| CPC G06F 21/105 (2013.01) [G06F 8/71 (2013.01); G06F 8/75 (2013.01)] | 10 Claims |
|
1. A processor implemented method comprising:
receiving a product embedded with one or more Open Source Software (OSS) components;
comparing each of the one or more OSS components in the product with OSS components available in the public domain and comprised in a first OSS database (DB1) to identify one or more matches there between based on attributes associated thereof;
categorizing, the one or more OSS components in the product having a match with the OSS components available in the first OSS database (DB1) as (i) OSS components having a strong copyleft license, (ii) OSS components having a permissive license or (iii) OSS components having a weak copyleft license;
identifying a license usage type for the one or more OSS components in the product categorized as having the weak copyleft license and the permissive license, wherein an OSS usage type is one of a snippet, a file or a library and wherein the library is further identified as one of a library-executable or a library-binary type;
defining the OSS usage type of the one or more OSS components as snippets (Snip), file (Fil), a Static library (Comps), a dynamic library(Compd), and determining if a component is modified, wherein when the usage type is the snippets (Snip) for the OSS component then the component to have attribute of modification, and the snippets (Snip) is indicative of one or more attributes for the one or more OSS components used as part of software development and wherein the Static library (Comps) and the dynamic library (Compd) is indicative of one or more listed open source components being used as part of software development;
identifying as one or more unidentified components, the one or more OSS components in the product having no match with the OSS components available in the first OSS database (DB1) or having a match but characterized by at least one missing attribute;
periodically comparing the one or more unidentified components with the OSS components in the first OSS database (DB1) to identify one or more new matches, wherein the OSS components available in the public domain and comprised in the first OSS database (DB1) are updated continually based on information available in a world wide web;
updating a second OSS database (DB2) comprising at least some of the one or more OSS components in the product having the one or more new matches, wherein the one or more new matches, the one or more unidentified components are categorized as at least of the one or more proprietary components and OSS components being previously available in the public domain;
performing an OSS compliance analysis for the one or more OSS components in the product based on the usage type, the attributes associated thereof comprised in the second OSS database (DB2) and one or more pre-defined rules, wherein the attributes are stored in the second OSS database (DB2) in a pre-defined format that facilitates faster retrieval of information from the second OSS database (DB2), wherein the attributes stored in the second OSS database (DB2) in the pre-defined format include OSS component name, followed by OSS component version, followed by OSS component home page URL, followed by OSS component license type, followed by OSS component license URL, followed by OSS component attribution note, followed by the license usage type, followed by commercial distribution permission, followed by OSS component compile permission, followed by license compatibility with the OSS component license type associated with other OSS components comprised in the product or compatibility with proprietary license;
generating a comprehensive report (R5) based on the OSS compliance analyses, wherein the comprehensive report (R5) includes a final attribute for each of the one or more OSS components in the product indicative of compliance with the attributes of each of the one or more OSS components comprised therein,
adaptively learning the one or more OSS components and the attributes associated thereof comprised in the comprehensive report (R5) and updating the second OSS database (DB2); and
determining that the one or more OSS components that are selected for a final deliverable based on the final attribute, wherein the one or more OSS components that are selected for the final deliverable are either compiled with the proprietary component or not compiled with the proprietary component but are part of the final deliverable and accordingly a list is created for the OSS components that are complied with the proprietary component and another list for the OSS components which are part of the final deliverable but are not compiled.
|