Automated OSS curation scanner
Project description
Summary
XMonkey Curator is a tool that performs DESCAM (Decompose, Enumerate, Scanning, Catalog, Analysis, Merge) review to software for Open Source License Compliance.
The tool can extract (DECOMPOSE) archive files like Jar, ZIP, Tarballs, RPM, Debian, etc., to recursively obtain the list of assets (Enumerate) contained.
XMonkey Curator also performs a basic review (Scanning) of the assets to extract information as “features” for OSLC assessments. Scan types supported:
Alpha Version: * Literal Strings * Symbols Matching using predefined signatures. * License detection (using OSLiLi) * Regex Patterns
Beta Version: * FuzzyHashing (using LSH or SSDeep) * Generate OSS Notices * Improve external rules for automatic classification
The results of the review can be automatically processed (Catalog) using predefined rules and workflows (Analysis).
Current support: ELF, Mach-OS, Objective-C, Python, PHP, Java, Ruby, Rust, Perl, C++
Usage
$ pip install xmonkey-curator $ xmonkey-curator scan --help Usage: xmonkey-curator scan [OPTIONS] PATH Scan target files using selected options Options: -t, --force-text Force using StringExtract for all files. -u, --unpack Unpack archives files. -s, --export-symbols Include words in the final report. -m, --match-symbols Match symbols against signatures. -r, --rule TEXT Add optional rules to execute. -n, --notes TEXT Add optional notes to the report. -o, --output TEXT Export results to filename with specific name. -l, --licenses Identify SPDX licenses. -p, --print-report Print the report to screen. --help Show this message and exit.
Scanning to identify files
In order to perform a full scan, you must select the option “unpack” that will export the content of any archive file.
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json
Scanning to export symbols and match with signatures
Using the option “match”, will attempt to identify packages by matching symbols with signatures.
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -m -p
Generating signatures
You can create signatures by performing scans to source code and binary of a package, looking for signifcative symbols.
Then you can use the included script to check what symbols from the source code has survived the compilation.
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json $ xmonkey-curator scan ffmpeg-4.4.1-linux-64.zip -u -s -o ffmpeg-binary.json $ ./scripts/signature_generator.py ffmpeg-source.json ffmpeg-binary.json
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file xmonkey_curator-0.1.15.tar.gz.
File metadata
- Download URL: xmonkey_curator-0.1.15.tar.gz
- Upload date:
- Size: 59.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b8247a62dde50bd45d3150af8d23db0db3cf1b879f76edf8c82276b5027a427c |
|
| MD5 | fbf38f2a7e75d807d1b3c6ed89e6119b |
|
| BLAKE2b-256 | c86d1595c6f9465eaaf2c56ba48d48da69774dc3759fa30c5200b81188a103c7 |
File details
Details for the file xmonkey_curator-0.1.15-py3-none-any.whl.
File metadata
- Download URL: xmonkey_curator-0.1.15-py3-none-any.whl
- Upload date:
- Size: 71.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.0 CPython/3.12.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | eec1d367c331abe68f19a54e95445472e422ceb2eca8cba8cc25cf64d4f405c6 |
|
| MD5 | 45a5c308bdf3b4358bc696e4ec689cab |
|
| BLAKE2b-256 | eb716be19400351d40578eb09e2fc17c2ecf8d49e836cbdaaf5160b9e1dc2fc3 |
