This page highlights compliance tools developed by or sponsored by The Linux Foundation and encourages community involvement in the tools’ evolution.
FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. In one click you can generate an SPDX file, or a ReadMe with the copyrights notices from your software. FOSSology deduplication means that you can scan an entire distro, submit a new version, and only the changed files will get rescanned. This is a big time saver for large projects.
- For more information about the project: https://www.fossology.org/
- Access source code via git: https://github.com/fossology/fossology
- Subscribe to the mailing list: http://lists.fossology.org/mailman/listinfo/fossology
- File bugs or feature requests issues section on Github: https://github.com/fossology/fossology/issues and create a new issues and mark with the question-tag.
The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance. The SPDX Tools provide provides translation, comparison, and verification functionality.
- For more information about the tool suite: https://www.spdx.org/tools
- Access source code via git: http://git.spdx.org/?p=spdx-tools.git;a=summary
- Subscribe to the mailing list: http://lists.spdx.org/mailman/listinfo/spdx
- File bugs or feature requests via bugzilla: https://bugs.linuxfoundation.org/buglist.cgi?query_format=specific&order=relevan…
The FOSS Bar Code Tracker, available under the MIT license, simplifies the way FOSS components are tracked and reported in a commercial product. The tool allows companies to easily generate a custom QR code for each product containing FOSS. The QR code contains important information on the FOSS stack contained in a product, such as component names, version numbers, license information and links to download the source code, among other details.
- Access source code via git: http://git.linuxfoundation.org/foss-barcode.git
- Subscribe to the mailing list: http://lists.linuxfoundation.org/mailman/listinfo/foss-barcode
- File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org
Initiated by the Linux Foundation as an open source project, this tool identifies source code combinations at the dynamic and static link levels and provides a license policy framework that enables FOSS Compliance Officers to define combinations of licenses and linkage methods that are to be flagged if found as a result of running the tool.
- For more information: Download the Dependency Checker Tool Overview
- Access source code via git: http://git.linuxfoundation.org/dep-checker.git
- Subscribe to the mailing list: https://lists.linux-foundation.org/mailman/listinfo/dep-checker-dev
- File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org
Initiated by the Linux Foundation as an open source project, this Code Janitor tool provides linguistic review capabilities to make sure developers did not leave comments in the source code about future products, product code names, mention of competitors, etc. The tool maintains a database of keywords that are scanned for in the source code files to ensure source code comments are sanitized and ready for public consumption.
- For more information: Download the Code Janitor Tool Overview
- Access source code via git: http://git.linuxfoundation.org/janitor.git
- Subscribe to the mailing list: https://lists.linux-foundation.org/mailman/listinfo/code-janitor-dev
- File bugs or feature requests via bugzilla: http://bugs.linuxfoundation.org