[Owasp-leaders] FOSSOLOGY initiative: automate checks proper licenses

johanna curiel curiel johanna.curiel at owasp.org
Wed Jul 20 02:34:27 UTC 2016

Hi Project Leaders ,

As member of the linux foundation, I received a very interesting updating
regarding this project:


FOSSology is an open source license compliance software system and toolkit.
As a toolkit you can run license, copyright and export control scans from
the command line. As a system, a database and web ui are provided to give
you a compliance workflow. In one click you can generate an SPDX file, or a
ReadMe with the copyrights notices from your software. FOSSology
deduplication means that you can scan an entire distro, submit a new
version, and only the changed files will get rescanned. This is a big time
saver for large projects.

OWASP can become an organization using the software for checking the OS
license run by our projects and appear on their website as part of it.

I like this because it automates the process of checking licenses and
compliance with best OS practices

I'm starting an initiative to :

   - Use this tool and check the actual license compliance of our projects
   - Submit to Linux foundation our pro-activeness and be part of
   this initiate
   - It helps OWASP image with regards FOSS best practices

Who wants to join?
@Claudia + Tiffany: We can coordinate the communication with Fossology team.

Its a hands on thing. I'm planning to run the framework  publish a report
on this. With this we will feedback to Linux foundation
FOSSOLOGY initiative. We can appear on the website as part o the initiative.

 I believe all our projects comply with FOSS license but its a good thing
to check if everything is properly setup in their repo's.This tool helps
automate the process.


Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160719/5867c530/attachment.html>

More information about the OWASP-Leaders mailing list