Skip to content

maxhbr/LicenseScannerComparison

Repository files navigation

LicenseScannerComparison

This is a small project, which tries to compare different license scanners, by

  • try to find an almost complete list of usable license scanners
  • packaging each of them in a custom docker image, exposing a simple API (TODO: 5 are missing)
    • TODO pin versions of the scanners / commits of corresponding source, to make it reproducible
  • download and extract a set of example projects as source code
    • TODO maybe use extractcode or ununpack for recursive extracting?
    • TODO top 10-1000 GH projects
  • generating the output for each scanner
  • normalize and understand the output for each scanner
    • maybe a simple csv: filename;findings;comment, where
      • the filename relative to the source root
        • it might optionally start with an additional / or ./
      • the findings are comma separated
      • if line is not present, assume that it only contains the finding NOASSERTION
  • static page generator
    • TODO filter binary files by extension
  • compare the result to a courated reference result
    • TODO import of e.g. GPL-2.0+ Dual-license BSD-style results in single license
  • TODO generate images, which visualize the result in some kind of heatmap / chart

License Statement Scanner

Name Scanns for / via Wrapped Produce Pinned Normalized
askalono Top level license files X X
benbalter-licensee Top level license files X X
boyter-lc (blog) All licenses apply to whole folder X X X
codeauroraforum-lid X X X
debian-licensecheck X X X
fossology-monk Scanns single file X X X
fossology-nomos Scanns single file X X X
ninka (binary) Scanns single file X X X
gerv-slic X X X
go-license-detector (blog) Top level license files X X
google-licenseclassifier Scanns single file X X X
nexB-scancode-toolkit X X X

not yet supported / added scanners

Name
boyter-python-license-checker (blog) only POC? / older than lc
fossa-cli provided Dockerfile does not build / only metadata / talks to remote server?
oslc java / old (2007)
pombredanne-triplecheck java/ant

License Metadata Scanner

Code Duplication Scanner

  • BDP

Alternatives / other opinions

License

This project is licensed under MIT

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published