The FOSSology project



Similar documents
Free, Libre, Open Source Expertise Center (FLOSEC) EMEA. The FOSSology project. Bruno Cornec. Open Source and Linux Technology Consultant

How To Write Itil Open Source Solution Stack

A GPL continuous packaging solution

The FOSSology Project Overview and Discussion. » The Open Compliance Program. ... By Bob Gobeille, Hewlett-Packard

Mondo Rescue: A GPL disaster recovery and cloning solution

FOSSBazaar A Governance Initiative to manage Free and Open Source Software life cycle

What s so special about Mageia?

BOM based on what they input into fossology.

Parallels Virtuozzo Containers 4.7 for Linux Readme

Rebasoft Auditor Quick Start Guide

ENTERPRISE-CLASS MONITORING SOLUTION FOR EVERYONE ALL-IN-ONE OPEN-SOURCE DISTRIBUTED MONITORING

IBM Rational Asset Manager

The Operating System Lock Down Solution for Linux

XTM Web 2.0 Enterprise Architecture Hardware Implementation Guidelines. A.Zydroń 18 April Page 1 of 12

Table of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise

Meister Going Beyond Maven

Red Hat Enterprise Linux and management bundle for HP BladeSystem TM

IT Business Management System Requirements Guide

vrealize Business System Requirements Guide

Installing and Administering VMware vsphere Update Manager

Building Library Website using Drupal

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

Parallels Plesk Automation

Free and Open Source Software Compliance: An Operational Perspective

Red Hat Satellite Management and automation of your Red Hat Enterprise Linux environment

Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment

Dell Reference Configuration for Hortonworks Data Platform

Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

An Oracle White Paper June Oracle Linux Management with Oracle Enterprise Manager 12c

How To Manage Your Digital Assets On A Computer Or Tablet Device

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Net/FSE Installation Guide v1.0.1, 1/21/2008

GestióIP IPAM v3.0 IP address management software Installation Guide v0.1

Using Red Hat Network Satellite Server to Manage Dell PowerEdge Servers

Deliverable D 6.1 Website

BladeLogic Software-as-a- Service (SaaS) Solution. Help reduce operating cost, improve security compliance, strengthen cybersecurity posture

Unit 10 : An Introduction to Linux OS

Software Package Document exchange (SPDX ) Tools. Version 1.2. Copyright The Linux Foundation. All other rights are expressly reserved.

QuantStudio 3D AnalysisSuite Server System

IBM Tivoli Compliance Insight Manager

AppDynamics Lite Performance Benchmark. For KonaKart E-commerce Server (Tomcat/JSP/Struts)

Installation Guide to the Snare Server Installation Guide to the Snare Server

Of Penguins and Wildebeest. Anthony Rodgers VA7IRL

The Benefits of Verio Virtual Private Servers (VPS) Verio Virtual Private Server (VPS) CONTENTS

Business white paper. HP Process Automation. Version 7.0. Server performance

Heroix Longitude Quick Start Guide V7.1

Parallels Cloud Server 6.0 Readme

Parallels Cloud Server 6.0

Zend and IBM: Bringing the power of PHP applications to the enterprise

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

HP OpenView AssetCenter

Nexus Professional Whitepaper. Repository Management: Stages of Adoption

Managing your Red Hat Enterprise Linux guests with RHN Satellite

Parallels Virtual Automation 6.1

FOSS Governance Fundamentals

Advanced Linux System Administration Knowledge GNU/LINUX Requirements

Records Management and SharePoint 2013

opensuse.org Build Service

HP Intelligent Management Center Standard Software Platform

Mail Archive and Management System. Product White Paper

HP reference configuration for entry-level SAS Grid Manager solutions

Kaseya IT Automation Framework

Charles Endirect Ltd and the CELTEK Central Management System

ConcourseSuite 7.0. Installation, Setup, Maintenance, and Upgrade

Hardened Hosting. Quintin Russ. OWASP New Zealand Chapter th December 2011

HP Universal CMDB. Software Version: Support Matrix

JAMF Software Server Installation Guide for Linux. Version 8.6

Ingram Micro Cloud Hosted Services

Product Life Cycle Management

BMC Client Management - Technical Specifications. Version 12.0

Guardium Change Auditing System (CAS)

PROSPHERE: DEPLOYMENT IN A VITUALIZED ENVIRONMENT

Implementing the HP Cloud Map for SAS Enterprise BI on Linux

McAfee Firewall for Linux 8.0.0

PARALLELS SERVER 4 BARE METAL README

OCLC CONTENTdm. Geri Ingram Community Manager. Overview. Spring 2015 CONTENTdm User Conference Goucher College Baltimore MD May 27, 2015

DocuShare Installation Guide

System Requirements Table of contents

SNOW LICENSE MANAGER (7.X)... 3

Streamline NX. Capture, Distribution & Output Management Solution

Avira AntiVir MailGate 3.2 Release Notes

NSave Table of Contents

/ Administrator Training PAT-2012

System Requirements and Platform Support Guide

Installation & Upgrade Guide

IBM DB2 for Linux, UNIX, and Windows. Deploying IBM DB2 Express-C with PHP on Ubuntu Linux

Performance Monitor. Intellicus Web-based Reporting Suite Version 4.5. Enterprise Professional Smart Developer Smart Viewer

VMware vcenter Update Manager Administration Guide

DocuShare Installation Guide

An Oracle Technical Article November Certification with Oracle Linux 6

An Oracle White Paper June, Provisioning & Patching Oracle Database using Enterprise Manager 12c.

Performance Management Platform

Transcription:

The FOSSology project Bruno Cornec October 2012 Version 5.2 HP, EMEA Open Source Profession Lead

Introducing Myself Software engineering and Unices since 1988 Mostly Configuration Management Systems (CMS), Build systems, quality tools, on multiple commercial Unix systems Discover Open Source & Linux (OSL) & first contributions in 1993 Full time on OSL since 1995, first as HP reseller then @HP Currently: Master Technology Architect on OSL for the HP/Intel Solution Center, Grenoble OSL HP Advocate EMEA OSL HP Profession Lead Solutions Linux Conference and OWF board member MondoRescue, Dploy.org, Project-Builder.org project lead LinuxCOE, mrepo, tellico, rinse, fossology, collectl contributor FOSSBazaar and OSL Governance enthusiast Mandriva, Mageia, Fedora packager

FOSSology.org FOSSology's etymology: ΦΟΣΣ: Free Open Source Software λογος: science, study So FOSSology == FOSS study

Goal The goal of the FOSSology project is to create tools and a framework to reduce fear, uncertainty, and doubt in the use, development, and distribution of FOSS. FOSSology is a static analysis framework to learn what we can by scanning FOSS itself. Analyze the code, save the results in a database, report results through a Web (or scripted) interface. Focus now on License Management

FOSSology & the Linux Foundation

License Discovery Scan every single file in a tar file (or package, or ISO, distro or ) Fuzzy match against a library of > 400+ known licenses. Examine the non-matching portions looking for text that could be an unknown license. Nomos, the now GPLed license analysis tool, is the result of 10+ years of scanning @HP

FOSSology Process Flow

File upload screenshot

Let s Use FOSSology

Job queue screenshot

Benefit from FOSSology results

License browser screenshot

Architecture

Requirements - Linux System - Apache Web Server 2.x - PHP 5.x - PostgreSQL > 8.3 - Some libraries (libmagic, libxml2, libextractor) - Some commands (ar, bzcat, cabextract, fls cpio, dpkg, icat, isoinfo, pdftotext, rpm, rpm2cpio, tar, upxucl, unrar, unzip, wget, zcat) - Disk Space - CPU resources

Disturbing Image

Know Thy Licenses

Timeline

Meta data

Buckets

Comparisons

What's new in fossology 2.x 2.0 Announced Jun 7, 2012 : Restructure, few new features. New more robust batch scheduler (redesigned) More modularity in code (ease contributions for agents and allow module release independantly). Improved tags management, code documentation, testing Scan logs independant from scheduler logs. UI viewable Future 2.x: - SPDX support http://spdx.org/ The goal of this specification is to enable companies and organizations to share license and component information (metadata) for software package and related content with the aim of facilitating license and other policy compliance. - Binary analysis - Dependency analysis

Fossology and SPDX

Other uses for FOSSology o Copyright geneology o Trademark search o Vulnerability tracking o Dependency graphs o Distro, package, file diffs o Localization reports o Code Plagiarism o Vulnerability tracking o? o Your input here An Open Source project. => Contributions are encouraged.

Public repository Availability as of August 2012, 30 of a public FOSSology instance, hosted by the University of Nebraska, Omaha as part of their UNO project. FOSSology 2.0 Ubuntu 10.04.4 LTS 2GB RAM 50GB HD (92% free) 1x Intel Xeon 2.8 GHz w/ 128K cache https://fossology.ist.unomaha.edu/ "Now freely available to open source projects, corporate users, and academic institutions that wish to analyze open source software for licensing and copyright, as well as educate students on these important issues. Also working on an SPDX 1.1 agent Contact: Matt Germonprez

FLOSS Governance Workshop Workshop designed to guide through the top issues around management of Open Source in the enterprise. Targeted at a cross-organizational audience, including auditing, legal, procurement, operational risk management, technology strategy, and line-of-business departments Open Source Baseline Business Drivers Various open source touch points in your company Awareness, responsibilities, risks, processes Legal Aspects of Open Source Governance Assessment of Free and Open source software phenomenon Detailed discussion of Open Source Licenses Bridging the legal and technical communities Other considerations: WEB-based services, mergers and acquisitions, other Open Source Policy Best Practices Use of open source when appropriate, when not appropriate for your business Review of licenses, product distribution considerations Considerations for employee contribution to open source community Company relationship with community Automating Open Source Compliance Open Source Governance Processes Open Source discovery License detection and analysis Best practices for open source tracking, review 14/01/13 and management Open Source Compliance Lifecycle, workflow Building Internal Open Source Communities 29

Web Resources FOSSOlogy http://www.fossology.org Mailing Lists, contacts http://fossology.org/contact_us fossology@fossology.org IRC #fossology on irc.oftc.net :6667 Public FOSSOlogy instance https://fossology.ist.unomaha.edu/ Plume details http://www.projet-plume.org/fiche/fossology Project-Builder http://trac.project-builder.org Open Source at HP http://opensource.hp.com The evolution of FLOSS ProLiant & Linux and the Internet are http://www.hp.com/go/proliantlinux Linux Foundation Open Compliance Program tightly coupled http://www.linuxfoundation.org/programs/legal/compliance FOSSology users: HP, ALU, Siemens, INRIA, OW2

Contact Thanks - Questions Bruno.Cornec@hp.com (Open Source and Linux Technology Architect at the HP/Intel Solution Center) http://www.hp.com/linux http://opensource.hp.com http://fossology.org Thanks goes to: Linus Torvalds, Richard Stallman, Eric Raymond, Nat Makarevitch, René Cougnenc, Eric Dumas, Rémy Card, Bdale Garbee, Bryan Gartner, Mary Laser, Gallig Renaud, Vincent Ma, Phil Robb, Bob Gobeille, Martin Michlmayr among others, for their work and devotion to the Open Source Software cause... and my family for their patience :-) Changes are never easy to make. There is comfort and safety in tradition, but change must come, no matter how painful or expensive it may be. Bill Hewlett

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information