Spelling suggestions: "subject:"software license"" "subject:"software licensed""
1 |
Comparison of Open Source License Scanning ToolsZhang, Hailing January 2020 (has links)
We aim to determine the features of four popular FOSS scanning tools, FOSSology,FOSSA, FOSSID(SCAS), and Black Duck, thereby providing references for users tochoose a proper tool for performing open-source license compliance in their projects.The sanity tests firstly verify the license detection function by using the above tools toscan the same project. We consider the number of found licenses and scanned sizes asmetrics of their accuracy. Then we generate testing samples in different programminglanguages and sizes for further comparing the scanning efficiency. The experiment datademonstrate that each tool would fit different user requirements. Thus this project couldbe considered as a definitive user guide.
|
2 |
Handling Third-Party Component Licenses:A Case Study in a Swedish Company : How well do existing license management tools detect potentially unsafe third-party component licenses?Bruckner, Fanny, Njie, Isac January 2023 (has links)
Modern software development relies heavily on third-party components, which are pre-built software modules developed by other organisations and can be either open-source or commercial. These components serve as building blocks for developers to create complex applications more efficiently. What many do not know or realise is that all these third-party components come with licenses that might restrict the software, and it can become a challenge for companies that develop software to manage all the licenses that come with the used third-party components.This thesis investigates three third-party component license management tools: OWASP Dependency-Check, Snyk, and Debricked. The research question was:“How well can the three chosen third-party component license management tools, OWASP Dependency-Check, Snyk and Debricked detect potentially unsafe licenses within software projects?” To answer this question, controlled experiments were conducted to compare the functionality of these tools in two different projects: one advanced project, and one simple project. A comprehensive literature review was conducted to identify the lack of previous research, this provided a theoretical background for the study. The results of the controlled experiments proved that the three chosen tools can help developers in different ways as they satisfy different needs. For users looking to manage their dependencies, OWASP Dependency-Checkis a preferable option. Debricked has demonstrated its ability to detect potentially unsafe licenses in software projects and offers identification of license families. This feature can be valuable to developers as it simplifies the comprehension of the project’s licenses. Snyk, on the other hand, provided warnings about risks associated with licenses. While Debricked out-performed Snyk in license detection, Snyk still proved to be useful in identifying potentially unsafe licenses in software projects, specifically in this case. The findings of this thesis can benefit software developers, project managers, and organisations that rely on third-party components for their software development. The results of this study may be used to guide the selection and use of third-party components and the appropriate license management tools. Overall, this thesis adds to the body of knowledge on managing third-party component licenses and offers practical insights for methods of software development practices.
|
Page generated in 0.0774 seconds