Setup a SCA tool
Description
A Software Composition Analysis (SCA) tool identifies the components and external code present in the code. It enforces software dependency compliance and mitigates licencing and copyright legal risks.
Assessment
Question: Is there an easy-to-setup software composition analysis process available for projects?
Tools
Recommendations
- Inform people about the risks associated with bad licencing.
- Propose an easy solution for projects to setup licence checking on their code base.
- Communicate on its importance and help projects to add it in their CI systems.
Resources
- The FOSSology Project: An introduction
- Free and Open Source Software License Compliance: Tools for Software Composition Analysis, by Philippe Ombredanne, nexB Inc.
- The FOSSology Project. An up-to-date introduction to FOSSology and FOSS compliance by the Linux Foundation