Parent: [r3] (diff)

Child: [r23] (diff)

Download this file

help.html    239 lines (115 with data), 6.7 kB

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head></head>
<body>
TripleCheck is a set of software tools dedicated to open source software licensing, compliance and <a href="http://en.wikipedia.org/wiki/Provenance#Computers_and_law">provenance</a>.
<br>
<br>
In other words, this tool that helps people to discover the licenses
applicable to files and libraries on their projects. The information
about files is archived using an open data format called SPDX.<br>
<h3>What is&nbsp;SPDX?</h3>
SPDX means "Standard Package Data Exchange", a plain text file (in
alternative, XML can be used) with information about the license terms
applicable for a given software product. This format is an initiative
of the Linux Foundation and other companies/people around the world.
The goal is to standardize the way how people share information about
software licenses. You find more info about SPDX on <a href="http://en.wikipedia.org/wiki/Software_Package_Data_Exchange">wikipedia</a> or visiting the website at <a href="http://spdx.org/">http://spdx.org<br>
</a><br>
<h3>What can I do with this tool?</h3>
<ol>
<li>Create new SPDX files from a folder containing your source code</li>
<li>Add dependencies (COTS, libraries) with different licenses as part of you code</li>
<li>Find information using the search bar to find similar files or exact matches</li>
</ol>
Whenever you have an idea for improvement,&nbsp;you're more than
welcome to write us a message and will get in contact. Our page with up
to date contact information can be found on our site through <a href="http://www.triplecheck.de/">this link</a>. See you soon! :-)<br>
<br>
<h3>Getting started</h3>
When you download this software, the tool should already come available
with a small library of SPDX documents. We try out best to provide a
useful library in the download package but you will be expected to
built up your own library based on the components that you are using.
Extra points if you share your libraries with us for inclusion in
future versions of the library. <br>
<br>
Take your time to browse the items listed on the tree view at the right
side of the tool. Check what information is reported, what is listed
and what kind of features are available.<br>
<br>
Then, look on the "Tools" item at the bottom of the tree view. From
there you should find the "Create New SPDX" item that allows to create
a brand new analysis of your software.<br>
<br>
<h3>Using the search box</h3>
The search box is under continuous improvement, should already be fit
to provide most of the information that you need to extract from a
software compliance analysis:<br>
<ul>
<li>Finds files based on exact matches using MD5, SHA1, SHA256 of the file name</li>
<li>Finds files based on a percentage of "similarity" using the SSDEEP algorithm</li>
<li>(more soon to be added)</li>
</ul>
To find files based on specific algorithm, you can type something like this on the search box:<br>
<pre>SHA1: f23822b985b89ebb6a1ea989e9d095426b7ab2d9</pre>
So, name of the algorithm and then the value that you need. The name of
the algorithm can be either on lower or upper case. The value that you
are looking should be used in EXACT case match. This is particularly
important for the similarity matching algorithm where the signature
cannot be modified.<br>
<br>
<h3>
Plugin system</h3>
This software comes equipped with an advanced plugin system. We use
script files based in Java language. If you're familiar with PHP, C or
Java, you will feel right at home to change around the
software&nbsp;using nothing more than a text editor. If you wish, a
normal Java IDE such as Eclipse or NetBeans can be used to provide the
comfort of programming with automatic code completion. Write us an
email and we'll explain how to get the IDE setup going.<br>
<br>
Look inside the "plugins" folder to get started and hack away. :-)<br>
<br>
<h3>License and Extension recognition</h3>
Similar to the plugin system, we made available a way for adding up new
licenses and extension types. It uses the same Java-based scripts to
process files and detect if the a given license or extension are
applicable. <br>
<br>
Furthermore, when the tool finds a new file extension that wasn't
indexed before then it will create a new template. Look inside the
folder "extensions/unknown" to see what is automatically generated.
Then, you can edit these files to fill up the details as needed. This
way you can teach the software to recognize new extensions and know
what to do with them. This is useful to add new source code types that
were not added before.<br>
<br>
There is no need for a lengthy manual to lean how to modify these
files. Just look at one of the files already created and use it as
template for the new ones. :-)<br>
<br>
We would be grateful if you can help us improve the license and file
extension libraries. All you have to do is send back to us your
modified files by email and we will add them up for the next release.
As point of rule, we preserve your name and copyright on the provided
files.<br>
<br><br><h3>What is the license applicable?</h3>This software is made available under the terms of the European Public License, version 1.1 without the Appendix. <br><br>Unless
expressed otherwise, all contents declared under copyright by
TripleCheck are covered by the terms of the&nbsp;European Public
License, Version 1.1 without the Appendix section. <br><br>Specifically, this means that the Appendix containing the list of compatible licenses is not applicable to this software.<br><br>You find a copy of the EUPL 1.1 Licence at <a href="https://joinup.ec.europa.eu/software/page/eupl" target="_blank">https://joinup.ec.europa.eu/software/page/eupl</a><br><br><br>This
software contains libraries and other resources developed by third
party authors. We maintain an up to date list of these resources at <a href="http://opensourceprojects.eu/p/triplecheck/wiki/Third%20party%20resources/" target="_blank">this page</a>.<br><br>
<h3>Feedback?</h3>
This tool is quite young. Development moves at great speed since we use
it on for our own work at TripleCheck. However, what is necessary for
our use-case scenario might not necessary meet what you need.<br>
<br>
If you miss some specific feature or something is not working good, don't worry.&nbsp; Just write us a message
so that we know which features matter the most to fix or implement.
<br>
<br>
You find us at <a href="http://www.triplecheck.de/">http://www.triplecheck.de/</a><br>
<br>
<br>
Above all, have fun! :-)
</body></html>