SYSTEMS AND METHODS TO ANALYZE OPEN SOURCE COMPONENTS IN SOFTWARE PRODUCTS
First Claim
1. A processor implemented method (200) comprising:
- receiving a product embedded with one or more Open Source Software (OSS) components (202);
comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof (204);
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft (206);
identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary (208);
identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute (210);
periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain (212);
updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain (214);
performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules (216);
generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein (218); and
adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2) (220).
1 Assignment
0 Petitions
Accused Products
Abstract
Considering the number of OSS components and the number of OSS license types available today, the number of license attributes to be considered for analyzing a product at a granular level is a challenge to perform manually, prudently considering legal implications of non-compliance and contamination and also within the limited time available today before go to market in the software industry. Systems and methods of the present disclosure intelligently facilitates a matrix which is able to identify OSS components in a deliverable and also facilitates the product owner to identify proprietary IP that can be suitably protected and licensed without contamination by the accompanying OSS components in the product under consideration. License attributes of the OSS components are mapped suitably and a final attribute is derived for each OSS component embedded in the product under consideration.
-
Citations
11 Claims
-
1. A processor implemented method (200) comprising:
-
receiving a product embedded with one or more Open Source Software (OSS) components (202); comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof (204); categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft (206); identifying a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary (208); identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute (210); periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain (212); updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain (214); performing an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules (216); generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein (218); and adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2) (220). - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
one or more data storage devices (102) operatively coupled to one or more hardware processors (104) and configured to store instructions configured for execution by the one or more hardware processors to; receive, a product embedded with one or more Open Source Software (OSS) components; compare each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof; categorize, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft; identify a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary; identify as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute; periodically compare the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain; update a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain; perform an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules; generate a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; and adaptively learn the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and update the second OSS database (DB2). - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer program product comprising a non-transitory computer readable medium having a computer readable program embodied therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
receive, a product embedded with one or more Open Source Software (OSS) components; compare each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches therebetween based on attributes associated thereof; categorize, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft; identify a usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein the license usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary; identify as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute; periodically compare the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches based on continual updation of OSS components available in the public domain; update a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more matches, the one or more new matches, the one or more unidentified components categorized as one or more proprietary components and OSS components previously available in the public domain; perform an OSS compliance analyses for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules; generate a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein; and adaptively learn the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and update the second OSS database (DB2).
-
Specification