Open Source Software Valuation - Calculate development cost savings from OSS dependencies

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags oss , sbom , valuation , cost , cocomo , dependencies
  • Requires: Python >=3.10
  • Provides-Extra: multilang , dev
Classifiers
Report project as malware

Project description

OSSVAL - Open Source Software Valuation

License Python PyPI version

Calculate the development cost savings from using open source software by analyzing SBOMs or package lists. Provides comprehensive cost estimation using COCOMO II and SLOCCount models with regional salary data, project type detection, and comprehensive source code analysis.

Features

  • Multi-Ecosystem Support: PyPI, npm, Cargo, Maven, Go, RubyGems, and more
  • Cost Estimation Models: COCOMO II and SLOCCount with configurable parameters
  • Regional Salary Data: 18+ regions with accurate cost calculations
  • Project Type Detection: Automatic classification with appropriate multipliers
  • Source Code Analysis: SLOC counting, complexity analysis, and health metrics
  • Multiple Input Formats: SBOMs (CycloneDX, SPDX) and lockfiles (requirements.txt, package.json, etc.)
  • Comprehensive Output: Text, JSON, and CSV formats with detailed breakdowns

Installation

pip install ossval

Quick Start

# Analyze an SBOM file
ossval analyze sbom.json

# Specify region for salary calculations
ossval analyze sbom.json --region us_sf

# Output to JSON
ossval analyze sbom.json --format json --output results.json

# Quick estimate from SLOC
ossval estimate --sloc 50000 --region us_sf --type compiler

Usage

CLI Usage

# Analyze an SBOM or lockfile
ossval analyze pyproject.toml

# With specific region
ossval analyze package.json --region us_sf

# Output formats
ossval analyze sbom.json --format json --output results.json

# Skip repository cloning (faster, but no SLOC analysis)
ossval analyze sbom.json --no-clone

# List supported formats and configurations
ossval formats list              # Show all supported input formats
ossval formats project-types     # Show project types with cost multipliers
ossval formats methodologies     # Show available cost estimation models

# Cache management
ossval cache clear
ossval cache info

Examples

Analyze Python Project

ossval analyze pyproject.toml --region global_average

Analyze npm Project

ossval analyze package-lock.json --format json --output npm-analysis.json

Compare Regions

ossval analyze sbom.json --region us_sf > us_sf_results.txt
ossval analyze sbom.json --region global_average > global_results.txt

Quick Cost Estimate

ossval estimate --sloc 100000 --region us_sf --type framework
# Output:
# Estimated cost: $16,754,251
#   Range: $11,727,975 - $25,131,376
#   Effort: 22.1 person-years
#   Methodology: COCOMO II

Integration with SEMCL.ONE

OSSVAL is a core component of the SEMCL.ONE ecosystem, enabling comprehensive OSS valuation and cost analysis:

  • Works with purl2src for repository URL discovery from Package URLs
  • Integrates with purl2notices for complete legal compliance workflows
  • Supports SBOM analysis from CycloneDX and SPDX formats
  • Complements osslili for license analysis and compliance checking

Methodology

Cost Estimation Models

COCOMO II (Primary)

The most sophisticated model, based on Barry Boehm's COCOMO II:

  • Effort Formula: Effort = a × (KSLOC)^b × EAF × Complexity × Project_Type
  • Cost Formula: Cost = Effort × Monthly_Salary × Region_Multiplier
  • Default Parameters: a=2.94, b=1.0997, EAF=1.0
  • Confidence Range: 70%-150% of estimate
  • Accounts for: Project type, complexity, team experience

SLOCCount (Alternative)

Simpler model based on David Wheeler's SLOCCount:

  • Effort Formula: Effort = a × (KSLOC)^b
  • Default Parameters: a=2.4, b=1.05
  • Faster but less sophisticated
  • Lower confidence scores

Project Types and Multipliers

OSSVAL automatically detects project types and applies appropriate cost multipliers:

Project Type Salary Multiplier Effort Multiplier Examples
Cryptography 1.60x 1.26x openssl, libsodium, bcrypt
Operating System 1.50x 1.22x kernel, drivers, firmware
Compiler 1.50x 1.22x gcc, llvm, babel, typescript
Database 1.40x 1.18x postgres, mysql, redis, mongo
Machine Learning 1.40x 1.18x tensorflow, pytorch, sklearn
Graphics 1.30x 1.14x opengl, vulkan, game engines
Embedded 1.25x 1.12x firmware, rtos, iot, arduino
Networking 1.20x 1.10x http, grpc, websocket, proxy
Scientific 1.20x 1.10x scipy, numpy, pandas, matplotlib
Framework 1.15x 1.07x react, django, rails, spring
DevTools 1.10x 1.05x linters, formatters, bundlers
Library 1.00x 1.00x (baseline)
Script 0.70x 0.84x utilities, helpers, cli tools

Complexity Levels

Code complexity affects cost estimates:

  • Trivial: 0.7x multiplier
  • Simple: 0.9x multiplier
  • Moderate: 1.0x multiplier (baseline)
  • Complex: 1.3x multiplier
  • Very Complex: 1.7x multiplier

Contributing

We welcome contributions! Please see the repository for details on:

  • Development setup
  • Submitting pull requests
  • Reporting issues

Support

For support and questions:

License

Apache License 2.0 - see LICENSE file for details.

Part of the SEMCL.ONE ecosystem for comprehensive OSS compliance and code analysis.

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Oscar Valenzuela B.
  • Tags oss , sbom , valuation , cost , cocomo , dependencies
  • Requires: Python >=3.10
  • Provides-Extra: multilang , dev
Classifiers

Release history Release notifications | RSS feed

This version

1.2.2

1.2.1

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ossval-1.2.2.tar.gz (56.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ossval-1.2.2-py3-none-any.whl (67.9 kB view details)

Uploaded Python 3

File details

Details for the file ossval-1.2.2.tar.gz.

File metadata

  • Download URL: ossval-1.2.2.tar.gz
  • Upload date:
  • Size: 56.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ossval-1.2.2.tar.gz
Algorithm Hash digest
SHA256 2a4fe0061bfd28f3c8e61091753eb198f3dad15fe3a8ad767cc4a015004ec5b7
MD5 2fd5754e460df551d6c0423cd91751ff
BLAKE2b-256 3f8f18853c22cad45484dc4179ad1967e8c444f7b01dcd9c4a8410e695742ccf

See more details on using hashes here.

Provenance

The following attestation bundles were made for ossval-1.2.2.tar.gz:

Publisher: python-publish.yml on SemClone/ossval

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ossval-1.2.2-py3-none-any.whl.

File metadata

  • Download URL: ossval-1.2.2-py3-none-any.whl
  • Upload date:
  • Size: 67.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ossval-1.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 90d3eed50cbd9c286cb375d1c004196a3941781f05b03f077b505b8f128ee039
MD5 3eadbae500a26f7e2d9921220fcf8af3
BLAKE2b-256 a57e5ba1f29c01ee66d29e4dcb79c24948ea55b7e99cbcb262b6f0ca63b66231

See more details on using hashes here.

Provenance

The following attestation bundles were made for ossval-1.2.2-py3-none-any.whl:

Publisher: python-publish.yml on SemClone/ossval

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page