FOSSLight Dependency Scanner
Project description
FOSSLight Dependency Scanner
💡 Introduction
This is the tool that supports the analysis of dependencies for multiple package managers. It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools. Then, it generates the report file that contains OSS information of dependencies.
📖 User Guide
We describe the user guide in the FOSSLight Guide page.
In this user guide, you can see how to install the FOSSLight Dependency Scanner and how to set up the prerequisite step and run it according to the package manager of your project. Also, you can check the results of the FOSSLight Dependency Scanner.
🧐 How to analyze the dependencies
FOSSLight Dependency Scanner utilizes the open source software for analyzing each package manager dependencies. We choose the open source software for each package manager that shows not only the direct dependencies but also the transitive dependencies including the information of dependencies such as oss name, oss version and license name.
Each package manager uses the results of the following software:
- NPM : NPM License Checker
- Pypi : pip-licenses
- Gradle : License Gradle Plugin
- Maven : license-maven-plugin
- Pub : flutter_oss_licenses
- Android(gradle) : android-dependency-scanning
Because we utilizes the different open source software to analyze the dependencies of each package manager, you need to set up the Prerequisite steps in User guide according to package manager to analyze.
🌐 How it works without Internet
| Package manager | Can it work without Internet? |
|---|---|
| Gradle (Java) | Yes, if the following conditions are met. - installed the plugin(com.github.hierynomus.license '0.16.1') - installed the packages of the project |
| Maven (Java) | Yes, if the following conditions are met. - installed the plugin(org.codehaus.mojo:license-maven-plugin) - installed the packages of the project |
| NPM (Node.js) | Yes, if the following conditions are met. - installed the plugin(license-checker) - installed the packages of the project (in other words, generated the node_modules directory) |
| PIP (Python) | No, it can't. |
| Android(gradle) (Android application) | Yes, if the following conditions are met. - installed the plugin(android-dependency-scanning) - installed the packages of the project |
| Pub (Dart with flutter) | Yes, if the following conditions are met. - installed the plugin(flutter_oss_licenses) - installed the packages of the project |
| Cocoapods (Swift/Obj-C) | Yes, if the following conditions are met. - installed the packages of the project - enable to run the command (pod spec which --regex {package name} ) |
| Swift (Swift) | No, it can't. |
| Carthage (Swift/Obj-C) | Yes, if the following conditions are met. - installed the packages of the project (in other words, downloadeded the sources in 'Carthgae/Checkouts' directory). |
| Go (Go) | No, it can't. |
👏 Contributing Guide
We always welcome your contributions.
Please see the CONTRIBUTING guide for how to contribute.
📄 License
Copyright (c) 2020 LG Electronics, Inc.
FOSSLight Dependency Scanner is licensed under Apache-2.0, as found in the LICENSE file.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for fosslight_dependency-3.11.4.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 20441a8b55baffd766486dbf9401ffc1a72f86d8cb6d25cc394ecb130d0cfc48 |
|
| MD5 | f818c3dae3348da622bbf244c553710a |
|
| BLAKE2b-256 | a761ed7775a235e1588e75e80c1f8bfabd7894445583c9a56e940dd1054fced3 |
Hashes for fosslight_dependency-3.11.4-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | d7db6a90fb4a247f3badae270c3d1a298cee7906ade70839909f7089d0f11f7b |
|
| MD5 | 07b5e459e5f043db09b7a76de04e0dd0 |
|
| BLAKE2b-256 | 1a1cd62f71c1c5c3ab57ad01d9e5733b54b712a37703fd54c2f0c50efeacdd8b |
