FOSSLight

FOSSLight project consists of FOSSLight Hub, an integrated system that can manage all about open source, and FOSSLight Scanner that can analyze the open source.

FOSSLight Hub

FOSSLight Hub is not only an integrated system that manages open source and licenses and processes sequentially open source compliance process, but also an all-in-one system that can manage security vulnerabilities, supply chain management, software BOM(Bill of Materials) and everything related to open source.
This guide page describes the basic usage and tutorial of FOSSLight Hub and advanced features such as how to set up the development environment and maintenance tips. You can refer the FOSSLight Hub contents page.

FOSSLight Scanner

FOSSLight Scanner is composed of four scanners: Prechecker, Dependency Scanner, Source Scanner, and Binary Scanner. FOSSLight Scanner can be used to generate integrated results of the four scanners.


Please refer the guide on how to install and use each scanner on the FOSSLight Scanner sub-guide page.

FOSSLight Prechecker

FOSSLight Prechecker is a tool that checks whether copyright and license rules are complied with in the source code and helps you easily add copyright and license information. The more you use it, the more you can prevent unnecessary open source scanning. For example, if you manage to clearly write the copyright, license, and download location information in the source code and open source code using FOSSLight Prechecker from the beginning of development, you can identify the open source without additional scanning.

FOSSLight Source Scanner

FOSSLight Source Scanner is a source code scanning tool. It uses ScanCode to detect copyright and license phrases by searching source code strings and also uses scanoss to support code snippet scanning.

FOSSLight Dependency Scanner

FOSSLight Dependency Scanner is a tool that extracts open source information through analyzing dependencies on multiple package managers. It can generate report files with open source information. This tool performs to analyze the dependencies recursively, so all open source information can be extracted compared to the other dependency scanner tool that only analyzes primary dependencies.

FOSSLight Binary Scanner

FOSSLight Binary Scanner is a tool that finds binary files and extracts the binary file list, and automatically outputs open source information if there is open source information of the detected binary in the database. Since this is not a method of analyzing the binary itself, please note that performance of binary analysis increases when there is a lot of database information.