FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

Related tags

Security related resourcesfosslight_scanner
Overview

FOSSLight Scanner

Analyze at once for Open Source Compliance.

FOSSLight Scanner is released under the Apache-2.0. Current python package version. REUSE status

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git. Instead, open source analysis can be performed for the local source path. The output result is generated in FOSSLight Report format.

Contents

📋 Prerequisite

FOSSLight Scanner needs a Python 3.6+.

🎉 How to install

It can be installed using pip3. It is recommended to install it in the python 3.6 + virtualenv environment.

$ pip3 install fosslight_scanner

🚀 How to run

FOSSLight Scanner is run with the fosslight command.

Parameters

    -h                        Print help message
    -r                        Keep raw data 
    -p 
   
                     Path to analyze source
    -w 
                     Link to be analyzaed can be downloaded by wget or git clone
    -o 
                   Output Directory or file
    -f 
     
                     Output file format (excel, csv, opossum)
    -c 
      
                       Number of processes to analyze source
    -d 
       
         Additional arguments for running dependency analysis

Ex 1. Local Source Analysis

$ fosslight -p /home/source_path -a "-a 'source /test/Projects/venv/bin/activate' -d 'deactivate'"

Ex 2. Download Link and analyze

$ fosslight -o test_result_wget -w "https://github.com/LGE-OSS/example.git"

📁 Result

$ tree
.
├── fosslight_log
│   ├── fosslight_log_20210924_022422.txt
└── FOSSLight-Report_20210924_022422.xlsx
  • FOSSLight_Report-[datetime].xlsx : OSS Report format file that outputs source code analysis, binary analysis, and dependency analysis results.
  • fosslight_raw_data_[datetime] directory: Directory in which raw data files are created as a result of analysis

👏 How to report issue

Please report any ideas or bugs to improve by creating an issue in fosslight_scanner repository.
Then there will be quick bug fixes and upgrades. Ideas to improve are always welcome.

📄 License

FOSSLight Scanner is released under Apache-2.0.

Comments
  • does not work fosslight_scanner in Windows 10

    does not work fosslight_scanner in Windows 10

    Describe the bug does not work fosslight_scanner in Windows 10 Home 21H2

    To Reproduce fosslight_scanner What are you going to analyze? (1/2) 1. Links that can be cloned by git or wget 2. Local source path 1 Enter the link to analyze:https://github.com/LGE-OSS/example

    Expected behavior

    Enter the link to analyze:https://github.com/LGE-OSS/example Link to download: https://github.com/LGE-OSS/example

    • FOSSLight Downloader - Result :False module 'signal' has no attribute 'SIGALRM' Download failed: module 'signal' has no attribute 'SIGALRM'

    System environment (please complete the following information):

    • OS: Windows 10 Home 21H2
    • Python : python 3.9.12 (with Anaconda 3)
    bug 
    opened by kjhcav 3
  • Support yaml format of FOSSLight Report

    Support yaml format of FOSSLight Report

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    Support yaml format of FOSSLight Report

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by dd-jy 2
  • Fix bug about dep. arg input when not dep. running

    Fix bug about dep. arg input when not dep. running

    Description

    • Fix bug about dep. arg input when not dep. running
    • Add importlib-metadata to requirement-dev.txt with specific version as a dependency for test on Python-3.7

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug 
    opened by bjk7119 1
  • Modify help msg if invalid input

    Modify help msg if invalid input

    Description

    • Modify help msg if invalid input

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by bjk7119 1
  • Change the required version of Python to 3.7

    Change the required version of Python to 3.7

    Description

    Change the minimum required version of Python to 3.7.

    Reason :

    • From ScanCode v31.0.1, Python 3.7+ is required. For this reason, the FOSSLight source scanner requires python 3.7.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • Change FL Reuse to FL Prechecker

    Change FL Reuse to FL Prechecker

    Description

    • Change FL Reuse to FL Prechecker

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by bjk7119 1
  • Print message when comparison rows are over 100.

    Print message when comparison rows are over 100.

    Signed-off-by: Jiyeong Seok [email protected]

    Description

    • Print message when comparison rows are over 100.
    • Add progress bar

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [x] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by dd-jy 1
  • Fix errors when parsing with path

    Fix errors when parsing with path

    Description

    Fix the bug caused by not initializing the variable that outputs the default OSS Name.

    Type of change

    Please insert 'x' one of the type of change.

    • [x] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [ ] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    bug fix 
    opened by soimkim 1
  • Add a FOSSLight Binary

    Add a FOSSLight Binary

    Description

    • Add the FOSSLight Binary to run during analysis.
    • Add the v option to print the version.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    enhancement 
    opened by soimkim 1
  • Add the -f option and change way to create output

    Add the -f option and change way to create output

    Description

    • Add the -f option to input the output file format.
    • Change it to use FL Util's functions when generating output.
    • Input Mode
      • AS-IS: If user just type enter, it asks user to re-enter (try 2 times). Source and dependency path to be analyzed are inputted respectively.
      • TO-BE: If user just type enter in the input mode, it is assumed that nothing has been inputted. Source and dependency path to be analyzed is input at once.

    Type of change

    Please insert 'x' one of the type of change.

    • [ ] Bug fix (non-breaking change which fixes an issue)
    • [ ] New feature (non-breaking change which adds functionality)
    • [ ] Documentation update
    • [x] Refactoring, Maintenance
    • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
    chore 
    opened by soimkim 1
  • An error occurs when FOSSLight Util is 1.2.0

    An error occurs when FOSSLight Util is 1.2.0

    Describe the bug An error occurs when FL Util is 1.2.0.

    Expected behavior Specify the minimum version of FOSSLight Util required by FOSSLight Scanner.

    bug 
    opened by soimkim 1
Releases(v1.7.8)

  • v1.7.8(Jan 2, 2023)

  • v1.7.7(Nov 18, 2022)

  • v1.7.6(Nov 4, 2022)

    Changes

    🐛 Hotfixes

    • Fix bug about dep. arg input when not dep. running @bjk7119 (#50)

    🔧 Maintenance

    • Analyze current path if not input path @bjk7119 (#51)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.5(Oct 6, 2022)

  • v1.7.4(Sep 15, 2022)

  • v1.7.3(Sep 1, 2022)

    Changes

    🚀 Features

    • Support 'xlsx' report for Compare mode @dd-jy (#46)

    🔧 Maintenance

    • Change the required version of Python to 3.7 @soimkim (#45)
    Source code(tar.gz)
    Source code(zip)

  • v1.7.2(Aug 16, 2022)

  • v1.7.1(Jul 22, 2022)

  • v1.7.0(Jul 22, 2022)

    Changes

    🚀 Features

    • Add compare mode @dd-jy (#38)

    🔧 Maintenance

    • Replace 'y' option to 'p' option. @dd-jy (#41)
    • Fix scanner support format and not to create csv. @dd-jy (#40)
    • Print message when comparison rows are over 100. @dd-jy (#39)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.15(Jul 6, 2022)

  • v1.6.14(May 19, 2022)

    Changes

    🚀 Features

    • Run fosslight_source without installing it @soimkim (#34)
    • Add a Dockerfile @soimkim (#35)

    🐛 Hotfixes

    • Fix a bug where part of the output file is not created without the -o option @soimkim (#36)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.13(Apr 11, 2022)

    Changes

    🐛 Hotfixes

    • Fix an errors when parsing with path @soimkim (#33)
    • Fix an error that occur when downloading link @soimkim (#30)

    🔧 Maintenance

    • Add a commit message checker @soimkim (#31)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.12(Mar 28, 2022)

  • v1.6.11(Mar 27, 2022)

  • v1.6.10(Mar 11, 2022)

  • v1.6.9(Feb 28, 2022)

    Changes

    🔧 Maintenance

    • Change the result generation method to merging @soimkim (#25)
    • Add an inputable value to mode @soimkim (#24)
    • Update the README with additional Scanners @soimkim (#23)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.8(Feb 10, 2022)

    Changes

    🚀 Features

    • Change the options when analyzing the source @soimkim (#19)
    • Support analysis mode @soimkim (#17)
    • Add a FOSSLight Reuse @soimkim (#16)
    • Add a FOSSLight Binary @soimkim (#14)

    🐛 Hotfixes

    • Fix the bug that the raw folder is not deleted when analyzing with a link @soimkim (#21)

    🔧 Maintenance

    • Modify to print output file name @bjk7119 (#22)
    • Create a result file of FOSSLight Source @soimkim (#20)
    • Move the binary analysis result file to output @soimkim (#18)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.7(Nov 25, 2021)

  • v1.6.6(Nov 4, 2021)

  • v1.6.5(Oct 21, 2021)

    Changes

    🔧 Maintenance

    • Add the -f option and change way to create output @soimkim (#10)
    • Change the parameters related to the scanner path @soimkim (#9)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.4(Oct 7, 2021)

  • v1.6.3(Oct 6, 2021)

  • v1.6.2(Oct 5, 2021)

  • v1.6.1(Oct 1, 2021)

    Changes

    🐛 Hotfixes

    • Add the FOSSLight Util minimum version @soimkim (#4)

    🔧 Maintenance

    • Change the output path of log, source @soimkim (#5)
    Source code(tar.gz)
    Source code(zip)

  • v1.6.0(Sep 24, 2021)

Owner
FOSSLight
FOSSLight
GitHub Repository
Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

Apache OFBiz rmi反序列化EXP(CVE-2021-26295) 目前仅支持nc弹shell 将ysoserial.jar放置在同目录下,py3运行,根据提示输入漏洞url,你的vps地址和端口 第二次使用建议删除exp.ot 本工具仅用于安全测试,禁止未授权非法攻击站点,否则后果自负

15 Nov 09, 2022
A Radare2 based Python module for Binary Analysis and Reverse Engineering.

Zepu1chr3 A Radare2 based Python module for Binary Analysis and Reverse Engineering. Installation You can simply run this command. pip3 install zepu1c

Mehmet Ali KERİMOĞLU 5 Aug 25, 2022
Exploiting CVE-2021-44228 in vCenter for remote code execution and more

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more. Blog post detailing exploitation linked below: COMING SOON Why? P

81 Dec 20, 2022
Tor Relay availability checker, for using it as a bridge in countries with censorship

Tor Relay Availability Checker This small script downloads all Tor Relay IP addresses from onionoo.torproject.org and checks whether random Relays are

ValdikSS 161 Dec 30, 2022
script that pulls cve collections from NVD.NIST.GOV.

# cvepull.py #script that pulls cve collections from NVD.NIST.GOV. #edit line 17 (timedelta) number to change the amount of days to search backwards

Aaron W 1 Dec 18, 2021
Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

DedSecTL 10 Oct 31, 2022
MainCoon - an automated recon framework

MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

Md. Nur habib 8 Aug 26, 2022
A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022
Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

Dr. Johannes Pohl 9k Jan 03, 2023
Chromepass - Hacking Chrome Saved Passwords

Chromepass - Hacking Chrome Saved Passwords and Cookies View Demo · Report Bug · Request Feature Table of Contents About the Project AV Detection Gett

darkArp 622 Jan 04, 2023
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets.

Yuyu Scanner Yuyu Scanner is a Web Reconnaissance & Web Analysis Scanner to find assets and information about targets. installation ! run as root

Justakazh 20 Nov 24, 2022
A simple linux keylogger project.

The project This project is a simple linux keylogger. When activated, it registers all the actions made with the keyboard. The log files are registere

1 Oct 24, 2021
Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Fuzz introspector Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potenti

Open Source Security Foundation (OpenSSF) 221 Jan 01, 2023
GitLab CE/EE Preauth RCE using ExifTool

CVE-2021-22205 GitLab CE/EE Preauth RCE using ExifTool This project is for learning only, if someone's rights have been violated, please contact me to

3ND 164 Dec 10, 2022
A forensic collection tool written in Python.

CHIRP A forensic collection tool written in Python. Watch the video overview 📝 Table of Contents 📝 Table of Contents 🧐 About 🏁 Getting Started Pre

Cybersecurity and Infrastructure Security Agency 1k Dec 09, 2022
Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Python-based proof-of-concept tool for generating payloads that utilize unsafe Java object deserialization.

Astro 9 Sep 27, 2022
spring-cloud-gateway-rce CVE-2022-22947

Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947) 1.installation pip3 install -r requirements.txt 2.Usage $ python3 spring-cloud-gateway

k3rwin 10 Sep 28, 2022
S2-062 (CVE-2021-31805) / S2-061 / S2-059 RCE

CVE-2021-31805 Remote code execution S2-062 (CVE-2021-31805) Due to Apache Struts2's incomplete fix for S2-061 (CVE-2020-17530), some tag attributes c

warin9 31 Nov 22, 2022
Yara Based Detection Engine for web browsers

Yobi Yara Based Detection for web browsers System Requirements Yobi requires python3 and and right now supports only firefox and other Gecko-based bro

imp0rtp3 44 Nov 20, 2022