Vol. 13, No. 7, pp. 299-310,
Jul. 2024
10.3745/TKIPS.2024.13.7.299
PDF
Abstract
Software is expensive, labor-intensive, and time-consuming to develop. To solve this problem, many organizations turn to publicly
available open source, but they often do so without knowing exactly what they're getting into. Older versions of open source have various
security vulnerabilities, and even when newer versions are released, many users are still using them, exposing themselves to security threats.
Additionally, compliance with licenses is essential when using open source, but many users overlook this, leading to copyright issues.
To solve this problem, you need a tool that analyzes open source versions, vulnerabilities, and license information. Traditional Blackduck
provide a wealth of open source information when you request the source code, but it's a heavy lift to build the environment. In addition,
Fossology extracts the licenses of open source, but does not provide detailed information such as versions because it does not have
its own database. To solve these problems, this paper proposes a version and license detection tool that identifies the open source of
a user's source code by measuring the source code similarity, and then detects the version and license. The proposed method improves
the accuracy of similarity over existing source code similarity measurement programs such as MOSS, and provides users with information
about licenses, versions, and vulnerabilities by analyzing each file in the corresponding open source in a web-based lightweight platform
environment. This solves capacity issues such as BlackDuck and the lack of open source details such as Fossology.
Statistics
Cite this article
[IEEE Style]
K. Kim, S. Yoon, S. Kim, I. Lee, "A Study on Open Source Version and License Detection Tool," The Transactions of the Korea Information Processing Society, vol. 13, no. 7, pp. 299-310, 2024. DOI: 10.3745/TKIPS.2024.13.7.299.
[ACM Style]
Ki-Hwan Kim, Seong-Cheol Yoon, Su-Hyun Kim, and Im-Yeong Lee. 2024. A Study on Open Source Version and License Detection Tool. The Transactions of the Korea Information Processing Society, 13, 7, (2024), 299-310. DOI: 10.3745/TKIPS.2024.13.7.299.