Tools and documents

Here you can find tools, documents and information that will help you use the curation database and license your software compliantly. In addition, you can find a list of open tool requests and to dos. If you would like to contribute material or are missing something in particular, please contact us at infoªosselot.org.

External

• FOSSology, GitHub repository
• Converting SPDX report formats with SPDX-Tools
• Converting CycloneDX to SPDX with the CycloneDX Web Tool or the CycloneDX CLI
• Converting SPDX to CycloneDX with cdx2spdx (prototype)

Internal

• Build instruction template

Immediate Web tools

• Callgraphs and dependencies lists in hypertext and JSON format
  To create lists of file and package dependencies, it was necessary to build all OSSelot packages on a trial basis. For this purpose, these build scripts were used. It should be noted, however, that typical configurations were used that may differ from configurations used in a particular system.
  • Callgraphs and file dependencies lists
    The complete collection of callgraphs is available in two large all-in-one files for programs and libraries as well as in files with links to the graphs, the latter also for programs and libraries. The same dependency data are available in hypertext form for programs and libraries as well as in JSON format for programs and for libraries.
  • Package dependencies lists
    Package dependencies lists are available in two hypertext and in two JSON formats of different levels of detail. The shorter hypertext and JSON files do not include the ELF files causing the dependency, while the more detailed hypertext and JSON files do include them.
  • Package dependencies lists if only programs or only libraries of a package are used for distribution
    If only programs or only libraries are used for distribution the related hypertext and JSON-formatted files are available as hypertext for programs and JSON for programs, or hypertext for libraries and JSON for libraries, respectively. The more detailed formats are also supported in this context: The related hypertext and JSON-formatted files are available as detailed hypertext for programs and detailed JSON for programs, or as detailed hypertext for libraries and detailed JSON for libraries, respectively. Finally, differences between the overall package list and the reduced list by specifying that only certain programs or libraries are used for distribution are evaluated and marked in red in hypertext documents for programs and for libraries.

• Callgraphs and dependencies lists search – Look for software packages that may have already been curated and provide a list of packages with links to their callgraphs. After a version line has been selected and the result displayed, the header can be clicked to download a newly created merged SPDX document to which a section with package relationships was appended. If one or more binary files are selected using the check box left to their names, only source code files and their licenses are considered that are needed for building them.
  Search for an OSSelot package with callgraphs
  
  Please note that a number of packages do not create any ELF files from which callgraphs could be created.

• Disclosure documents search – Look for software packages that may have already been curated and provide a list of applicable versions with links to the related disclosure documents.
  Search for an OSSelot disclosure document
  
  Please note that the disclosure document may need to be adapted to the actual file set of a binary software distribution, since some files (e.g. for testing or documentation) may not be distributed.

• Licenses search – Look for software packages that may have already been curated and provide a list of applicable versions with links to display the licenses that are used by a particular version.
  Search for an OSSelot list of concluded licenses
  
  Please note that – same as above – more licenses may be found than actually refer to a particular binary software distribution.

• SBOM selection search – Use the below select box and search field to define a data format and enter the name of a software package. Then select one of the available software versions to immediately run the REST interface for the given package and display the OSSelot curation data in a new window.
  
  Format: JSON RDF-XML SPDX2TV YAML
  Search the OSSelot repository
  
  

Open requests and to dos

• Example script to integrate curation data in build process (see use case 3 in Presentations)
• Patching FOSSology to include LicenseComments in report import