FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

Related tags

Security related resourcesfosslight_scanner
Overview

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner is released under the Apache-2.0. Current python package version. REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.

Contents

๐Ÿ“‹ Prerequisite

FOSSLight Scanner needs a Python 3.6+.

๐ŸŽ‰ How to install

It can be installed using pip3. It is recommended to install it in the python 3.6 + virtualenv environment.

$ pip3 install fosslight_scanner

๐Ÿš€ How to run

FOSSLight Scanner is run with the fosslight command.

Parameters

    -h                        Print help message
    -r                        Keep raw data 
    -p 
   
                     Path to analyze source
    -w 
                     Link to be analyzaed can be downloaded by wget or git clone
    -o 
                   Output Directory or file
    -f 
     
                     Output file format (excel, csv, opossum)
    -c 
      
                       Number of processes to analyze source
    -d 
       
         Additional arguments for running dependency analysis

Ex 1. Local Source Analysis

$ fosslight -p /home/source_path -a "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

Ex 2. Download Link and analyze

$ fosslight -o test_result_wget -w "https://github.com/LGE-OSS/example.git"

๐Ÿ“ Result

$ tree
.
โ”œโ”€โ”€ fosslight_log
โ”‚   โ”œโ”€โ”€ fosslight_log_20210924_022422.txt
โ””โ”€โ”€ FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

๐Ÿ‘ How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

๐Ÿ“„ License

FOSSLight Scanner is released under Apache-2.0.

Comments
  • does not work fosslight_scanner in Windows 10

    does not work fosslight_scanner in Windows 10

    Describe the bug does not work fosslight_scanner in Windows 10 Home 21H2

    To Reproduce fosslight_scanner What are you going to analyze? (1/2) 1. Links that can be cloned by git or wget 2. Local source path 1 Enter the link to analyze:https://github.com/LGE-OSS/example

    Expected behavior

    Enter the link to analyze:https://github.com/LGE-OSS/example Link to download: https://github.com/LGE-OSS/example

    • FOSSLight Downloader - Result :False module 'signal' has no attribute 'SIGALRM' Download failed: module 'signal' has no attribute 'SIGALRM'

    System environment (please complete the following information):

    • OS: Windows 10 Home 21H2
    • Python : python 3.9.12 (with Anaconda 3)
    bug 
    opened by kjhcav 3
  • Support yaml format of FOSSLight Report

    Support yaml format of FOSSLight Report

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    Support yaml format of FOSSLight Report

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by dd-jy 2
  • Fix bug about dep. arg input when not dep. running

    Fix bug about dep. arg input when not dep. running

    Description

    • Fix bug about dep. arg input when not dep. running
    • Add importlib-metadata to requirement-dev.txt with specific version as a dependency for test on Python-3.7

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug 
    opened by bjk7119 1
  • Modify help msg if invalid input

    Modify help msg if invalid input

    Description

    • Modify help msg if invalid input

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by bjk7119 1
  • Change the required version of Python to 3.7

    Change the required version of Python to 3.7

    Description

    Change the minimum required version of Python to 3.7.

    Reason :

    • From ScanCode v31.0.1, Python 3.7+ is required. For this reason, the FOSSLight source scanner requires python 3.7.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • Change FL Reuse to FL Prechecker

    Change FL Reuse to FL Prechecker

    Description

    • Change FL Reuse to FL Prechecker

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by bjk7119 1
  • Print message when comparison rows are over 100.

    Print message when comparison rows are over 100.

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    • Print message when comparison rows are over 100.
    • Add progress bar

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by dd-jy 1
  • Fix errors when parsing with path

    Fix errors when parsing with path

    Description

    Fix the bug caused by not initializing the variable that outputs the default OSS Name.

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by soimkim 1
  • Add a FOSSLight Binary

    Add a FOSSLight Binary

    Description

    • Add the FOSSLight Binary to run during analysis.
    • Add the v option to print the version.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by soimkim 1
  • Add the -f option and change way to create output

    Add the -f option and change way to create output

    Description

    • Add the -f option to input the output file format.
    • Change it to use FL Util's functions when generating output.
    • Input Mode
      • AS-IS: If user just type enter, it asks user to re-enter (try 2 times). Source and dependency path to be analyzed are inputted respectively.
      • TO-BE: If user just type enter in the input mode, it is assumed that nothing has been inputted. Source and dependency path to be analyzed is input at once.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • An error occurs when FOSSLight Util is 1.2.0

    An error occurs when FOSSLight Util is 1.2.0

    Describe the bug An error occurs when FL Util is 1.2.0.

    Expected behavior Specify the minimum version of FOSSLight Util required by FOSSLight Scanner.

    bug 
    opened by soimkim 1
Releases(v1.7.8)

  • v1.7.8(Jan 2, 2023)

  • v1.7.7(Nov 18, 2022)

  • v1.7.6(Nov 4, 2022)

    Changes

    ๐Ÿ› Hotfixes

    • Fix bug about dep. arg input when not dep. running @bjk7119 (#50)

    ๐Ÿ”ง Maintenance

    • Analyze current path if not input path @bjk7119 (#51)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.5(Oct 6, 2022)

  • v1.7.4(Sep 15, 2022)

  • v1.7.3(Sep 1, 2022)

    Changes

    ๐Ÿš€ Features

    • Support 'xlsx' report for Compare mode @dd-jy (#46)

    ๐Ÿ”ง Maintenance

    • Change the required version of Python to 3.7 @soimkim (#45)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.2(Aug 16, 2022)

  • v1.7.1(Jul 22, 2022)

  • v1.7.0(Jul 22, 2022)

    Changes

    ๐Ÿš€ Features

    • Add compare mode @dd-jy (#38)

    ๐Ÿ”ง Maintenance

    • Replace 'y' option to 'p' option. @dd-jy (#41)
    • Fix scanner support format and not to create csv. @dd-jy (#40)
    • Print message when comparison rows are over 100. @dd-jy (#39)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.15(Jul 6, 2022)

  • v1.6.14(May 19, 2022)

    Changes

    ๐Ÿš€ Features

    • Run fosslight_source without installing it @soimkim (#34)
    • Add a Dockerfile @soimkim (#35)

    ๐Ÿ› Hotfixes

    • Fix a bug where part of the output file is not created without the -o option @soimkim (#36)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.13(Apr 11, 2022)

    Changes

    ๐Ÿ› Hotfixes

    • Fix an errors when parsing with path @soimkim (#33)
    • Fix an error that occur when downloading link @soimkim (#30)

    ๐Ÿ”ง Maintenance

    • Add a commit message checker @soimkim (#31)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.12(Mar 28, 2022)

  • v1.6.11(Mar 27, 2022)

  • v1.6.10(Mar 11, 2022)

  • v1.6.9(Feb 28, 2022)

    Changes

    ๐Ÿ”ง Maintenance

    • Change the result generation method to merging @soimkim (#25)
    • Add an inputable value to mode @soimkim (#24)
    • Update the README with additional Scanners @soimkim (#23)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.8(Feb 10, 2022)

    Changes

    ๐Ÿš€ Features

    • Change the options when analyzing the source @soimkim (#19)
    • Support analysis mode @soimkim (#17)
    • Add a FOSSLight Reuse @soimkim (#16)
    • Add a FOSSLight Binary @soimkim (#14)

    ๐Ÿ› Hotfixes

    • Fix the bug that the raw folder is not deleted when analyzing with a link @soimkim (#21)

    ๐Ÿ”ง Maintenance

    • Modify to print output file name @bjk7119 (#22)
    • Create a result file of FOSSLight Source @soimkim (#20)
    • Move the binary analysis result file to output @soimkim (#18)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.7(Nov 25, 2021)

  • v1.6.6(Nov 4, 2021)

  • v1.6.5(Oct 21, 2021)

    Changes

    ๐Ÿ”ง Maintenance

    • Add the -f option and change way to create output @soimkim (#10)
    • Change the parameters related to the scanner path @soimkim (#9)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.4(Oct 7, 2021)

  • v1.6.3(Oct 6, 2021)

  • v1.6.2(Oct 5, 2021)

  • v1.6.1(Oct 1, 2021)

    Changes

    ๐Ÿ› Hotfixes

    • Add the FOSSLight Util minimum version @soimkim (#4)

    ๐Ÿ”ง Maintenance

    • Change the output path of log, source @soimkim (#5)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.0(Sep 24, 2021)

Owner
FOSSLight
FOSSLight
GitHub Repository
Fetch Chrome, Firefox, WiFi password and system info

DISCLAIMER : OUR TOOLS ARE FOR EDUCATIONAL PURPOSES ONLY. DON'T USE THEM FOR ILLEGAL ACTIVITIES. YOU ARE THE ONLY RESPONSABLE FOR YOUR ACTIONS! OUR TO

Genos 59 Nov 17, 2022
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

๐Ÿ“‚ Public Bug Bounty Targets Data By BugBountyResources A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a

Bug Bounty Resources 87 Dec 13, 2022
This is a simple PoC for the newly found Polkit error names PwnKit

A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz

Kim Schulz 16 Sep 06, 2022
Agile Threat Modeling Toolkit

Threagile is an open-source toolkit for agile threat modeling:

Threagile 425 Jan 07, 2023
HashDB API hash lookup plugin for IDA Pro

HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms

OALabs 237 Dec 21, 2022
Python Toolkit containing different Cyber Attacks Tools

Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT

Saqlain Naqvi 22 Dec 04, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Matt Creel 27 Dec 20, 2022
D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.

Introduction fork from https://gitlab.com/eshard/d810 What is D-810 D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation

Banny 30 Dec 06, 2022
Password-Manager GUI

PASSWORD-MANAGER This repo contains all the project files. Project Description A Tkinter GUI that allows you to store website info like website name,

David .K. Danso 1 Dec 08, 2021
A dynamic multi-STL, multi-process OpenSCAD build system with autoplating support

scad-build This is a multi-STL OpenSCAD build system based around GNU make. It supports dynamic build targets, intelligent previews with user-defined

Jordan Mulcahey 1 Dec 21, 2021
An open-source post-exploitation framework for students, researchers and developers.

Questions? Join the Discord support server Disclaimer: This project should be used for authorized testing or educational purposes only. BYOB is an ope

dvm 8.1k Dec 31, 2022
Looks at Python code to search for things which look "dodgy" such as passwords or diffs

dodgy Dodgy is a very basic tool to run against your codebase to search for "dodgy" looking values. It is a series of simple regular expressions desig

Landscape 112 Nov 25, 2022
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user

Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user Known issues it will not work outside kali , i will update it

Hossam 867 Dec 22, 2022
A Modified version of TCC's Osprey poc framework......

fierce-fish fierce-fishๆ˜ฏ็”ฑTCC(ๆ–—่ฑก่ƒฝๅŠ›ไธญๅฟƒ)ๅ‡บๅ“ๅนถ็ปดๆŠค็š„ๅผ€ๆบๆผๆดžๆฃ€ๆต‹ๆก†ๆžถosprey็š„ๆ”นๅ†™๏ผŒๅŽปๆŽ‰่‡ƒ่‚ฟๅŠŸ่ƒฝ็š„็ฒพ็ฎ€็‰ˆๆœฌpocๆก†ๆžถ PS๏ผš็œŸ็š„็”จไธๆƒฏๅ…ถๅฎƒ่‡ƒ่‚ฟ็š„ๅŠŸ่ƒฝ๏ผŒไธ่ฟ‡ไฝœไธบไธ€ไธชๆ”ถ้›†ๆผๆดžpoc && exp็š„ๆก†ๆžถ่ฟ˜ๆ˜ฏ้žๅธธไธ้”™็š„๏ผ๏ผ๏ผ osprey For beginners fr

lUc1f3r11 10 Dec 30, 2022
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

53 Nov 01, 2022
This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version contains a wordlist of all the files directories for this version.

webapp-wordlists This repository contains wordlists for each versions of common web applications and content management systems (CMS). Each version co

Podalirius 396 Jan 08, 2023
ๅฏนnaabu็š„็ซฏๅฃๆ‰ซๆ็ป“ๆžœ๏ผŒ่ฐƒ็”จnmap่ฟ›่กŒๆŒ‡็บน่ฏ†ๅˆซ

naabu2nmap ๅฏนnaabu็š„็ซฏๅฃๆ‰ซๆ็ป“ๆžœ๏ผŒ่ฐƒ็”จnmap่ฟ›่กŒๆŒ‡็บน่ฏ†ๅˆซ

Se7en 12 Nov 22, 2022
Dark-Fb No Login 100% safe

Dark-Fb No Login 100% safe TERMUX โ€ข pkg install python2 && git -y โ€ข pip2 install requests mechanize tqdm โ€ข git clone https://github.com/BOT-033/Sensei

Bukan Hamkel 1 Dec 04, 2021
PwdGen is a Python Tkinter tool for generating secure 16 digit passwords.

PwdGen ( Password Generator ) is a Python Tkinter tool for generating secure 16 digit passwords. Installation Simply install requirements pip install

zJairO 7 Jul 14, 2022