Skip to content
/ LPVS Public
forked from Samsung/LPVS

License Pre-Validation Service analyzes which open source components and licenses are used in every patch. It returns the list of restricted licenses and the possibility of license violation on the comment with the exact code location and the open source component information.

License

Notifications You must be signed in to change notification settings

m-rudyk/LPVS

 
 

Repository files navigation

License Pre-Validation Service (LPVS) Build CodeQL Analysis OpenSSF Best Practices OpenSSF Scorecard Release LICENSE codecov DOI Project Map

Introduction

Open-source code (that is a software that is freely available for use, study, modification, and distribution) must meet conditions of the respective license(s) of all of its dependencies. Miscompliance may lead to legal disputes, fines, obligation to disclose intellectual property, as well as reputational damage.

In projects with numerous external dependencies, it becomes challenging to track license obligations accurately. Also, when many collaborators are involved, the risk of unintentional license violations, such as through copy-pasting code snippets, increases. Furthermore, there are nuanced situations like dependencies with dual licensing or licenses that may change due to ownership, purpose, or legislative alterations. These factors can potentially turn previously safe dependencies into unsafe ones over time.

To address these license-related risks for open-source code, we have developed the License Pre-Validation Service (LPVS). This tool provides a solution to mitigate potential license issues. By analyzing the project, LPVS identifies its components and their respective licenses at every commit. Then it generates a list of potential issue cases, and communicates them to the developers as comments on GitHub. LPVS offers a comprehensive description of possible license violations, including the details on the location of risky code and an overview of the specific license-related issues.

With LPVS, we aim at assisting developers and project teams with ensuring license compliance for their open-source code. By providing insights into the potential license violations and their implications, LPVS enables proactive management of license-related risks throughout the development process.

We believe that LPVS will be an invaluable tool for maintaining the integrity of open-source projects and safeguarding against license infringements.

Features

  • License Scanners:

    LPVS integrates with the SCANOSS license scanner, allowing for comprehensive license analysis of the project's components. SCANOSS helps to identify the licenses associated with the codebase, ensuring the compliance with open-source license requirements. By leveraging SCANOSS, LPVS provides accurate and up-to-date information on the licenses used in the project.

  • GitHub Review System Integration:

    LPVS seamlessly integrates with the GitHub review system, enhancing the collaboration and code review process. LPVS automatically generates comments on GitHub, highlighting potential license violations or issues within the codebase. This integration streamlines the review process, making it easier for the developers and collaborators to identify and address license-related concerns directly within the GitHub environment.

  • Comprehensive Issue Description:

    LPVS provides a detailed and comprehensive description of possible license violations within the project. This includes specific information on the location of potentially risky code and an overview of the license-related issues at hand. By offering this comprehensive insight, LPVS enables the developers to have a clear understanding of license-related risks within their codebase and to take appropriate steps to mitigate them.

  • Continuous Monitoring:

    LPVS facilitates continuous monitoring of license-related risks throughout the development process. By analyzing each commit, LPVS ensures that any changes or additions to the codebase are assessed for potential license violations. This ongoing monitoring allows developers to proactively manage license compliance and address any issues that arise in a timely manner.

  • Risk Mitigation:

    LPVS aims at mitigating license-related risks by providing early detection and identification of potential violations. By alerting developers about potential issues and by providing the necessary information to understand and address them, LPVS empowers teams to take proactive steps to ensure compliance with open-source licenses. This helps mitigate the risk of legal disputes, financial liabilities, and reputational damage associated with license violations.

With these features, LPVS assists developers to manage license compliance for their open-source projects effectively. By integration with license scanning tools, supporting the GitHub review system, and providing comprehensive issue descriptions, LPVS offers a robust solution for identifying and addressing license-related risks in the software development lifecycle.


Quick Start Guide & Build


Frontend Source Code (React)

The frontend of the LPVS project is implemented using React. The corresponding code can be found in the frontend folder. For detailed information about the frontend, please refer to the Frontend README.

To ensure compatibility between the LPVS frontend and backend, it's important to build the backend with the "web" profile.


License

The LPVS source code is distributed under the MIT open source license.


Contributing

You are welcome to contribute to the LPVS project. Contributing is a great way to practice social coding on GitHub, learn new technologies, and enhance your public portfolio. If you would like to contribute, please follow the guidelines below:

Thank you for your interest in contributing to LPVS! Your contributions are highly appreciated.

About

License Pre-Validation Service analyzes which open source components and licenses are used in every patch. It returns the list of restricted licenses and the possibility of license violation on the comment with the exact code location and the open source component information.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Languages

  • Java 80.9%
  • CSS 9.7%
  • JavaScript 8.9%
  • Other 0.5%