Open Source Compliance tools ($$$):
Open Source compliance checking wordt steeds meer een onderdeel van Software Composition Analysis (SCA) tools, die je helpen de Software-Bill-of-Materials (SBoM) te maken.
Naast license compliance is veelal security in Open Source third-party code de belangrijkste andere pijler van SCA tools.
- Cast Software: Software Composition Analysis. Cast Software heeft Antepedia (via Antelink) overgenomen
- CheckMarx: Software Composition Analysis
- Contrast Security: Contrast OSS
- Debian: Copyright review tools – Een collectie van command line tools om copyright management makkelijker te maken.
- Debricked: Debricked
- FOSSA: License Compliance
- Frog: XRay
- Kiuwan: Insights
- Palo Alto Networks: Prisma Cloud – twistcli
- Phylum: phylum.io
- Revenera – FlexNet Code Insight. Revenera heeft Flexera overgenomen
- SCANOSS: Open Source Invetoring Engine
- Snyk: Open Source License Compliance Management
- Sonatype: Nexus Lifecyle Foundation
- Synopsys: Black Duck
- Veracode: Software Composition Analysis
- Whitehat: Sentinel SCA
- WhiteSource Software: WhiteSource
Open Source Compliance tools (free)
- The Linux Foundation: dep-checker (MIT)
- The Linux Foundation: Code Janitor (MIT)
- FOSSology: Fossology (GPL-2.0/LGPL-2.1)
- Pivotal: LicenseFinder (MIT)
- nexB: ScanCode (Apache-2.0 / CC0-1.0)
Licenties
- Open Software Initiative: list of Open Source licenses
- Creative Commons: Creative Commons licenses
- Ethical Licenses: list of Ethical licenses
Standaarden
- The Linux Foundation: The Software Package Data Exchange (SPDX), een open standaard om software bill-of-materials uit te wisselen.
Analisten
- Forrester: Software Composition Analysis (SCA) Wave
- Gartner: Software Composition Analysis (SCA) Report
- Transparency Market Research: Software Composition Analysis (SCA) Tools Market
- Featured Customers: Software Composition Analysis Category: Customer Success Report
Links
- Software Freedom Law Center: softwarefreedom.org
- Ius Mentis: iusmentis.com