FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

Related tags

Security related resourcesfosslight_scanner
Overview

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner is released under the Apache-2.0. Current python package version. REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.

Contents

πŸ“‹ Prerequisite

FOSSLight Scanner needs a Python 3.6+.

πŸŽ‰ How to install

It can be installed using pip3. It is recommended to install it in the python 3.6 + virtualenv environment.

$ pip3 install fosslight_scanner

πŸš€ How to run

FOSSLight Scanner is run with the fosslight command.

Parameters

    -h                        Print help message
    -r                        Keep raw data 
    -p 
   
                     Path to analyze source
    -w 
                     Link to be analyzaed can be downloaded by wget or git clone
    -o 
                   Output Directory or file
    -f 
     
                     Output file format (excel, csv, opossum)
    -c 
      
                       Number of processes to analyze source
    -d 
       
         Additional arguments for running dependency analysis

Ex 1. Local Source Analysis

$ fosslight -p /home/source_path -a "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

Ex 2. Download Link and analyze

$ fosslight -o test_result_wget -w "https://github.com/LGE-OSS/example.git"

πŸ“ Result

$ tree
.
β”œβ”€β”€ fosslight_log
β”‚   β”œβ”€β”€ fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

πŸ‘ How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

πŸ“„ License

FOSSLight Scanner is released under Apache-2.0.

Comments
  • does not work fosslight_scanner in Windows 10

    does not work fosslight_scanner in Windows 10

    Describe the bug does not work fosslight_scanner in Windows 10 Home 21H2

    To Reproduce fosslight_scanner What are you going to analyze? (1/2) 1. Links that can be cloned by git or wget 2. Local source path 1 Enter the link to analyze:https://github.com/LGE-OSS/example

    Expected behavior

    Enter the link to analyze:https://github.com/LGE-OSS/example Link to download: https://github.com/LGE-OSS/example

    • FOSSLight Downloader - Result :False module 'signal' has no attribute 'SIGALRM' Download failed: module 'signal' has no attribute 'SIGALRM'

    System environment (please complete the following information):

    • OS: Windows 10 Home 21H2
    • Python : python 3.9.12 (with Anaconda 3)
    bug 
    opened by kjhcav 3
  • Support yaml format of FOSSLight Report

    Support yaml format of FOSSLight Report

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    Support yaml format of FOSSLight Report

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by dd-jy 2
  • Fix bug about dep. arg input when not dep. running

    Fix bug about dep. arg input when not dep. running

    Description

    • Fix bug about dep. arg input when not dep. running
    • Add importlib-metadata to requirement-dev.txt with specific version as a dependency for test on Python-3.7

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug 
    opened by bjk7119 1
  • Modify help msg if invalid input

    Modify help msg if invalid input

    Description

    • Modify help msg if invalid input

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by bjk7119 1
  • Change the required version of Python to 3.7

    Change the required version of Python to 3.7

    Description

    Change the minimum required version of Python to 3.7.

    Reason :

    • From ScanCode v31.0.1, Python 3.7+ is required. For this reason, the FOSSLight source scanner requires python 3.7.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • Change FL Reuse to FL Prechecker

    Change FL Reuse to FL Prechecker

    Description

    • Change FL Reuse to FL Prechecker

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by bjk7119 1
  • Print message when comparison rows are over 100.

    Print message when comparison rows are over 100.

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    • Print message when comparison rows are over 100.
    • Add progress bar

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by dd-jy 1
  • Fix errors when parsing with path

    Fix errors when parsing with path

    Description

    Fix the bug caused by not initializing the variable that outputs the default OSS Name.

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by soimkim 1
  • Add a FOSSLight Binary

    Add a FOSSLight Binary

    Description

    • Add the FOSSLight Binary to run during analysis.
    • Add the v option to print the version.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by soimkim 1
  • Add the -f option and change way to create output

    Add the -f option and change way to create output

    Description

    • Add the -f option to input the output file format.
    • Change it to use FL Util's functions when generating output.
    • Input Mode
      • AS-IS: If user just type enter, it asks user to re-enter (try 2 times). Source and dependency path to be analyzed are inputted respectively.
      • TO-BE: If user just type enter in the input mode, it is assumed that nothing has been inputted. Source and dependency path to be analyzed is input at once.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • An error occurs when FOSSLight Util is 1.2.0

    An error occurs when FOSSLight Util is 1.2.0

    Describe the bug An error occurs when FL Util is 1.2.0.

    Expected behavior Specify the minimum version of FOSSLight Util required by FOSSLight Scanner.

    bug 
    opened by soimkim 1
Releases(v1.7.8)

  • v1.7.8(Jan 2, 2023)

  • v1.7.7(Nov 18, 2022)

  • v1.7.6(Nov 4, 2022)

    Changes

    πŸ› Hotfixes

    • Fix bug about dep. arg input when not dep. running @bjk7119 (#50)

    πŸ”§ Maintenance

    • Analyze current path if not input path @bjk7119 (#51)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.5(Oct 6, 2022)

  • v1.7.4(Sep 15, 2022)

  • v1.7.3(Sep 1, 2022)

    Changes

    πŸš€ Features

    • Support 'xlsx' report for Compare mode @dd-jy (#46)

    πŸ”§ Maintenance

    • Change the required version of Python to 3.7 @soimkim (#45)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.2(Aug 16, 2022)

  • v1.7.1(Jul 22, 2022)

  • v1.7.0(Jul 22, 2022)

    Changes

    πŸš€ Features

    • Add compare mode @dd-jy (#38)

    πŸ”§ Maintenance

    • Replace 'y' option to 'p' option. @dd-jy (#41)
    • Fix scanner support format and not to create csv. @dd-jy (#40)
    • Print message when comparison rows are over 100. @dd-jy (#39)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.15(Jul 6, 2022)

  • v1.6.14(May 19, 2022)

    Changes

    πŸš€ Features

    • Run fosslight_source without installing it @soimkim (#34)
    • Add a Dockerfile @soimkim (#35)

    πŸ› Hotfixes

    • Fix a bug where part of the output file is not created without the -o option @soimkim (#36)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.13(Apr 11, 2022)

    Changes

    πŸ› Hotfixes

    • Fix an errors when parsing with path @soimkim (#33)
    • Fix an error that occur when downloading link @soimkim (#30)

    πŸ”§ Maintenance

    • Add a commit message checker @soimkim (#31)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.12(Mar 28, 2022)

  • v1.6.11(Mar 27, 2022)

  • v1.6.10(Mar 11, 2022)

  • v1.6.9(Feb 28, 2022)

    Changes

    πŸ”§ Maintenance

    • Change the result generation method to merging @soimkim (#25)
    • Add an inputable value to mode @soimkim (#24)
    • Update the README with additional Scanners @soimkim (#23)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.8(Feb 10, 2022)

    Changes

    πŸš€ Features

    • Change the options when analyzing the source @soimkim (#19)
    • Support analysis mode @soimkim (#17)
    • Add a FOSSLight Reuse @soimkim (#16)
    • Add a FOSSLight Binary @soimkim (#14)

    πŸ› Hotfixes

    • Fix the bug that the raw folder is not deleted when analyzing with a link @soimkim (#21)

    πŸ”§ Maintenance

    • Modify to print output file name @bjk7119 (#22)
    • Create a result file of FOSSLight Source @soimkim (#20)
    • Move the binary analysis result file to output @soimkim (#18)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.7(Nov 25, 2021)

  • v1.6.6(Nov 4, 2021)

  • v1.6.5(Oct 21, 2021)

    Changes

    πŸ”§ Maintenance

    • Add the -f option and change way to create output @soimkim (#10)
    • Change the parameters related to the scanner path @soimkim (#9)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.4(Oct 7, 2021)

  • v1.6.3(Oct 6, 2021)

  • v1.6.2(Oct 5, 2021)

  • v1.6.1(Oct 1, 2021)

    Changes

    πŸ› Hotfixes

    • Add the FOSSLight Util minimum version @soimkim (#4)

    πŸ”§ Maintenance

    • Change the output path of log, source @soimkim (#5)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.0(Sep 24, 2021)

Owner
FOSSLight
FOSSLight
GitHub Repository
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
For educational purposes only. (Uzbek Edition)

DISCLAIMER πŸ’£ Ushbu skriptdagi materiallar bilan bog'liq har qanday xatti-harakatlar faqat sizning javobgarligingizdir. Ushbu skriptdagi ma'lumotlarda

Husniddin Murodov 1 Feb 12, 2022
Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

96 Dec 14, 2022
IDAPatternSearch adds a capability of finding functions according to bit-patterns into the well-known IDA Pro disassembler based on Ghidra’s function patterns format.

IDA Pattern Search by Argus Cyber Security Ltd. The IDA Pattern Search plugin adds a capability of finding functions according to bit-patterns into th

David Lazar 48 Dec 29, 2022
A proxy for asyncio.AbstractEventLoop for testing purposes

aioloop-proxy A proxy for asyncio.AbstractEventLoop for testing purposes. When tests writing for asyncio based code, there are controversial requireme

aio-libs 12 Dec 12, 2022
Generate malicious files using recently published bidi-attack (CVE-2021-42574)

CVE-2021-42574 - Code generator Generate malicious files using recently published bidi-attack vulnerability, which was discovered in Unicode Specifica

js-on 7 Nov 09, 2022
Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

Seohong Park 6 Aug 02, 2022
Northwave Log4j CVE-2021-44228 checker

Northwave Log4j CVE-2021-44228 checker Friday 10 December 2021 a new Proof-of-Concept 1 addressing a Remote code Execution (RCE) vulnerability in the

Northwave 125 Dec 09, 2022
edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

stryngs 43 Dec 23, 2022
An forensics tool to help aid in the investigation of spoofed emails based off the email headers.

A forensic tool to make analysis of email headers easy to aid in the quick discovery of the attacker. Table of Contents About mailMeta Installation Us

Syed Modassir Ali 59 Nov 26, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
This repo is about steps to create a effective custom wordlist in a few clicks/

Custom Wordlist This repo is about steps to take in order to create a effective custom wordlist in a few clicks. this comes handing in pentesting enga

2 Oct 08, 2022
Salesforce Recon and Exploitation Toolkit

Salesforce Recon and Exploitation Toolkit Salesforce Recon and Exploitation Toolkit Usage python3 main.py URL References Announcement Blog - https:/

81 Dec 23, 2022
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

7 Dec 07, 2022
Windows Virus who destroy some impotants files on C:\windows\system32\

psychic-robot Windows Virus who destroy some importants files on C:\windows\system32\ Signatures of psychic-robot.PY (python file) : Bkav Pro : ASP.We

H-Tech-Dev36 1 Jan 06, 2022
A python script written for lazy people to hack their school systen ;D

F-ck-the-system A python script written for lazy people to hack their school systen ;D Python voice notes writer This is a python script to record you

Sachit 2 Jan 09, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
Reusable Lightweight Pythonic Dependency Injection Library

Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

Fernando MartΓ­nez GonzΓ‘lez 16 Sep 15, 2021
Password list generator for password spraying - prebaked with goodies

Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, "Password", and even Iterable Keyspaces of a specified size.

Casey Erdmann 65 Dec 22, 2022
IDA Python Script for anti ollvm

IDA Python Script for anti ollvm

Shocker 62 Dec 23, 2022