Skip to content


Repository files navigation

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner is released under the Apache-2.0. Current python package version. REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.


πŸ“‹ Prerequisite

FOSSLight Scanner needs a Python 3.6+.

πŸŽ‰ How to install

It can be installed using pip3. It is recommended to install it in the python 3.7 + virtualenv environment.

$ pip3 install fosslight_scanner

πŸš€ How to run

FOSSLight Scanner is run with the fosslight command.

fosslight [Mode] [option1] <arg1> [option2] <arg2>...



        all                     Run all scanners(Default)
        source                  Run FOSSLight Source
        dependency              Run FOSSLight Dependency
        binary                  Run FOSSLight Binary
        prechecker              Run FOSSLight Prechecker
        compare                 Compare two FOSSLight reports


        -h                      Print help message
        -p <path>               Path to analyze (ex, -p {input_path})
                                 * Compare mode input file: Two FOSSLight reports (supports excel, yaml)
                                   (ex, -p {before_name}.xlsx {after_name}.xlsx)
        -w <link>               Link to be analyzed can be downloaded by wget or git clone
        -f <format>             FOSSLight Report file format (excel, yaml)
                                 * Compare mode result file: supports excel, json, yaml, html
        -o <output>             Output directory or file
        -c <number>             Number of processes to analyze source
        -r                      Keep raw data
        -t                      Hide the progress bar
        -v                      Print FOSSLight Scanner version

Ex 1. Local Source Analysis

$ fosslight all -p /home/source_path -d "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

Ex 2. Download Link and analyze

$ fosslight all -o test_result_wget -w ""

Ex 3. Compare the BOM of two FOSSLight reports with yaml or excel format and check the oss status (change/add/delete)

$ fosslight compare -p FOSSLight_before_proj.yaml FOSSLight_after_proj.yaml -f excel

πŸ“ Result

$ tree
β”œβ”€β”€ fosslight_log
β”‚Β Β  β”œβ”€β”€ fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

🐳 How to run using Docker

  1. Build image using Dockerfile.
$docker build -t fosslight .
  1. Run with the image you built.
    ex. Output: /Users/fosslight_source_scanner/test_output, Path to be analyzed: tests/test_files
$docker run -it -v /Users/fosslight_source_scanner/test_output:/app/output fosslight -p tests/test_files -o output

πŸ‘ How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

πŸ“„ License

FOSSLight Scanner is released under Apache-2.0.