process. SPDX-Cloud spdx.windriver.com The tool automatically generates low definition SPDX file. Once a file is uploaded, the tool sends SPDX file by email.

What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? FOSSology April 1 fossology v 2.2 Linux open source GPL-v2 1.1 Antepedia Reporter 2.2 26-02-2013 2.2.2 Linux, Windows, OS X commercial Both 1.0 and 1.1 Black Duck Suite / Protex FOSSology+SPDX June 2012, Protex 6.2 Linux, Windows commercial 1.1 April 1st,2013/1.0 Linux open source Apache 2.0 1.1

What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? Source Auditor Source Scanner 11/1/2012 Linux, Windows, OS X, Any platform running Java commercial Both 1.0 and 1.1 SPDX Tools OpenLogic Exchange 10/1/2011 Available since April 2012 Linux, Windows, OS X, Any platform which runs the Java JRE open source Apache 2.0 Both 1.0 and 1.1 Linux, Windows, OS X, SaaS based - Browser only commercial 1.1

What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? Protecode System 4 SPDX-Cloud August 2012/SPDX 1.1 Linux, Windows commercial Both 1.0 and 1.1 Linux, Windows, OS X, The tool is accessible on all It s currently available at spdx.windriver.com operating systems via browser. (It is a and the version number software as a is 1.0. service solution) commercial 1.1

What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? FOSSology We don't consume SPDX, we generate a BOM and license lists. 4 (Partially Automated) Antepedia Reporter 2.2 catalog import catalog and BoM report export. 4 (Partially Automated) Black Duck Suite / Protex FOSSology+SPDX Black Duck is actively developing SPDX file import and validation features. N/A Black Duck Suite's code scanning feature provides thorough discovery and identification of OSS and proprietary software components, as well as license, author and copyright text. Black Duck maintains and updates references to the SPDX license list. The SPDX report solution automatically populates certain SPDX fields with discovered data and provides users multiple options for populating Concluded fields. Generate TAG format SPDX file. Edit Package/File level information 4 (Partially Automated) 4 (Partially Automated)

What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? Source Auditor Source Scanner By analyzing a code base and exporting an SPDX file, the consumer can use the SPDX compare utility to compare a provided SPDX file. Primary focus of the SPDX support. The tool can aid in production of SPDX files by identifying the origin (artifactof), licenses and copyrights which can then be exported to an SPDX RDF file. 3 SPDXViewer - allows a consumer to view a text or HTML version of an SPDX RDF or tag/value formatted file. SPDX Tools SPDX Translator will translate an SPDX document to a spreadsheet format for easy viewing and editing SPDX Compare Utility will compare two documents and report differences. SPDX Translator will translate a spreadsheet version of an SPDX document to a tag/value or an RDF formatted file. The SPDX viewer will validate SPDX files. 2 OpenLogic Exchange Currently none but import is planned. OLEX supports SPDX generation from inventory and audit scan results. 1 (Fully Automated/No Human Involvement)

What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? Protecode System 4 Protecode System 4 analyzes binary code and source code to determine license and copyright information. As part of its scan, it automatically detects the presence of SPDX files in all formats, and consumes them to help determine the nature of the licenses and copyrights. It consumes SPDX version 1.0 and 1.1. Protecode System 4 generates comprehensive reports about the analyzed code's use of licenses and copyrights. It can also generate reports as SPDX files version 1.1. This process is fully automated, and can also combine the information of all SDPX in included projects into one high level package. The user can enter all necessary high level 1 (Fully Automated/No Human package information and add comments. Involvement) SPDX-Cloud None. The tool automatically generates SPDX low definition data in Tag/value format for each uploaded file. 1 (Fully Automated/No Human Involvement)

What are identified bugs or problems associated with the SPDX tool? Additional Information FOSSology Antepedia Reporter 2.2 Black Duck Suite / Protex FOSSology+SPDX Manual editing of the SPDX output may be required to ensure that full copyright text discovered in the software is included in the SPDX file. Large package timeout

What are identified bugs or problems associated with the SPDX tool? Additional Information Source Auditor Source Scanner None These tools are primarily used by experienced code auditors who have some experience in identifying open source code. They are used by Source Auditor Inc. during as part of the open source auditing service. SPDX Tools OpenLogic Exchange Tag/Value formatted tools does not properly support comments. None. The open source implementation contains libraries which can be included in other tools to support SPDX. The libraries contain a complete Java based model SPDX and can output that model in RDF, tag/value or Excel spreadsheet formats.

What are identified bugs or problems associated with the SPDX tool? Additional Information Protecode System 4 None. Over 20 systems shipped worldwide. Protecode System 4 supported the generation and consumption of SPDX files version 1.0 in August 2011. Protecode is been an active participant in the development of the SPDX standard. SPDX-Cloud Missing full path name for each file. This is software as a service running on a cloud instead of a stand-alone tool.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information