CN111274548A - Method and device for determining open source software license compliance - Google Patents
Method and device for determining open source software license compliance Download PDFInfo
- Publication number
- CN111274548A CN111274548A CN202010051358.2A CN202010051358A CN111274548A CN 111274548 A CN111274548 A CN 111274548A CN 202010051358 A CN202010051358 A CN 202010051358A CN 111274548 A CN111274548 A CN 111274548A
- Authority
- CN
- China
- Prior art keywords
- open source
- license
- license information
- source software
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 5
- 238000004458 analytical method Methods 0.000 abstract description 7
- 238000012790 confirmation Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/105—Arrangements for software license management or administration, e.g. for managing licenses at corporate level
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method for determining source software License compliance, which comprises the steps of obtaining external License information on a License website and obtaining License information in open source software; matching the acquired License information with License information of open source software to be confirmed, and if the matching results are the same, determining the acquired License information as the License information of the open source software; and outputting the License information result of the open source software to a page. The closed loop is formed from collection of License information, analysis and matching of open source software, final License information and confirmation and display, and is obviously enriched compared with single analysis.
Description
Technical Field
The invention relates to the field of software detection, in particular to a method and a device for determining open source software license compliance.
Background
License Chinese is translated into a License, the definition is a declaration file issued by general software for protecting rights and rights, copyright and the like, and the file format can be txt, html and the like.
Open source software is a key factor for improving productivity and software quality, and can improve product competitiveness by correctly using the open source software, but under the pressure that product functions are continuously updated and development cycles are continuously shortened, the open source software in codes is difficult to effectively identify and manage, so that the open source software which is not managed can bring various risks such as open source license violation. Most open source software has issued licenses, if the open source software is used, the requirements of the licenses (License) of the open source software should be observed, if the open source software is not used, the obligations required by the licenses are not observed, namely the open source software is illegally used, the risk of License compliance is caused, however, foreign software is inconvenient in language communication, products of the type are not very friendly to domestic software manufacturers, the response of customization requirements is slow, the limitation conditions are many, and the like. The software in the aspect of China still belongs to the starting stage, and no mature product is available for the moment. The market demands for this aspect, and the related technologies and products are urgently needed.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: the utility model provides a method and a device for determining the License compliance of open source software, which aims to solve the problem that the information confirmation of License in the open source software is difficult to process.
In order to solve the technical problems, the invention adopts the technical scheme that: provided is a method for determining open source software license compliance, including:
acquiring external License information on a License website and acquiring License information in open source software;
matching the acquired License information with License information of open source software to be confirmed, and if the matching results are the same, determining the acquired License information as the License information of the open source software;
and outputting the License information result of the open source software to a page.
Further, acquiring real-time updated external License information on a License website at regular time;
and temporarily storing the acquired external License information.
Further, License information in open source software is automatically acquired, and a feature file of the License information is extracted;
determining whether a feature file is extracted or not, and if the feature file is extracted from the License information, directly extracting the feature file from the License information in the open source software;
analyzing the feature file to obtain feature file information;
and temporarily storing the characteristic information.
Further, if the characteristic file is not extracted from the License information, automatically finding out the characteristic file of the License information from the open source community according to the project information of the open source software;
and temporarily storing the feature file.
Further, whether License information in the open source software is acquired automatically is determined to be successful, and if the License information in the open source software is acquired automatically, manually found feature files are acquired;
and temporarily storing the feature file.
Further, a software description, license _ name, or url address.
Further, extracting a feature file in the License information of the open source software to be confirmed, and temporarily storing the feature file;
correspondingly matching the feature file obtained from the License information with the feature file obtained from the License information of the open source software to be confirmed;
if the matching information is the same, the License information is obtained and determined as the License information of the open source software;
and temporarily storing the feature file.
Further, if the matching information is different, acquiring manually found feature files for re-matching, and temporarily storing the feature files;
and determining to acquire the License information as the License information of the open source software when the matching information is the same.
Further, the device for determining the open source software license compliance comprises a collecting module, a matching module and a confirming module,
the collection module is applied to the external License information and the License information in the open source software to search and update the License information in real time;
the identification matching module is applied to matching the external License information with License information in open source software;
and the display module is applied to the external License information to determine that the License display result of the open source software is on a page.
Further, a computer-readable storage medium, in which a computer program is stored, is characterized in that the computer program is used for a processor to execute the method steps of the method
The invention has the beneficial effects that: the closed loop is formed by collecting License information, analyzing and matching open source software and the final License information and confirming and displaying, so that the method is obviously enriched compared with single analysis, various collection methods are integrated when the License information is collected, the precision in the analysis and matching process is high, the open source software in the code is effectively identified and managed, and the risk of compliance is reduced.
Drawings
The detailed structure of the invention is described in detail below with reference to the accompanying drawings
FIG. 1 is a flow chart of the method steps performed by the present invention;
FIG. 2 is a flow chart of the apparatus according to the present invention.
Detailed Description
In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, step S101 includes two ways of collecting licenses, one obtained from external websites, one obtained by analyzing open source software, the first external website obtaining popular licenses, the second obtaining License from small people by analyzing open source software, and the two combined together exist in a License definition table to complete the License information, wherein the obtaining of external License information on the License website requires timing from external License information on the License website, such as spdx official website, website address (https:// spdx.org/licenses), here License list information collected by spdx, such as openness website, website address (https:// opencontent. org/licenses), and the like, obtaining and popular License information from these websites, storing the License list information in the License list information, and issuing real-time License information to the License list, the License information in the open source software is acquired by scanning all open source software (source code packages of the open source software or compiled packages), the sources of the open source software packages are from maven or github, the License information in the open source software is automatically acquired and the characteristic files of the License information are extracted, whether the characteristic files are extracted or not is determined, if the characteristic files are extracted from the License information, the characteristic files are directly extracted from the License information in the open source software, the characteristic files are analyzed to obtain the characteristic file information, the characteristic information is temporarily stored in a list, if the characteristic files are not extracted from the License information, the characteristic files of the License information are automatically searched from an open source community according to the project information of the open source software, the characteristic files are temporarily stored in the list to determine whether the License information in the open source software is automatically acquired successfully or not, if the License information in the open source software fails to be automatically acquired, acquiring a manually found feature file, and temporarily storing the feature file, wherein the feature file may be a segment of software description, License _ name (possibly name) or url address, and temporarily storing the feature file in a list. The following LGPL is an example of a specific configuration of License information. Each License has a unique id called License id, which is the abbreviation of the License. Corresponding to License id is name, which is the full name of License. Other information is not important and is some reference information about the License, such as reference, indicating the website to which the License can refer, isdeccameduledenseid indicating whether it is expired, isFsfLibre belonging to free software, seeAlso indicating that the License can obtain more specific information from other websites (such as https:// opensource. org/licenses/LGPL-2.1, here, detailed information about the LGPL-2.1 License).
Step S102 comprises the steps of matching the acquired License information with License information of open source software to be confirmed, wherein a feature file in the License information of the open source software to be confirmed is automatically extracted and temporarily stored; correspondingly matching the feature file in the acquired License information with the feature file acquired by the License information of the open source software to be confirmed, if the matching results are the same, determining the acquired License information as the License information of the open source software, if no characteristic file is extracted from the License information to be confirmed, automatically finding out the characteristic file of License information from the open source community according to the project information of the open source software, then determining whether the License information in the source software to be confirmed is acquired automatically successfully or not, if the License information in the source software to be confirmed is acquired automatically and fails, the manually found signature file is obtained and is temporarily stored in a list, specifically, first, a look-up, such as a reference field, or the url stored in the seeelso field, if the match is complete, the License is considered as the License of the open source software. And secondly, according to the file feature information License _ name, if the License _ name is the same in the License table, the License is regarded as the License of the open source software. If neither file feature information url nor license _ name collects information, the information can be identified only according to a large segment of software description information, and an error may exist in the identification, and a specific method may be to identify the license by identifying keywords in the description information by using a text analysis method.
If the matching information is different, acquiring manually found feature files for re-matching, and temporarily storing the feature files;
the License information is determined to be acquired as the License information of the open source software if the matching information is the same, specifically, if the text analysis cannot be performed, only manual identification is performed, matching is performed by acquiring the feature file information in the License information of the open source software which is manually identified and the License information is the same or to be confirmed, and finally the License information is determined to be acquired as the License information of the open source software, wherein the matching list is as follows
| Open source software id | Open source software name | license_ur1 | license_name | license_description |
The corresponding relation between the program or manual successful identification description information and license is stored in a table, if the description collected in other open source software exists in the table at the next time, the description can be directly identified without text analysis or manual identification, as shown in the following figure,
| license_description | license_id |
step S103 comprises outputting the License information result of the determined open source software to a page. And stored in the list, License information determined as open source software is shown in the following figure,
| open source software id | license_id |
The output page is divided into a list page and a detail page.
As shown in fig. 2, an open source software license compliance determining apparatus includes a collecting module, a matching module and a confirming module,
the collection module is applied to the external License information and the License information in the open source software to search for and update the License information in real time;
the recognition matching module is applied to matching the external License information with License information in open source software;
and the display module is used for confirming that the external License information is the License information in the open source software and outputting the result on a page.
A computer-readable storage medium, in which a computer program is stored for execution by a processor for carrying out the above-mentioned method steps.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A method for determining open source software license compliance, the method comprising:
acquiring external License information on a License website and acquiring License information in open source software;
matching the acquired License information with License information of open source software to be confirmed, and if the matching results are the same, determining the acquired License information as the License information of the open source software;
and outputting the License information result of the open source software to a page.
2. The method for determining the open source software License compliance according to claim 1, wherein the acquiring of the external License information on the License website specifically comprises:
acquiring real-time updated external License information on a License website at regular time;
and temporarily storing the acquired external License information.
3. The method for determining the License compliance of the open source software according to claim 1, wherein the acquiring License information in the open source software specifically includes:
automatically acquiring License information in open source software and extracting a feature file of the License information;
determining whether a feature file is extracted or not, and if the feature file is extracted from the License information, directly extracting the feature file from the License information in the open source software;
analyzing the feature file to obtain feature file information;
and temporarily storing the characteristic information.
4. The method of determining open source software license compliance of claim 3, wherein said determining whether to extract a signature file further comprises:
if the characteristic file is not extracted from the License information, automatically searching the characteristic file of the License information from the open source community according to the project information of the open source software;
and temporarily storing the feature file.
5. The method of open source software License compliance determination of claim 4, wherein said automatically obtaining License information within open source software further comprises:
determining whether License information in open source software is successfully acquired automatically, and if the License information in the open source software is failed to be acquired automatically, acquiring a manually found feature file;
and temporarily storing the feature file.
6. The method for determining open source software license compliance of any one of claims 3 to 5, wherein the profile is: software description, license _ name, or url address.
7. The method of claim 1 or 6, wherein matching the obtained License information with License information of open source software to be validated comprises:
extracting a feature file in the License information of the open source software to be confirmed, and temporarily storing the feature file; correspondingly matching the feature file obtained from the License information with the feature file obtained from the License information of the open source software to be confirmed;
if the matching information is the same, the License information is obtained and determined as the License information of the open source software;
and temporarily storing the feature file.
8. The method for determining open source software license compliance of claim 7, wherein the matching information being the same specifically includes:
if the matching information is different, acquiring manually found feature files for re-matching, and temporarily storing the feature files;
and determining to acquire the License information as the License information of the open source software when the matching information is the same.
9. The device for determining the open source software license compliance is characterized by comprising a collecting module, a matching module and a display module,
the collection module is applied to the external License information and the License information in the open source software to search and update the License information in real time;
the identification matching module is applied to matching the external License information with License information in open source software;
and the display module is applied to the external License information to determine that the License display result of the open source software is on a page.
10. A computer-readable storage medium, in which a computer program is stored, which is characterized in that the computer program is adapted to be executed by a processor for carrying out the method steps according to one of the above-mentioned items 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010051358.2A CN111274548A (en) | 2020-01-17 | 2020-01-17 | Method and device for determining open source software license compliance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010051358.2A CN111274548A (en) | 2020-01-17 | 2020-01-17 | Method and device for determining open source software license compliance |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111274548A true CN111274548A (en) | 2020-06-12 |
Family
ID=70997340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010051358.2A Pending CN111274548A (en) | 2020-01-17 | 2020-01-17 | Method and device for determining open source software license compliance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111274548A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000931A (en) * | 2020-10-30 | 2020-11-27 | 深圳开源互联网安全技术有限公司 | Method, system, device and storage medium for obtaining Java open source component permission |
| CN112487366A (en) * | 2020-12-21 | 2021-03-12 | 中国信息通信研究院 | Method and device for determining software open source risk |
| CN112559330A (en) * | 2020-12-07 | 2021-03-26 | 深圳开源互联网安全技术有限公司 | Method for analyzing correctness of component detection result of open source software |
| CN113268714A (en) * | 2021-06-03 | 2021-08-17 | 西南大学 | Automatic extraction method for license terms of open source software |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959972A (en) * | 2010-12-15 | 2018-12-07 | 波音公司 | The rule-based safety of cooperation |
| CN109063421A (en) * | 2018-06-28 | 2018-12-21 | 东南大学 | A kind of analysis of open source licensing compliance and conflicting detection method |
| US20190005206A1 (en) * | 2017-06-30 | 2019-01-03 | Tata Consultancy Services Limited | Systems and methods to analyze open source components in software products |
-
2020
- 2020-01-17 CN CN202010051358.2A patent/CN111274548A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108959972A (en) * | 2010-12-15 | 2018-12-07 | 波音公司 | The rule-based safety of cooperation |
| US20190005206A1 (en) * | 2017-06-30 | 2019-01-03 | Tata Consultancy Services Limited | Systems and methods to analyze open source components in software products |
| CN109063421A (en) * | 2018-06-28 | 2018-12-21 | 东南大学 | A kind of analysis of open source licensing compliance and conflicting detection method |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112000931A (en) * | 2020-10-30 | 2020-11-27 | 深圳开源互联网安全技术有限公司 | Method, system, device and storage medium for obtaining Java open source component permission |
| CN112000931B (en) * | 2020-10-30 | 2021-03-02 | 深圳开源互联网安全技术有限公司 | Method, system, device and storage medium for obtaining Java open source component permission |
| CN112559330A (en) * | 2020-12-07 | 2021-03-26 | 深圳开源互联网安全技术有限公司 | Method for analyzing correctness of component detection result of open source software |
| CN112487366A (en) * | 2020-12-21 | 2021-03-12 | 中国信息通信研究院 | Method and device for determining software open source risk |
| CN112487366B (en) * | 2020-12-21 | 2024-03-12 | 中国信息通信研究院 | Method and device for determining software open source risk |
| CN113268714A (en) * | 2021-06-03 | 2021-08-17 | 西南大学 | Automatic extraction method for license terms of open source software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111274548A (en) | Method and device for determining open source software license compliance | |
| EP3380958A1 (en) | System and method for automatic validation | |
| CN111652162A (en) | Text detection and identification method for medical document structured knowledge extraction | |
| JP2007094775A (en) | Semantic analyzer, semantic analysis method and semantic analysis program | |
| CN110781381B (en) | Data verification method, device, equipment and storage medium based on neural network | |
| CN111563071A (en) | Data cleaning method and device, terminal equipment and computer readable storage medium | |
| CN110874534B (en) | Data processing method and data processing device | |
| CN111626813A (en) | Product recommendation method and system | |
| WO2019242125A1 (en) | Method and apparatus for acquiring upstream and downstream relationships between companies, terminal device and medium | |
| CN107463662B (en) | Dynamic Sql query method and device | |
| CN107368500B (en) | Data extraction method and system | |
| CN110806977A (en) | Test case set generation method and device based on product requirements and electronic equipment | |
| CN113157978B (en) | Data label establishing method and device | |
| CN105354224A (en) | Knowledge data processing method and apparatus | |
| CN111913874B (en) | Software defect tracing method based on syntactic structure change analysis | |
| CN107679055B (en) | Information retrieval method, server and readable storage medium | |
| US8903754B2 (en) | Programmatically identifying branding within assets | |
| CN109189372B (en) | Development script generation method of insurance product and terminal equipment | |
| Noughi et al. | Understanding the database manipulation behavior of programs | |
| CN116069808A (en) | Method and device for determining dependency information of database storage process and electronic equipment | |
| CN109783105B (en) | Coding statistical method, equipment, storage medium and device of enterprise service platform | |
| CN112818005A (en) | Structured data searching method, device, equipment and storage medium | |
| CN112241262A (en) | Software-defined satellite-oriented reusable code extracting, analyzing and retrieving method and device | |
| CN112711584A (en) | Data checking method, checking device, terminal equipment and readable storage medium | |
| CN109815297A (en) | A kind of tree access arithmetic system not depending on relational database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200612 |