SPDX Tool Website SPDX Tool Description License and copyright scanner that emits license names that conform to SPDX. In March a module should be added that gives the user an SPDX FOSSology fossology.org BOM based on what they input into fossology. Antepedia Reporter 2.2 http://www.antelink.com/dowload Antepedia Reporter allows your developers, project managers, or legal advisors to create reports about the open source components in your code base. Execute license compliance audits and Intellectual property (IP) rights management Generate automatic Bill-of-Materials (BOM) reports Improve collaboration between sofware developers, project managers, and the legal department of your organization Manage your Catalog Components and setup software tracking for you organization Jenkins Plugin Keep up to date with security vulnerabilities Follow every new release of your third-party software Full web inteface, which is quick and easy to use Your source code never leaves your server Free Edition, Cloud-Based service Black Duck Suite / Protex https://www.blackducksoftware.com/ Black Duck Suite provides a comprehensive, automated approach to open source governance and compliance that integrates across the application development lifecycle. The Suite automates key processes including: code acquisition, approval, scanning, validation, cataloging and monitoring. It is highly scalable and can support development teams of any size, whether colocated or geographically distributed, and can be deployed on premises or as software as a service (SaaS). Black Duck Suite generates SPDX output as part of its reporting capability. FOSSology+SPDX https://github.com/spdx-tools/fossology-spdx SPDX generation from FOSSology scan.
SPDX Tool Website SPDX Tool Description Scans source code for open source code snippet matches, license matches, and copyright text matches. Source Auditor Source Scanner http://www.sourceauditor.com Exports identified open source components in SPDX RDF format which can then be converted to a spreadsheet or tag/value format using the SPDX tools. SPDX Tools OpenLogic Exchange http://spdx.org/tools http://www.openlogic.com/products/olex/ Tools for validating, transforming, reading, writing and comparing SPDX format files. The SPDXViewer tool is a command line driven Java application that formats a valid SPDX RDF document. The SPDXTranslator tools allow for translation between the spreadsheet format, the tag/value format, HTML, and the RDF/XML format. The License RDFa generator will convert the SPDX license spreadsheet to a set of HTML files. The SPDX Compare Utility will compare two SPDX documents and report on any differences. OpenLogic Exchange (OLEX) is a Software-as-a-Service (SaaS) solution for comprehensive governance and provisioning of open source software. OLEX supports SPDX generation from inventory and audit scan results.
SPDX Tool Website SPDX Tool Description Protecode System 4 consists of a highly scalable, suite of open source software license management tools that allow organizations to manage open source and third party code attributes, licenses and copyrights, security vulnerabilities, export control, license obligations, encryption content, license compatibility Protecode System 4 www.protecode.com Protecode System 4 enables the managed adoption of open source and third party software in any size organization. The components of Protecode System 4 work together seamlessly as part of a comprehensive Open Source Software Adoption Process. SPDX-Cloud spdx.windriver.com The tool automatically generates low definition SPDX file. Once a file is uploaded, the tool sends SPDX file by email.
What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? FOSSology April 1 fossology v 2.2 Linux open source GPL-v2 1.1 Antepedia Reporter 2.2 26-02-2013 2.2.2 Linux, Windows, OS X commercial Both 1.0 and 1.1 Black Duck Suite / Protex FOSSology+SPDX June 2012, Protex 6.2 Linux, Windows commercial 1.1 April 1st,2013/1.0 Linux open source Apache 2.0 1.1
What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? Source Auditor Source Scanner 11/1/2012 Linux, Windows, OS X, Any platform running Java commercial Both 1.0 and 1.1 SPDX Tools OpenLogic Exchange 10/1/2011 Available since April 2012 Linux, Windows, OS X, Any platform which runs the Java JRE open source Apache 2.0 Both 1.0 and 1.1 Linux, Windows, OS X, SaaS based - Browser only commercial 1.1
What is the availability of the SPDX tool (date/version)? What operating sysetm is the SPDX tool supported on? Is the SPDX tool commercial or open source? If the SPDX tool is open source, what is the license? What SPDX version does the tool support? Protecode System 4 SPDX-Cloud August 2012/SPDX 1.1 Linux, Windows commercial Both 1.0 and 1.1 Linux, Windows, OS X, The tool is accessible on all It s currently available at spdx.windriver.com operating systems via browser. (It is a and the version number software as a is 1.0. service solution) commercial 1.1
What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? FOSSology We don't consume SPDX, we generate a BOM and license lists. 4 (Partially Automated) Antepedia Reporter 2.2 catalog import catalog and BoM report export. 4 (Partially Automated) Black Duck Suite / Protex FOSSology+SPDX Black Duck is actively developing SPDX file import and validation features. N/A Black Duck Suite's code scanning feature provides thorough discovery and identification of OSS and proprietary software components, as well as license, author and copyright text. Black Duck maintains and updates references to the SPDX license list. The SPDX report solution automatically populates certain SPDX fields with discovered data and provides users multiple options for populating Concluded fields. Generate TAG format SPDX file. Edit Package/File level information 4 (Partially Automated) 4 (Partially Automated)
What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? Source Auditor Source Scanner By analyzing a code base and exporting an SPDX file, the consumer can use the SPDX compare utility to compare a provided SPDX file. Primary focus of the SPDX support. The tool can aid in production of SPDX files by identifying the origin (artifactof), licenses and copyrights which can then be exported to an SPDX RDF file. 3 SPDXViewer - allows a consumer to view a text or HTML version of an SPDX RDF or tag/value formatted file. SPDX Tools SPDX Translator will translate an SPDX document to a spreadsheet format for easy viewing and editing SPDX Compare Utility will compare two documents and report differences. SPDX Translator will translate a spreadsheet version of an SPDX document to a tag/value or an RDF formatted file. The SPDX viewer will validate SPDX files. 2 OpenLogic Exchange Currently none but import is planned. OLEX supports SPDX generation from inventory and audit scan results. 1 (Fully Automated/No Human Involvement)
What are the SPDX tool features which help the consumption of SPDX files? What are the SPDX tool features which help the production of SPDX files? If the SPDX tool is focused on production, how automated is the SPDX production? Protecode System 4 Protecode System 4 analyzes binary code and source code to determine license and copyright information. As part of its scan, it automatically detects the presence of SPDX files in all formats, and consumes them to help determine the nature of the licenses and copyrights. It consumes SPDX version 1.0 and 1.1. Protecode System 4 generates comprehensive reports about the analyzed code's use of licenses and copyrights. It can also generate reports as SPDX files version 1.1. This process is fully automated, and can also combine the information of all SDPX in included projects into one high level package. The user can enter all necessary high level 1 (Fully Automated/No Human package information and add comments. Involvement) SPDX-Cloud None. The tool automatically generates SPDX low definition data in Tag/value format for each uploaded file. 1 (Fully Automated/No Human Involvement)
What are identified bugs or problems associated with the SPDX tool? Additional Information FOSSology Antepedia Reporter 2.2 Black Duck Suite / Protex FOSSology+SPDX Manual editing of the SPDX output may be required to ensure that full copyright text discovered in the software is included in the SPDX file. Large package timeout
What are identified bugs or problems associated with the SPDX tool? Additional Information Source Auditor Source Scanner None These tools are primarily used by experienced code auditors who have some experience in identifying open source code. They are used by Source Auditor Inc. during as part of the open source auditing service. SPDX Tools OpenLogic Exchange Tag/Value formatted tools does not properly support comments. None. The open source implementation contains libraries which can be included in other tools to support SPDX. The libraries contain a complete Java based model SPDX and can output that model in RDF, tag/value or Excel spreadsheet formats.
What are identified bugs or problems associated with the SPDX tool? Additional Information Protecode System 4 None. Over 20 systems shipped worldwide. Protecode System 4 supported the generation and consumption of SPDX files version 1.0 in August 2011. Protecode is been an active participant in the development of the SPDX standard. SPDX-Cloud Missing full path name for each file. This is software as a service running on a cloud instead of a stand-alone tool.