https://github.com/chaoss/augur-license
Augur's Open Source License coverage tool. Provides license identification by file, identification of non-OSI compliant licenses, and percentage of a project with license declarations. Also provides a downloadable SBOM with license information by file. Integrated with Augur, and leveraging Fossology scanners and DosocsV2.
Science Score: 36.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
✓.zenodo.json file
Found .zenodo.json file -
○DOI references
-
○Academic publication links
-
✓Committers with academic emails
1 of 2 committers (50.0%) from academic institutions -
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (16.6%) to scientific vocabulary
Repository
Augur's Open Source License coverage tool. Provides license identification by file, identification of non-OSI compliant licenses, and percentage of a project with license declarations. Also provides a downloadable SBOM with license information by file. Integrated with Augur, and leveraging Fossology scanners and DosocsV2.
Basic Info
Statistics
- Stars: 8
- Watchers: 11
- Forks: 1
- Open Issues: 4
- Releases: 2
Metadata Files
README.md
Augur-License
Dependencies
- Python 3.7 or later version
- PostgreSQL 8.x or later version (can be on a separate machine)
- Installed instance of Augur that has had the
facade workerrun at least one time. Without this step there will be no cloned repos to scan. - Necessary libraries for compilation of python source:
sudo apt install gcc sudo apt install python3-dev sudo apt-get install libpq-dev
Python libraries:
- All Python dependencies are handled automatically by pip during installation.
Augur-SPDX runs as a process to populate the SPDX schema with SPDX license information in Augur. Available Fossology license scanners only compile on Ubuntu's current long term maintenance version due to library dependencies. Believe us, we have spent many hours trying to compile on Mac OSX and Fedora. In the future, we will provide a docker container to enable this functionality across platforms
Installation
Step 1 - Download and install
git clone https://github.com/chaoss/augur-spdx- Create a python3 virtual enviornment
virtualenv --python=python3 venv-name - Activate Python virtual environment
source venv-name/bin/activate pip install .sudo make install-spdxNote: It is necessary to compile using sudo because the license scanners provided by Fossology are designed only to be installed at the system level
Step 2 - Install System Level libmagic
sudo apt install libmagic1
This is necessary for the scanners
Step 3 - Initialize the Database Schema (spdx)
NOTE: You can also use these steps to reinitialize or update a database
1. python3 initial.py <path to augur instance root>
Example: python3 initial.py ../augur-chaoss
2. After this, run dosocs2 dbinit --config dosocs2.conf in the augur-spdx directory
3. The program will prompt you to ensure that you have the right database. Please double check
4. Any existing tables that fit the schema will be dropped, and a new set of tables will be created and populated.
Step 3 - Run Augur-SPDX
NOTE: You can only run one instance of Augur-SPDX at at time
1. nohup python3 director.py <path to augur instance root> >spdx.log 2>spdx.err &
Example: nohup python3 director.py ../augur-chaoss >spdx.log 2>spdx.err &
2. Wait about 30 seconds to allow the program to run.
3. tail -30 spdx.log - Check that licenses are being scanned.
4. cat spdx.err - Check for errors.
5. When the process finishes, check to see if there are any Augur repos not in the mapping table by executing cat spdx.log | grep MAPPING .
- If you see any problems, create an issue with the full output of the log at https://github.com/chaoss/augur-spdx
Augur-SPDX Description and Purpose
Augur-SPDX is a command-line tool for managing SPDX documents and data. It can scan source code distributions to produce SPDX information, store that information in a relational database, and extract it in a plain-text format on request.
The discovery and presentation of software package license information is a complex problem facing organizations that rely on open source software within their innovation streams. Augur-SPDX enables creation of an SPDX document for any software package to represent associated license information. In addition, Augur-SPDX can be used in the creation and continuous maintenance of an inventory of all open-source software used in an organization. The primary audience for Augur-SPDX is open source software teams seeking to advance the representation and maintenance of open source software package license information.
SPDX is a standard format for communicating information about the contents of a software package, including license and copyright information. Augur-SPDX supports the SPDX standard.
History
Augur-SPDX owes its software name and concept to the DoSOCS tool created by Zac McFarland, which in turn was spun off from the do_spdx plugin for Yocto Project, created by Jake Cloyd and Liang Cao. Augur-SPDX aims to fill the same role as DoSOCS, but with support for future versions of Augur, a larger feature set, and a more modular implementation.
Maintainers
License and Copyright
Copyright © 2015 University of Nebraska at Omaha
Copyright © 2022 University of Nebraska at Omaha, and University of Missouri
All associated documentation is licensed under the terms of the Creative Commons Attribution Share-Alike 3.0 license. See the file CC-BY-SA-3.0 for more details.
(This work has been funded through the National Science Foundation VOSS-IOS Grant: 1122642, the Sloan Foundation, and the Reynolds Journalism Institute at the University of Missouri.)
Owner
- Name: CHAOSS
- Login: chaoss
- Kind: organization
- Website: https://chaoss.community/
- Twitter: chaossproj
- Repositories: 64
- Profile: https://github.com/chaoss
GitHub Events
Total
- Watch event: 1
- Push event: 2
Last Year
- Watch event: 1
- Push event: 2
Committers
Last synced: about 1 year ago
Top Committers
| Name | Commits | |
|---|---|---|
| Sean P. Goggins | o****s@a****g | 39 |
| Matt Snell | m****l@u****u | 21 |
Committer Domains (Top 20 + Academic)
Issues and Pull Requests
Last synced: about 1 year ago
All Time
- Total issues: 1
- Total pull requests: 17
- Average time to close issues: N/A
- Average time to close pull requests: 3 months
- Total issue authors: 1
- Total pull request authors: 4
- Average comments per issue: 5.0
- Average comments per pull request: 0.12
- Merged pull requests: 12
- Bot issues: 0
- Bot pull requests: 3
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
- sgoggins (1)
Pull Request Authors
- sgoggins (10)
- dependabot[bot] (5)
- Nebrethar (3)
- TrellixVulnTeam (1)
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- Jinja2 ==2.10.1
- MarkupSafe ==1.1.0
- SQLAlchemy ==1.2.16
- beaker *
- click *
- coloredlogs *
- docopt ==0.6.2
- libmagic *
- pathlib *
- psutil *
- psycopg2-binary *
- python-magic ==0.4.15
- requests *
- setuptools *
- six >=1.14.0
- wheel *
- SQLAlchemy *
- docopt *
- jinja2 *
- psycopg2 *
- python-magic *
- requests *
- click *
- flask *
- pathlib *
- psycopg2-binary *
- requests *