FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

Related tags

Security related resourcesfosslight_scanner
Overview

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner is released under the Apache-2.0. Current python package version. REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.

Contents

๐Ÿ“‹ Prerequisite

FOSSLight Scanner needs a Python 3.6+.

๐ŸŽ‰ How to install

It can be installed using pip3. It is recommended to install it in the python 3.6 + virtualenv environment.

$ pip3 install fosslight_scanner

๐Ÿš€ How to run

FOSSLight Scanner is run with the fosslight command.

Parameters

    -h                        Print help message
    -r                        Keep raw data 
    -p 
   
                     Path to analyze source
    -w 
                     Link to be analyzaed can be downloaded by wget or git clone
    -o 
                   Output Directory or file
    -f 
     
                     Output file format (excel, csv, opossum)
    -c 
      
                       Number of processes to analyze source
    -d 
       
         Additional arguments for running dependency analysis

Ex 1. Local Source Analysis

$ fosslight -p /home/source_path -a "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

Ex 2. Download Link and analyze

$ fosslight -o test_result_wget -w "https://github.com/LGE-OSS/example.git"

๐Ÿ“ Result

$ tree
.
โ”œโ”€โ”€ fosslight_log
โ”‚   โ”œโ”€โ”€ fosslight_log_20210924_022422.txt
โ””โ”€โ”€ FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

๐Ÿ‘ How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

๐Ÿ“„ License

FOSSLight Scanner is released under Apache-2.0.

Comments
  • does not work fosslight_scanner in Windows 10

    does not work fosslight_scanner in Windows 10

    Describe the bug does not work fosslight_scanner in Windows 10 Home 21H2

    To Reproduce fosslight_scanner What are you going to analyze? (1/2) 1. Links that can be cloned by git or wget 2. Local source path 1 Enter the link to analyze:https://github.com/LGE-OSS/example

    Expected behavior

    Enter the link to analyze:https://github.com/LGE-OSS/example Link to download: https://github.com/LGE-OSS/example

    • FOSSLight Downloader - Result :False module 'signal' has no attribute 'SIGALRM' Download failed: module 'signal' has no attribute 'SIGALRM'

    System environment (please complete the following information):

    • OS: Windows 10 Home 21H2
    • Python : python 3.9.12 (with Anaconda 3)
    bug 
    opened by kjhcav 3
  • Support yaml format of FOSSLight Report

    Support yaml format of FOSSLight Report

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    Support yaml format of FOSSLight Report

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by dd-jy 2
  • Fix bug about dep. arg input when not dep. running

    Fix bug about dep. arg input when not dep. running

    Description

    • Fix bug about dep. arg input when not dep. running
    • Add importlib-metadata to requirement-dev.txt with specific version as a dependency for test on Python-3.7

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug 
    opened by bjk7119 1
  • Modify help msg if invalid input

    Modify help msg if invalid input

    Description

    • Modify help msg if invalid input

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by bjk7119 1
  • Change the required version of Python to 3.7

    Change the required version of Python to 3.7

    Description

    Change the minimum required version of Python to 3.7.

    Reason :

    • From ScanCode v31.0.1, Python 3.7+ is required. For this reason, the FOSSLight source scanner requires python 3.7.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • Change FL Reuse to FL Prechecker

    Change FL Reuse to FL Prechecker

    Description

    • Change FL Reuse to FL Prechecker

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by bjk7119 1
  • Print message when comparison rows are over 100.

    Print message when comparison rows are over 100.

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    • Print message when comparison rows are over 100.
    • Add progress bar

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by dd-jy 1
  • Fix errors when parsing with path

    Fix errors when parsing with path

    Description

    Fix the bug caused by not initializing the variable that outputs the default OSS Name.

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by soimkim 1
  • Add a FOSSLight Binary

    Add a FOSSLight Binary

    Description

    • Add the FOSSLight Binary to run during analysis.
    • Add the v option to print the version.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by soimkim 1
  • Add the -f option and change way to create output

    Add the -f option and change way to create output

    Description

    • Add the -f option to input the output file format.
    • Change it to use FL Util's functions when generating output.
    • Input Mode
      • AS-IS: If user just type enter, it asks user to re-enter (try 2 times). Source and dependency path to be analyzed are inputted respectively.
      • TO-BE: If user just type enter in the input mode, it is assumed that nothing has been inputted. Source and dependency path to be analyzed is input at once.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • An error occurs when FOSSLight Util is 1.2.0

    An error occurs when FOSSLight Util is 1.2.0

    Describe the bug An error occurs when FL Util is 1.2.0.

    Expected behavior Specify the minimum version of FOSSLight Util required by FOSSLight Scanner.

    bug 
    opened by soimkim 1
Releases(v1.7.8)

  • v1.7.8(Jan 2, 2023)

  • v1.7.7(Nov 18, 2022)

  • v1.7.6(Nov 4, 2022)

    Changes

    ๐Ÿ› Hotfixes

    • Fix bug about dep. arg input when not dep. running @bjk7119 (#50)

    ๐Ÿ”ง Maintenance

    • Analyze current path if not input path @bjk7119 (#51)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.5(Oct 6, 2022)

  • v1.7.4(Sep 15, 2022)

  • v1.7.3(Sep 1, 2022)

    Changes

    ๐Ÿš€ Features

    • Support 'xlsx' report for Compare mode @dd-jy (#46)

    ๐Ÿ”ง Maintenance

    • Change the required version of Python to 3.7 @soimkim (#45)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.2(Aug 16, 2022)

  • v1.7.1(Jul 22, 2022)

  • v1.7.0(Jul 22, 2022)

    Changes

    ๐Ÿš€ Features

    • Add compare mode @dd-jy (#38)

    ๐Ÿ”ง Maintenance

    • Replace 'y' option to 'p' option. @dd-jy (#41)
    • Fix scanner support format and not to create csv. @dd-jy (#40)
    • Print message when comparison rows are over 100. @dd-jy (#39)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.15(Jul 6, 2022)

  • v1.6.14(May 19, 2022)

    Changes

    ๐Ÿš€ Features

    • Run fosslight_source without installing it @soimkim (#34)
    • Add a Dockerfile @soimkim (#35)

    ๐Ÿ› Hotfixes

    • Fix a bug where part of the output file is not created without the -o option @soimkim (#36)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.13(Apr 11, 2022)

    Changes

    ๐Ÿ› Hotfixes

    • Fix an errors when parsing with path @soimkim (#33)
    • Fix an error that occur when downloading link @soimkim (#30)

    ๐Ÿ”ง Maintenance

    • Add a commit message checker @soimkim (#31)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.12(Mar 28, 2022)

  • v1.6.11(Mar 27, 2022)

  • v1.6.10(Mar 11, 2022)

  • v1.6.9(Feb 28, 2022)

    Changes

    ๐Ÿ”ง Maintenance

    • Change the result generation method to merging @soimkim (#25)
    • Add an inputable value to mode @soimkim (#24)
    • Update the README with additional Scanners @soimkim (#23)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.8(Feb 10, 2022)

    Changes

    ๐Ÿš€ Features

    • Change the options when analyzing the source @soimkim (#19)
    • Support analysis mode @soimkim (#17)
    • Add a FOSSLight Reuse @soimkim (#16)
    • Add a FOSSLight Binary @soimkim (#14)

    ๐Ÿ› Hotfixes

    • Fix the bug that the raw folder is not deleted when analyzing with a link @soimkim (#21)

    ๐Ÿ”ง Maintenance

    • Modify to print output file name @bjk7119 (#22)
    • Create a result file of FOSSLight Source @soimkim (#20)
    • Move the binary analysis result file to output @soimkim (#18)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.7(Nov 25, 2021)

  • v1.6.6(Nov 4, 2021)

  • v1.6.5(Oct 21, 2021)

    Changes

    ๐Ÿ”ง Maintenance

    • Add the -f option and change way to create output @soimkim (#10)
    • Change the parameters related to the scanner path @soimkim (#9)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.4(Oct 7, 2021)

  • v1.6.3(Oct 6, 2021)

  • v1.6.2(Oct 5, 2021)

  • v1.6.1(Oct 1, 2021)

    Changes

    ๐Ÿ› Hotfixes

    • Add the FOSSLight Util minimum version @soimkim (#4)

    ๐Ÿ”ง Maintenance

    • Change the output path of log, source @soimkim (#5)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.0(Sep 24, 2021)

Owner
FOSSLight
FOSSLight
GitHub Repository
A tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine or expire obfuscated scripts.

PyArmor Homepage (ไธญๆ–‡็‰ˆ็ฝ‘็ซ™) Documentation(ไธญๆ–‡็‰ˆ) PyArmor is a command line tool used to obfuscate python scripts, bind obfuscated scripts to fixed machine

Dashingsoft 1.9k Dec 30, 2022
dos-atack-tor script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor.

script de python que permite usar conexiones cebollas para atacar paginas .onion o paginas convencionales via tor. tiene capacidad de ajustar la cantidad de informacion a enviar, el numero de hilos a

Desmon 2 Jun 01, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

ClusterFuzz ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software. Google uses ClusterFuzz to fuzz all

Google 4.9k Jan 08, 2023
IDA Python Script for anti ollvm

IDA Python Script for anti ollvm

Shocker 62 Dec 23, 2022
A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps

boring-flutter A Python r2pipe script to automatically create a Frida hook to intercept TLS traffic for Flutter based apps. Currently only supporting

Hamza 64 Oct 18, 2022
A token logger for discord + steals Brave/Chrome passwords and usernames

Backdoor Machine - โ— For educational purposes only โ— A program made in python for stealing passwords and usernames from Google Chrome/Brave and tokenl

36 Jul 18, 2021
Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples

Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples Above is an adversarial example: the slightly pert

Anish Athalye 838 Dec 18, 2022
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
Mass scan for .git repository and .env file exposure

Mass .Git repository and .Env file Scan by Scarmandef Scanner to find .env file and .git repository exposure on multiple hosts Because of the response

8 Jun 23, 2022
log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc

่ฏดๆ˜Ž about author: ๆˆ‘่ถ…ๆ€•็š„ blog: https://www.cnblogs.com/iAmSoScArEd/ github: https://github.com/iAmSOScArEd/ date: 2021-12-20 log4j2 dos exploit log4j2 do

3 Aug 13, 2022
SQLi Google Dork Scanner (new version)

XGDorkยฒ - ViraX Google Dork Scanner SQLi Google Dork Scanner by ViraX @ 2021 for Python 2.7 - compatible Android(NoRoot) - Termux A simple 'naive' pyt

8 Dec 20, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
pythonๅ†™็š„ไธ€ๆฌพๅ…ๆ€ๅทฅๅ…ท๏ผˆshellcodeๅŠ ่ฝฝๅ™จ๏ผ‰BypassAV๏ผŒๅ›ฝๅ†…ๆ€่ฝฏๅ…จ่ฟ‡๏ผˆwindows denfend๏ผ‰

pythonๅ†™็š„ไธ€ๆฌพๅ…ๆ€ๅทฅๅ…ท๏ผˆshellcodeๅŠ ่ฝฝๅ™จ๏ผ‰BypassAV๏ผŒๅ›ฝๅ†…ๆ€่ฝฏๅ…จ่ฟ‡๏ผˆwindows denfend๏ผ‰

1frame 266 Jan 02, 2023
Fuzzercorn - Bring libfuzzer to Unicorn

Fuzzercorn libfuzzer bindings for Unicorn. API // The main entry point of the fu

lazymio 23 Nov 17, 2022
Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

Aryan 25 Nov 10, 2022
Log4j rce test environment and poc

log4jpwn log4j rce test environment See: https://www.lunasec.io/docs/blog/log4j-zero-day/ Experiments to trigger in various software products mentione

Leon Jacobs 307 Dec 24, 2022
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

Horizon 3 AI Inc 25 Nov 09, 2022
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

ะะธะบะพะปะฐะน ะ‘ะพั€ั‰ั‘ะฒ 2 Oct 05, 2022
A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -

Alice 48 Aug 28, 2022