Software code analysis and classification system and method
First Claim
1. A method for analyzing source code for the existence of a licensing condition to provide a classification, comprising:
- storing source code and license information in a datastore, the source code having a license associated therewith and the license information including a classification of each license stored in the datastore, the classifications of the licenses being based on an attribute of the licenses, wherein the classifications define at least one term or condition associated with each class of licenses;
receiving input software code to be analyzed for the at least one term or condition;
parsing the input software code to determine if a portion of the input software code matches source code in the datastore;
determining licenses associated with the portions of the input software code that match the source code to ascertain classifications of the licenses, the classification of the licenses, comprising;
defining a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived;
defining a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and
defining a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; and
generating an output report containing the classifications for the input software code.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods for scanning software for the existence of a licensing condition. Software may be uploaded, scanned and compared against known software stored in a datastore. If the uploaded software matches known software in the datastore, a license associated with the known software may be determined. The license may have information associated with it, such as a classification based on risk and obligations. The classification of the license, as well as the obligation information may be returned as a report to a requester that uploaded software to easily identify the risks associated with incorporating the software into a larger code base or project.
-
Citations
18 Claims
-
1. A method for analyzing source code for the existence of a licensing condition to provide a classification, comprising:
-
storing source code and license information in a datastore, the source code having a license associated therewith and the license information including a classification of each license stored in the datastore, the classifications of the licenses being based on an attribute of the licenses, wherein the classifications define at least one term or condition associated with each class of licenses; receiving input software code to be analyzed for the at least one term or condition; parsing the input software code to determine if a portion of the input software code matches source code in the datastore; determining licenses associated with the portions of the input software code that match the source code to ascertain classifications of the licenses, the classification of the licenses, comprising; defining a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived; defining a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and defining a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; and generating an output report containing the classifications for the input software code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of managing a software codebase, comprising:
-
indentifying a software object to be included or included within the software codebase; determining if the software object is subject to a restriction; analyzing the software object to classify the software object into a category, the category being determined in accordance with; a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived; a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; determining a use of the software object in accordance with a policy; and determining compliance actions based on the category or the policy. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium having a program for analyzing software code, the program when executed by a computing device performing the steps of:
-
defining code and associated code information in a datastore, the code information including a category of licenses stored in the datastore, the category defining terms and conditions associated with each license, the category being further determined in accordance with; a first class wherein there is no requirement that derivative works use the same open source license as original code from which it is derived; a second class wherein derivative works that contain code from the original code from which it is derived must be licensed with the same license, but however, files that do not contain the original code may be licensed in any manner; and a third class wherein any file that is combined with the original code must be licensed under the same license as the original code; receiving an input to be analyzed for a licensing terms and conditions; determining if a portion of the input matches known code or code information in the datastore; and generating an output report based on the determining step. - View Dependent Claims (17, 18)
-
Specification