FOSSology
FOSSology is an open source license compliance software system and toolkit. It helps organizations comply with free and open source software licenses by providing features like automated scanning, manual verification, copyright detection and license identification.
FOSSology: Open Source License Compliance Software
Automate your compliance with free and open source software licenses using FOSSology, a comprehensive toolkit for automated scanning, manual verification, copyright detection, and license identification.
What is FOSSology?
FOSSology is a free and open source software tool designed to help organizations comply with the licenses of free and open source software they use. It provides a combination of automatic and manual tools for scanning source code, identifying licenses and copyrights, and tracking obligations and compliance issues.
Key features of FOSSology include:
- Automated scanning of source code archives to detect licenses, copyrights and dependencies
- Web-based interface for uploading code, configuring scans and browsing results
- Utilities for manually verifying automated scan results
- Integration with SPDX for standardizing license expressions
- Copyright detection using pattern matching and comment analysis
- Interfaces for exporting scan reports and license findings
- Role-based access control for users and groups
- APIs for integrating with other systems
FOSSology helps organizations by simplifying license compliance processes that might otherwise require extensive manual audits. By combining automated scanning with a system for human review, FOSSology provides efficient and accountable license analysis capabilities. The project is under active development by a community of open source contributors.
FOSSology Features
Features
- Scans source code to detect licenses and copyrights
- Provides both automated scanning and manual verification of licenses
- Identifies licenses and highlights any conflicts or compliance issues
- Integrates with existing build tools and continuous integration pipelines
- Generates detailed reports on license usage and obligations
- Web UI and REST API for integration into other systems
- Plugin architecture to extend functionality
- Built-in copyright detection using pattern matching
- Supports SPDX license identifiers
Pricing
- Open Source
Pros
Automates and simplifies open source license compliance
Free and open source software
Customizable through plugins
Integrates into existing workflows
Large license database with SPDX support
Helps ensure license obligations are met
Reduces legal risks associated with open source usage
Cons
Requires some setup and configuration
Scanning can be slow for large codebases
Limited native integrations with proprietary tools
Additional work needed to track licenses manually added to code
Functionality focused on license compliance, not broader governance
Reviews & Ratings
Login to ReviewThe Best FOSSology Alternatives
View all FOSSology alternatives with detailed comparison →
Top Development and Open Source and other similar apps like FOSSology
Here are some alternatives to FOSSology:
Suggest an alternative ❐
WhiteSource
WhiteSource is an end-to-end open source security and management platform that provides visibility, security and license compliance for open source components. Some key features of WhiteSource include:Automatic detection of open source components - WhiteSource scans code repositories and build tools to detect all open source libraries and dependencies.Security vulnerability monitoring...
FOSSA
FOSSA is an open source license compliance management platform designed to help developers and enterprises follow open source licensing requirements. It provides the following key features:Scans code repositories to detect open source dependencies, including direct and transitive dependencies.Identifies licenses for each dependency and checks for license compatibility issues or conflicts.Generates...
Palamida Standard Edition
Palamida Standard Edition is a software composition analysis and open source license management tool. It scans application code to identify all open source components used, including copyleft and security vulnerabilities. It then provides detailed composition analysis reports that allow organizations to ensure license compliance, manage security risks, and optimize their...
ScanCode
ScanCode is an open source license scanner and compliance tool. It is designed to help organizations and developers comply with open source software license obligations by automatically scanning code and identifying licenses, copyrights, and dependencies.Some key features and capabilities of ScanCode include:Scans codebases to detect licenses, copyrights, packages and dependenciesSupports...
WhiteSource Bolt
WhiteSource Bolt is an open source security and management platform designed to help organizations control and secure the open source components in their software projects. It works by automatically detecting all open source dependencies in code repositories and build environments, identifying security vulnerabilities, outdated libraries, and license compliance issues.Key features...
Protex
Protex is a software composition analysis and intellectual property management tool developed by Synopsys. It helps organizations identify and inventory open source code and third-party software components within their proprietary code to assess quality, security, and compliance risks.Key features of Protex include:Scanning code to detect open source licenses, copyrights, vulnerabilities,...
OSS Deep Discovery
OSS Deep Discovery is a network security solution from Trend Micro that provides advanced threat detection, in-depth analysis, and rapid response capabilities against advanced persistent threats (APTs) and targeted attacks. It works by monitoring network traffic across multiple protocols and platforms to detect a wide range of threats.Deep Discovery uses...
Licensee
Licensee is an open source command-line tool and Ruby gem created by GitHub that detects licenses of dependencies in software projects. It scans package manifests and file contents to identify licenses and license metadata of dependencies. Licensee matches this information against a curated list of known licenses to provide details...
Protecode Compact
Protecode Compact is a lightweight software composition analysis tool used to scan source code to identify open source components, license obligations, and security vulnerabilities. It is designed for small development teams who need to manage open source usage, comply with open source licenses, and address security risks in their software...
