Journal of Systemics, Cybernetics and Informatics (Oct 2018)
Automating Open Source Software License Information Generation in Software Projects
Abstract
This publication deals with Open Source Software (OSS) compliance. In a previous publication [1], we presented an organizational-technical concept for ensuring basic OSS compliance. Based on this concept, we now address further aspects that are essential to OSS compliance. Our focus is on methods for avoiding license infringements by automated generation of OSS notice lists. We describe means to manage OSS license (OSSL) information of directly and indirectly used OSS. We use methods for establishing a common domain language based on a Domain-Driven Design (DDD) approach that leads to a better communication between experts from different fields, e.g., technical and domain experts, when discussing OSS compliance and developing our solutions. Furthermore, we present already existing Maven tools as well as self-developed Java tools, which make it possible to store the information that has been gained during the OSS compliance process in a structured way. With the aid of said tools, this information can then be used to create the lists of used OSS suitable for internal audits, external software deployments and software deliveries automatically to reduce manual effort and risk of errors.
