Browse Prior Art Database

Process and Method for the Automatic Collection of Software Legal Metadata

IP.com Disclosure Number: IPCOM000240946D
Publication Date: 2015-Mar-13
Document File: 4 page(s) / 111K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a method and mechanism to identify the dependencies, the associated origins, and the distinct license terms of third party packages/products used in the development of software products. The novel mechanism automatically collects four-tuples (4-tuples) comprised of name/version, license type, origin, and outbound notice.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Process and Method for the Automatic Collection of Software Legal Metadata

Software products typically have hundreds, thousands, or tens of thousands of third party dependencies, often Open Source packages. The associated licenses often stipulate that offerings dependent upon the licensed code must be distributed with an outbound notice specified in the licensing terms. A method is needed to collect those notices.

Although some existing tools provide automatic access to some licensing metadata (e.g., software package managers), none attempt to automatically produce all four of the most crucial pieces of data for complying with a software dependency 's licensing terms. The terms include the package name and version identifier, the license type (e.g., MIT, GNU Public License), the origin (e.g., Uniform Resource Identifier (URI) identifying the resource from which the software can be obtained), and the outbound notice required by the license.

For example, the package, PhoneGap*, when installed by the Node Package Manager, installs 524 dependent packages. Each of these potentially has an origin and license independent of PhoneGap's. The task of identifying these dependencies, discarding duplicates, and discovering the license, origin, and notice of the remaining packages is nearly impossible to manually complete.

The novel solution is a method and mechanism to identify the dependencies , the associated origins, and the distinct license terms. The solution addresses the need to comply with the licensing requirements of software offerings (i.e. products) that contain hundreds, thousands, or tens of thousands of dependencies, each licensed separately. The novel mechanism automatically collects four-tuples (4-tuples) comprised of name/version, license type, origin, and outbound notice.

There are no known existing solutions offering this functionality. Without it, a manual solution is labor-intensive and slow in the best case, and completely unapproachable in the worst.

In the preferred embodiment, the scanning mechanism is provided as a software application, which includes a user interface (UI) for interacting with the scanner. The user employs the UI to indicate the location on a file system of a software offering to be scanned. After receiving that input, the mechanism scans the offering for software dependencies and collects any legal metadata that is available on the local file system about the offering and its dependencies . Subsequently, the process prepares parallel requests to heterogeneous remote resources and then executes the requests to obtain metadata that was not found locally . Upon completion of the process, the scanner returns to the UI the information representing the collected licensing metadata . The UI transforms and displays that information to the user for further manual processing .

1


Page 02 of 4

Figure 1: Overall Proces...