FOSSLight Source Scanner

FOSSLight Source is released under the Apache-2.0 License. Current python package version. REUSE status

FOSSLight Source Scanner uses source code scanners, ScanCode and SCANOSS. ScanCode detects copyright and license phrases contained in the file and SCANOSS searches OSS Name, OSS Version, download location, copyright and license information from OSSKB. It queries the file's origin from the KB server using the file MD5 value and outputs it as Download location. Some files (ex- build script), binary files, hidden directory and files in specific directories (ex-test) are excluded from the result.

Github Repository : https://github.com/fosslight/fosslight_source_scanner
License : Apache-2.0

Contents

πŸ“‹ Prerequisite

FOSSLight Source Scanner needs a Python 3.10+.

πŸŽ‰ How to install

It can be installed using pip3. It is recommended to install it in the python 3.10 + virtualenv environment.

$ pip3 install fosslight_source

πŸš€ How to run

After the source code scanning print the FOSSLight Report.

$ fosslight_source [option] <arg>

Options

  Optional
      -p <source_path>       Path to analyze source (Default: current directory)
      -h                     Print help message
      -v                     Print FOSSLight Source Scanner version
      -m                     Print additional information for scan result on separate sheets
      -e <path>              Path to exclude from analysis (file and directory, pattern matching is available)
                              * IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
                                Example) fosslight_source -e "dev/" "tests/
      -o <output_path>       Output path (Path or file name)
      -f <format>            Output file format
                             (excel, csv, opossum, yaml, spdx-yaml, spdx-json, spdx-xml, spdx-tag, cyclonedx-json, cyclonedx-xml)
                             Multiple formats can be specified separated by space.
  Options only for FOSSLight Source Scanner
      -s <scanner>           Select which scanner to be run (scancode, scanoss, kb, all)
      -j                     Generate raw result of scanners in json format
      -t <float>             Stop scancode scanning if scanning takes longer than a timeout in seconds.
      -c <core>              Select the number of cores to be scanned with ScanCode.
      --no_correction        Enter if you don't want to correct OSS information with sbom-info.yaml
      --correct_fpath <path> Path to the sbom-info.yaml file
  • If scanner is not specified with -s option, all scanners (ScanCode, SCANOSS, KB) will be run and the result will be merged.
  • Pattern Matching Pattern matching guide Guide for the -e Option
    • ⚠️ Make sure to use double quotes ("") when entering values.
      • Example) fosslight_source -e "dev/" "tests/"
    • ⚠️ File names and extensions are case-sensitive, so please enter them exactly as intended.

Example

Print result to FOSSLight Report and results of ScanCode and SCANOSS in json file.

$ fosslight_source -p /home/source_path -j

πŸ“ Result

$ tree
.
β”œβ”€β”€ fosslight_log_220103_1540.txt
β”œβ”€β”€ fosslight_opossum_220103_1540.json
β”œβ”€β”€ fosslight_report_220103_1540.xlsx
β”œβ”€β”€ fosslight_report_220103_1540.csv
β”œβ”€β”€ scancode_raw_result.json
β”œβ”€β”€ scanner_output.wfp
└── scanoss_raw_result.json
  • fosslight_log_[datetime].txt : The execution log.
  • fosslight_opossum_[datetime].json : FOSSLight Source Scanner result for OpossumUI
  • fosslight_report_[datetime].xlsx : FOSSLight Source Scanner result in spreadsheet format.
  • fosslight_report_[datetime].csv : FOSSLight Source Scanner result in csv format.
  • scancode_raw_result.json : The ScanCode raw result. (Generated only when the -j option is enabled.)
  • scanner_output.wfp : The finger prints generated by SCANOSS. (Generated only when the -j option is enabled.)
  • scanoss_raw_result.json : The SCANOSS raw result. (Generated only when the -j option is enabled.)