Here you can find tools, documents and information that will help you use the curation database and license your software compliantly. In addition, you can find a list of open tool requests and to dos. If you would like to contribute material or are missing something in particular, please contact us at infoªosselot.org.
External
- FOSSology, GitHub repository
- Converting SPDX report formats with SPDX-Tools
- Converting CycloneDX to SPDX with the CycloneDX Web Tool or the CycloneDX CLI
- Converting SPDX to CycloneDX with cdx2spdx (prototype)
Internal
Collections of raw data
- Callgraphs and dependencies lists in hypertext and JSON format
To create lists of file and package dependencies, it was necessary to build all OSSelot packages on a trial basis. For this purpose, these build scripts were used. It should be noted, however, that typical configurations were used that may differ from configurations used in a particular system. This applies, for example, to the Linux kernel of an embedded system, which usually has a unique configuration and uses significantly fewer and largely different kernel modules than here in a typical distribution kernel for 64-bit x86 processors.
Callgraphs and file dependencies lists
| Callgraphs | All-in-one | Programs | Libraries |
| With links to graphs | Programs | Libraries | |
| Dependency lists | HTML | Programs | Libraries |
| JSON | Programs | Libraries |
Package dependencies lists
| Without related ELF files | HTML | JSON |
| With related ELF files | HTML | JSON |
| From binaries to source code via licenses and dependencies | HTML | JSON |
Immediate Web tools
- Callgraphs and dependencies lists search – Look for software packages that may have already been curated and provide a list of packages with links to their callgraphs. After a version line has been selected and the result displayed, the header can be clicked to download a newly created merged SPDX document to which a section with package relationships was appended. If one or more binary files are selected using the check box left to their names, only source code files and their licenses are considered that are needed for building the binaries (source code provenance).
Please note that a number of packages do not create any ELF files from which callgraphs could be created.
- Disclosure documents search – Look for software packages that may have already been curated and provide a list of applicable versions with links to the related disclosure documents.
Please note that the disclosure document may need to be adapted to the actual file set of a binary software distribution, since some files (e.g. for testing or documentation) may not be distributed. Use the above callgraph based search instead.
- Licenses search – Look for software packages that may have already been curated and provide a list of applicable versions with links to display the licenses that are used by a particular version.
Please note that – same as above – more licenses may be found than actually refer to a particular binary software distribution. Use the above callgraph based search instead to only consider licenses of distributed binaries.
- SBOM selection search – Use the below select box and search field to define a data format and enter the name of a software package. Then select one of the available software versions to immediately run the REST interface for the given package and display the OSSelot curation data in a new window.
Open requests and to dos
- Example script to integrate curation data in build process (see use case 3 in Presentations)
- Patching FOSSology to include LicenseComments in report import