FOSSLight Scanner
Introduction
FOSSLight Scanner can perform an analysis for open source compliance at once. It can perform open source analysis of source code, binary and dependency and generate the report that contains the open source information that can be extracted. You can use the report file with FOSSLight Hub. Also, it can check whether an open source complies with the copyright/license writing rule.
Features
Improving
Analysis Accuracy
It supports source code string detection and snippet matching, and also supports binary analysis as well as dependency analysis for various package managers to increase the accuracy of open source analysis.
Fast & Light Independent Module
Each scanner can run independently, so you can run only the target you want to scan (ex, source code, binary, dependency) quickly and lightly.
Scalability
through Hub
Output file of scanners is directly available in the Hub, so you can use the open source information management functions and also generate SBOM.
Description
FOSSLight Scanner Projects inherit other open source projects.
- FOSSLight Prechecker can check reuse compliance by using the reuse-tool.
- FOSSLight Source Scanner can scan using the scancode-toolkit and scanoss.py.
- FOSSLight Dependency Scanner can analyze the dependency using the following open source software.
- NPM : NPM License Checker
- Pypi : pip-licenses
- Gradle : License Gradle Plugin
- Maven : license-maven-plugin
- Pub : flutter_oss_licenses
- Android(gradle) : android-dependency-scanning
- FOSSLight Binary Scanner can analyze the open source info. in ‘.jar’ file by using Dependency-check-py.
Scanner Projects
- FOSSLight Scanner (License: Apache-2.0)
- FOSSLight Prechecker (License: GPL-3.0-only)
- FOSSLight Source Scanner (License: Apache-2.0)
- FOSSLight Dependency Scanner (License: Apache-2.0)
- FOSSLight Binary Scanner (License: Apache-2.0)
- FOSSLight Yocto Scanner (License: Apache-2.0)
- FOSSLight Android Scanner (License: Apache-2.0)
