Analyze at once for Open Source Compliance.
FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.
- FOSSLight Source Scanner Extract license and copyright in the source code using ScanCode.
- FOSSLight Dependency Scanner Extract dependency and OSS information from the package manager's manifest file.
- FOSSLight Binary Scanner Find binary and print OSS information.
Please refer to https://fosslight.org/fosslight-guide/scanner/ for the FOSSLight Scanner User Guide.
- FOSSLight Scanner
FOSSLight Scanner needs a Python 3.10+.
It can be installed using pip3. It is recommended to install it in a virtualenv environment.
pip3 install fosslight_scannerFOSSLight Scanner is run with the fosslight command.
fosslight [Mode] [option1] <arg1> [option2] <arg2>...Mode
all Run all scanners(Default)
source Run FOSSLight Source
dependency Run FOSSLight Dependency
binary Run FOSSLight Binary
compare Compare two FOSSLight reports
Options:
-h Print help message
-p <path> Path to analyze (ex, -p {input_path})
* Compare mode input file: Two FOSSLight reports (supports excel, yaml)
(ex, -p {before_name}.xlsx {after_name}.xlsx)
-w <link> Link to be analyzed can be downloaded by wget or git clone
-f <format> FOSSLight Report file format (excel, yaml)
* Compare mode result file: supports excel, json, yaml, html
-o <output> Output directory or file
-c <number> Number of processes to analyze source
-e <path> Path to exclude from analysis (files and directories, pattern matching is available)
* IMPORTANT: Always wrap patterns in quotes("") to avoid shell expansion.
Example) fosslight -e "test/abc.py" "*.jar" "test/"
-r Keep raw data
-t Hide the progress bar
-v Print FOSSLight Scanner version
-s <path> Path to apply setting from json file (check format with 'tests/fixtures/setting.json' in this repository)
* Direct cli flags have higher priority than setting file
(ex, '-f yaml -s tests/fixtures/setting.json' - result file extension is .yaml)
- Refs.
- Additional arguments for running dependency analysis. See the FOSSLight Dependency Guide for instructions.
- In the case of DB URL, it is the DB connection information to be used in FOSSLight Binary.
- Pattern matching guide for the -e option
β οΈ Make sure to use double quotes ("") when entering values.- Example) fosslight -e "test/abc.py" "*.jar" "test/"
β οΈ File names and extensions are case-sensitive, so please enter them exactly as intended.
fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"If using additional flags like -d, document them in Options section or link to related guide.
fosslight all -p /home/source_path -e "temp_dir" "src/temp.py"fosslight all -o test_result_wget -w "https://github.com/LGE-OSS/example.git"If you want to analyze private repository, set your GitHub token like below.
fosslight all -w "https://my_github_token@github.com/Foo/private_repo"fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel$ tree
.
βββ fosslight_log
β βββ fosslight_log_20210924_022422.txt
βββ FOSSLight-Report_20210924_022422.xlsx
- FOSSLight_Report-[datetime].xlsx: OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
- fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis
- Build image using Dockerfile.
docker build -t fosslight .- Run with the image you built.
ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o outputPlease report any ideas or bugs to improve by creating an issue in fosslight_scanner repository. Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.
We always welcome your contributions. Please see the CONTRIBUTING guide for how to contribute.
FOSSLight Scanner is released under Apache-2.0.