LG opens open-source licence compliance tool source

Shine chaebol's FOSSlight on your projects, careful what you find


Korean mega-corp LG has open-sourced the in-house toolbox it uses identify and manage open-source software licences within its own business.

Known as FOSSlight, the suite helps users to ensure they are using code as permitted by its licence, looks out for known vulnerabilities in free and open-source software (FOSS) so that developers address those holes, and can also check FOSS libraries and projects offered by third parties.

The software thus creates a workflow for checking compliance.

The FOSSlight GitHub repo includes the FOSSlight Source scanner, which as the name implies scans code and detects wording related to copyright and licences. Whatever the scanner finds is added to spreadsheet files developers and their managers can use to audit their projects for compliance.

There’s also the FOSSLight Dependency Scanner that reviews your code and reports any open-source dependencies you need to know about. The Dependency Scanner works with the Gradle, Maven, npm, Pip, Pub, and Cocoapods package managers, so covers Java, Node.js, Python, Dart, and Swift.

FOSSlight is offered under the GNU Affero General Public License version 3 and has its own website complete with demos and English-language documentation here.

LG’s not explained why it’s decided to release the suite, other than to say it perceives increased use of open source software and thinks its tool can be helpful. So helpful that South Korea's Electronics and Telecommunications Research Institute has decided to adopt FOSSlight for its own compliance requirements.

LG has form in being careful with FOSS as shown by our 2016 encounter with one of the company's robot vacuum cleaners that helpfully included plenty of detail about the FOSS used to help it scoop up dirt. ®

Similar topics


Other stories you might like

Biting the hand that feeds IT © 1998–2021