Korean mega-corp LG has open-sourced the in-house toolbox it uses identify and manage open-source software licences within its own business.
Known as FOSSlight, the suite helps users to ensure they are using code as permitted by its licence, looks out for known vulnerabilities in free and open-source software (FOSS) so that developers address those holes, and can also check FOSS libraries and projects offered by third parties.
The software thus creates a workflow for checking compliance.
The FOSSlight GitHub repo includes the FOSSlight Source scanner, which as the name implies scans code and detects wording related to copyright and licences. Whatever the scanner finds is added to spreadsheet files developers and their managers can use to audit their projects for compliance.
There’s also the FOSSLight Dependency Scanner that reviews your code and reports any open-source dependencies you need to know about. The Dependency Scanner works with the Gradle, Maven, npm, Pip, Pub, and Cocoapods package managers, so covers Java, Node.js, Python, Dart, and Swift.
- LG intranet leaks suggest internal firesale of unsold, unreleased smartphones as biz exits the mobile market
- LG Electronics finally gives up cellphone business
- Let's roll the 3d6 dice on today's security drama: Ah, 15, that's LG allegedly hacked, source code stolen by Maze ransomware gang
- South Korea plans large scale quantum cryptography adoption, thanks in part to tech partnership with USA
LG’s not explained why it’s decided to release the suite, other than to say it perceives increased use of open source software and thinks its tool can be helpful. So helpful that South Korea's Electronics and Telecommunications Research Institute has decided to adopt FOSSlight for its own compliance requirements.
LG has form in being careful with FOSS as shown by our 2016 encounter with one of the company's robot vacuum cleaners that helpfully included plenty of detail about the FOSS used to help it scoop up dirt. ®