reuse-tool
scancode-toolkit
Our great sponsors
reuse-tool | scancode-toolkit | |
---|---|---|
10 | 4 | |
344 | 1,966 | |
3.8% | 2.3% | |
9.1 | 9.6 | |
3 days ago | 12 days ago | |
Python | Python | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
reuse-tool
-
Releasing AGPL3 project: SPDX vs full notice text and other questions
The SPDX header is due to a project called REUSE, which is spearheaded by the FSF Europe. You can read more about the project here. Basically you just have to add the copyright header in the format
-
License of the input data
I do add my personalized input data into the public repository where I upload my solutions. I add complete reuse-compatible licensing information to my files.
-
How to license my code if a component is gpl?
For projects that include vendored libraries under different licenses, it is becoming common to use Debian's copyright file format to describe which licenses apply to which source files. The data is usually placed in a file called /.reuse/dep5 (see the FSFE's Reuse Software project). If you want to enable fine-grained license checks, you can also include a machine-readable SPDX-License-Identifier line in each file.
- REUSE SOFTWARE – make licensing easy for humans and machines alike
-
Should I put license notices in all my source code files?
Check out https://reuse.software
- LwESP library for ESP32 and ESP8266
- Reuse Software Licensing
- Reuse: Make licensing easy for humans and machines alike
-
README/HACKING.md does not specify license and copyright terms
Putting the copyright and licensing information in every file was very common, and FSFEs reuse has some interesting specifications if compliance is an issue (e.g. I do not fully understand what the OpenSSL license included in the app-ios/tutanota/include folder covers, which also includes a APL-licensed files) - but thats a different topic.
-
Should I go with GPLv3?
No, but it's a good idea to mention the license you're using. You can use REUSE (https://github.com/fsfe/reuse-tool).
scancode-toolkit
- ScanCode: Scan license and packages, dependencies and origin information
-
User beware: Modified AGPLv3 removes freedoms, adds legal headaches
Hey, pabs3! Actually this is not using a rolling checksum for detection but rather a combo of language model, checksums, automatons, bitvectors, inverted indexes and multiple sequences alignment (e.g. a specialized diff). I put some docs there to explain the approach at ahttps://github.com/nexB/scancode-toolkit/blob/develop/src/li...
-
I've just started using python at work, is there anything I need to be careful about?
If you're concerned about licensing in your dependencies, use a license scanner like scancode toolkit. Similar scanners are available in products like JFrog Artifactory or GitLab (paid versions)
What are some alternatives?
spdx-license-matcher - A tool to match license text with SPDX license list using a an algorithm with finds close matches. It follows SPDX Matching guidelines to keep the substantial text as well as ignore the replaceable text for matching purposes.
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
degiro-trading-tracker - Simplified tracking of your investments
ort - A suite of tools to automate software compliance checks.
cyclonedx-gradle-plugin - Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
fossology - FOSSology is an open source license compliance software system and toolkit. As a toolkit you can run license, copyright and export control scans from the command line. As a system, a database and web ui are provided to give you a compliance workflow. License, copyright and export scanners are tools used in the workflow.
Neo4j - Graphs for Everyone
gpl-history
tern - Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
nbdev - Create delightful software with Jupyter Notebooks
sandia-public-license - This is not a license of honor. No highly esteemed copyright statement is written here.