IDG News Service - Hewlett-Packard Co. has launched the FOSSology Project, a tool for tracking and monitoring the use of free and open-source software within an IT environment.
The project stems from governance work done in-house at HP, according to the Web site set up for the project.
"We needed a tool that would quickly and accurately describe how a given open source project was licensed," a statement on the site reads. Rather than simply collecting a project's advertised license -- as given on its Web site or in its documentation -- this tool needed to analyze all of the source code for a given project and intelligently report all of the licenses being used, "based on the license declarations and telltale phrases that identify software licensing," the statement said.
FOSSology is available under the terms of the GNU General Public License (GPL) Version 2, and currently has support on most GNU/Linux platforms, according to the site.
It is not clear from the site how HP plans to make money through the initiative. A company spokeswoman declined comment and said on Friday that more details will be announced this week.
Companies such as Black Duck Software Inc. are already in the open-source tracking business.
HP's entry brought a warm welcome from Black Duck CEO Doug Levin. "We can now officially welcome HP to our market," Levin wrote on his blog. "FOSSology is a nice tool for developers. It will result in software developers being better informed about their use of GPL. That makes it a very worthy tool."
Right now, the FOSSology project has modules for license analysis, MIME-type identification and extracting metadata, according to the site.
The site said the tool already generates detailed results: "More than simply reporting, 'Package X uses license Y,' the FOSSology tool attempts to analyze every file within the package to determine its license. The license report is thus an aggregate of all of the different licenses found to be in use by a package."
FOSSology's analyses aren't foolproof, however. A statement on the site concedes, "In general, the analysis results are very good guesses, but should not be considered authoritative. (Or to say it simply: we're not lawyers. The code tries its best, but leave the legal decisions up to your own attorneys.)"
Over time, FOSSology is meant to be far more than an open-source license tracker, according to the site. Future capabilities could address bug fixes and patches, security alerts and code reuse, as well as analysis of all types of software.
The effort prompted praise on Friday from Michael Cote, an analyst at RedMonk. "It's free and open source, which is nice," Cote said. "So if the data is reliable and well fed, it could be of help for people who don't want to work with Black Duck ... and others who have commercial ways to scan for open-source licenses."
"The interesting thing will be to see how open the resulting data is and how much reporting people do with it," he added. "There's a sort of cloudy idea of how much open source is used in the enterprise, and having more accurate, free numbers would be great for the community, and more importantly, enterprises that want to get a feel for how widely used open-source software is."
The availability of free open-source usage data "will help people make much better -- and affordable -- decisions about what open source to use and not use," Cote said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
