|
|
|
|
|
# ORT: Eclipse Requirements
|
|
|
|
|
|
## Requirements
|
|
|
|
|
|
We identify the following requirements:
|
|
|
* List licenses and IP in project code and third-party dependencies.
|
|
|
|
|
|
* List licenses and IP in project code and third-party dependencies.
|
|
|
* Check license compatibility (according to Eclipse's rules) and display those that cannot be automatically validated.
|
|
|
* Reuse wisdom from IPZilla.
|
|
|
* Generate Bill of Materials
|
|
|
* Ease the work of the legal department and automate as much as possible the IP checking process, leaving only warnings/errors when unsure. When correct, provide a link to the justification.
|
|
|
|
|
|
But also (non-functional requirements):
|
|
|
|
|
|
* Do not interfere with existing code or build processes: simply clone code and run the analysis.
|
|
|
* Be technology-agnostic, regarding both the code and the build system.
|
|
|
* Rely on standards (like SPDX) and trusted external data sources (like clearlydefined.io, and the Eclipse Foundation’s own collection of intellectual property data) as much as possible.
|
|
|
* Incremental scans: we're going to analyze massive amounts of code, so it's important to optimize execution.
|
|
|
* Can be easily executed on any repository (i.e. have a simple script to start the whole process).
|
|
|
|
|
|
## ORT features
|
|
|
|
|
|
## ORT features
|
|
|
|
|
|
* ORT can use (among others) ScanCode from NexB for the scanning. Other scanners are supported. Fossology is *not* supported AFAICT.
|
|
|
* ORT can use (among others) ScanCode from NexB for the scanning. Other scanners are supported. Fossology is _not_ supported AFAICT.
|
|
|
* ORT provides a licenses categorisation mechanism:
|
|
|
- Doc: license_classifications.yml
|
|
|
- Example: license_classifications.yml
|
|
|
* ORT provides a resolution mechanism to describe why some violations are accepted: resolutions.yml
|
|
|
* ORT provides a mechanism to manage missing / incomplete package metadata: curations.yml
|
|
|
* ORT provides a mechanism for custom policies: rules.kts. This requires writing some Kotlin.
|
|
|
* ORT has several publishers, including Bill of Materials, Notices, and a webapp.
|
|
|
|
|
|
* ORT has several publishers, including Bill of Materials, Notices, and a webapp. |
|
|
\ No newline at end of file |