CN111400672A - Open source software monitoring method and device - Google Patents

Open source software monitoring method and device Download PDF

Info

Publication number
CN111400672A
CN111400672A CN202010191433.5A CN202010191433A CN111400672A CN 111400672 A CN111400672 A CN 111400672A CN 202010191433 A CN202010191433 A CN 202010191433A CN 111400672 A CN111400672 A CN 111400672A
Authority
CN
China
Prior art keywords
open source
license
software
feature
source license
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010191433.5A
Other languages
Chinese (zh)
Inventor
邓辉
张宝峰
杨永生
高金萍
饶华一
毕海英
王蓓蓓
王亚楠
黄小莉
孙亚飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Information Technology Security Evaluation Center
Original Assignee
China Information Technology Security Evaluation Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Information Technology Security Evaluation Center filed Critical China Information Technology Security Evaluation Center
Priority to CN202010191433.5A priority Critical patent/CN111400672A/en
Publication of CN111400672A publication Critical patent/CN111400672A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method and a device for monitoring open source software, wherein the method comprises the following steps: determining the type of an open source license in open source software; searching whether an open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library; if yes, the found open source license clause feature is used as a first reference feature; collecting open source license clause characteristics of open source software in the implementation process; comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result; and monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software or not according to the first comparison result. In the application, the use condition of the open source software can be monitored in the above mode.

Description

Open source software monitoring method and device
Technical Field
The present application relates to the field of open source software technologies, and in particular, to a method and an apparatus for monitoring open source software.
Background
At present, part of IT systems use open source software in the research and development process to improve the research and development efficiency and improve the IT systems.
However, if the open source software is not used properly, the right of the open source software is damaged, and therefore, it is necessary to monitor the use condition of the open source software.
Disclosure of Invention
In order to solve the above technical problems, embodiments of the present application provide a method and an apparatus for monitoring open-source software, so as to achieve the purpose of monitoring the service condition of the open-source software, and the technical scheme is as follows:
a method for monitoring open source software comprises the following steps:
determining the type of an open source license in open source software;
searching whether an open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library;
if yes, the found open source license clause feature is used as a first reference feature;
collecting open source license clause characteristics of the open source software in the implementation process;
comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result;
and monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software or not according to the first comparison result.
Preferably, the method further comprises:
if the types of the open source licenses in the open source software are multiple, respectively searching whether open source license features corresponding to the various types of the open source licenses in the open source software exist in a preset open source license feature library;
if yes, comparing the open source license characteristics corresponding to various types of open source licenses in the open source software to obtain a second comparison result;
and monitoring whether different open source licenses in the open source software are compatible or not according to the second comparison result.
Preferably, the method further comprises:
determining the type of an open source license adopted by an open source project to which the open source software belongs;
searching whether an open source license clause characteristic corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exists in the preset open source license characteristic library;
if yes, the found open source license clause feature is used as a second reference feature;
comparing the first reference characteristic with the second reference characteristic to obtain a third comparison result;
and monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
Preferably, after the step of using the found open source license provision characteristic as a second benchmark characteristic, before the step of comparing the first benchmark characteristic with the second benchmark characteristic, the method further includes:
determining the type of an open source license adopted by an open source project to which inheritance codes belong in the open source project to which the open source software belongs;
searching whether an open source license clause characteristic corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs exists in the open source item to which the open source software belongs in the preset open source license characteristic library;
if yes, the found open source license clause feature is used as a third reference feature;
comparing the second reference characteristic with the third reference characteristic to obtain a fourth comparison result;
monitoring whether the open source license adopted by the open source project to which the open source software belongs is compatible with the open source license adopted by the open source project to which the inheritance code belongs in the open source project to which the open source software belongs according to the fourth comparison result;
if yes, the step of comparing the first reference feature with the second reference feature is executed.
Preferably, the opening source license in the open source software includes: one or more of an item level open source license, a file level open source license, and a code level open source license.
Preferably, the collecting the open source license provision feature of the open source software in the implementation process includes:
collecting the direct open source license clause characteristics of the open source software in the implementation process;
or, collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process;
under the condition of collecting the direct open source license terms characteristic and the indirect open source license terms characteristic of the open source software in the implementation process, the comparing the first reference characteristic with the open source license terms characteristic of the open source software in the implementation process to obtain a first comparison result, which includes:
comparing the first reference characteristic with the direct open source license clause characteristic to obtain a first comparison pair result, wherein the first comparison pair result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software;
if the first comparison sub-result is that the first reference feature is matched with the direct open source license provision feature, comparing the first reference feature with the indirect open source license provision feature to obtain a second comparison sub-result, wherein the second comparison sub-result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
An open source software monitoring device comprising:
the first determining module is used for determining the type of the open source license in the open source software;
the first searching module is used for searching whether open source license clause characteristics corresponding to the type of the open source license in the open source software exist in a preset open source license characteristic library;
a second determining module, configured to use the found open source license clause feature as a first reference feature if an open source license clause feature corresponding to the type of the open source license in the open source software exists in a preset open source license feature library;
the first acquisition module is used for acquiring the open source license clause characteristics of the open source software in the implementation process;
the first comparison module is used for comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result;
and the first monitoring module is used for monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software according to the first comparison result.
Preferably, the apparatus further comprises:
the second searching module is used for respectively searching whether open source license features corresponding to various types of open source licenses in the open source software exist in a preset open source license feature library if the types of the open source licenses in the open source software are various;
the second comparison module is used for comparing the open source license features corresponding to the various types of open source licenses in the open source software to obtain a second comparison result if the open source license features corresponding to the various types of open source licenses in the open source software exist in a preset open source license feature library;
and the second monitoring module is used for monitoring whether different open-source licenses in the open-source software are compatible or not according to the second comparison result.
Preferably, the apparatus further comprises:
the third determining module is used for determining the type of the open source license adopted by the open source item to which the open source software belongs;
a third searching module, configured to search, in the preset open source license feature library, whether an open source license clause feature corresponding to a type of an open source license used by an open source project to which the open source software belongs exists;
a fourth determining module, configured to, if an open source license term feature corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a second reference feature;
the third comparison module is used for comparing the first reference characteristic with the second reference characteristic to obtain a third comparison result;
and the third monitoring module is used for monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
Preferably, the apparatus further comprises:
a fifth determining module, configured to determine a type of an open source license used by an open source item to which an inheritance code belongs in the open source item to which the open source software belongs;
a fourth searching module, configured to search, in the preset open source license feature library, whether an open source license clause feature corresponding to a type of an open source license adopted by an open source item to which the inheritance code belongs exists in the open source item to which the open source software belongs;
a sixth determining module, configured to, if an open source license term feature corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs in the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a third reference feature;
the fourth comparison module is used for comparing the second reference characteristic with the third reference characteristic to obtain a fourth comparison result;
a fourth monitoring module, configured to monitor, according to the fourth comparison result, whether the open source license used in the open source project to which the open source software belongs is compatible with the open source license used in the open source project to which the inheritance code belongs in the open source project to which the open source software belongs;
the third comparison module is specifically configured to compare the first reference feature with the second reference feature if an open source license adopted by an open source project to which the open source software belongs is compatible with an open source license adopted by an open source project to which an inheritance code belongs in the open source project to which the open source software belongs.
Preferably, the opening source license in the open source software includes: one or more of an item level open source license, a file level open source license, and a code level open source license.
Preferably, the first acquisition module is specifically configured to:
collecting the direct open source license clause characteristics of the open source software in the implementation process;
or, collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process;
under the condition of collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process, the first comparison module is specifically configured to:
comparing the first reference characteristic with the direct open source license clause characteristic to obtain a first comparison pair result, wherein the first comparison pair result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software;
if the first comparison sub-result is that the first reference feature is matched with the direct open source license provision feature, comparing the first reference feature with the indirect open source license provision feature to obtain a second comparison sub-result, wherein the second comparison sub-result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
Compared with the prior art, the beneficial effect of this application is:
in the application, because the open source license in the open source software specifies the use right of the open source software, the term feature in the open source license can be used as an objective basis for monitoring whether the use of the open source software is legal, on the basis, a first comparison result is obtained by comparing the first reference feature with the open source license term feature represented in the implementation process of the open source software, and whether the use condition of the open source software meets the requirement of the open source license in the open source software is monitored according to the first comparison result, so that the use condition of the open source software is monitored.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a flowchart of an embodiment 1 of a monitoring method for open source software provided in the present application;
FIG. 2 is a flowchart of embodiment 2 of a method for monitoring open source software provided by the present application;
FIG. 3 is a schematic diagram of a logic structure of a monitoring device of open source software provided in the present application;
FIG. 4 is a schematic diagram of a logic structure of another open source software monitoring device provided in the present application;
FIG. 5 is a schematic diagram of a logic structure of a monitoring device of open source software provided in the present application;
fig. 6 is a schematic logical structure diagram of a monitoring apparatus of still another open source software provided in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application discloses a method for monitoring open source software, which comprises the following steps: determining the type of an open source license in open source software; if the type of the open source license in the open source software is one, searching whether an open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library; if yes, the found open source license clause feature is used as a first reference feature; collecting open source license clause characteristics of the open source software in the implementation process; comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result; and monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software or not according to the first comparison result. In the present application, the usage of open source software may be monitored.
Next, a method for monitoring open source software disclosed in an embodiment of the present application is introduced, and as shown in fig. 1, a flowchart of embodiment 1 of the method for monitoring open source software provided by the present application may include the following steps:
and step S11, determining the type of the source license in the open source software.
The open source software may include one or more open source licenses, and the types of the open source licenses may be different, so that the types of the open source licenses in the open source software need to be determined, and corresponding operations are performed on the different types of open source licenses.
In this embodiment, the open source license in the open source software may include, but is not limited to: one or more of an item level open source license, a file level open source license, and a code level open source license.
Step S12, searching whether an open source license clause feature corresponding to the type of the open source license in the open source software exists in a preset open source license feature library.
The preset open source license feature library records open source license provision features extracted from a plurality of types of open source licenses, for example, open source license provision features of ten types of main flow open source licenses such as GP L (GP L/. 2/.3/.2+/.3+), L GP L (L GP L/. 2/.2+/.3+), BSD (BSD2/3), Apache, MIT, CC, and the like are recorded, and the open source license provision features extracted from each type of open source license are respectively recorded.
The open source license terms feature extracted from each type of open source license may include: a direct open source license terms feature and an indirect open source license terms feature.
The direct open source license terms features may include, but are not limited to: commercial, open source, distribution, brand use;
the indirect open source license terms features may include, but are not limited to: duplication, modification, patent authorization, copyright statement, responsibility for, infectivity.
If so, go to step S13.
And step S13, taking the found open source license clause characteristic as a first reference characteristic.
And step S14, collecting the open source license clause characteristics of the open source software in the implementation process.
In this embodiment, the open source license provision feature corresponding to the type of the open source license in the open source software recorded in the preset open source license feature library may be used as a template, and the open source license provision feature in the implementation process of the open source software may be collected according to the template.
The collecting the open source license terms feature of the open source software in the implementation process may include:
collecting the direct open source license clause characteristics of the open source software in the implementation process;
or collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process.
Step S15, comparing the first reference feature with the open source license clause feature of the open source software in the implementation process to obtain a first comparison result.
Under the condition of collecting the direct open source license term feature and the indirect open source license term feature of the open source software in the implementation process, the comparing the first reference feature with the open source license term feature of the open source software in the implementation process to obtain a first comparison result, which may include:
comparing the first reference characteristic with the direct open source license clause characteristic to obtain a first comparison pair result, wherein the first comparison pair result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software;
if the first comparison sub-result is that the first reference feature is matched with the direct open source license provision feature, comparing the first reference feature with the indirect open source license provision feature to obtain a second comparison sub-result, wherein the second comparison sub-result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
Step S16, according to the first comparison result, monitoring whether the usage of the open source software meets the requirement of the open source license in the open source software.
According to the first comparison result, monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software, which can be understood as:
if the first comparison result is consistent, monitoring that the use condition of the open source software meets the requirement of the open source license in the open source software;
and if the first comparison result is inconsistent, monitoring that the use condition of the open source software does not meet the requirement of the open source license in the open source software.
In the application, because the open source license in the open source software specifies the use right of the open source software, the term feature in the open source license can be used as an objective basis for monitoring whether the use of the open source software is legal, on the basis, a first comparison result is obtained by comparing the first reference feature with the open source license term feature represented in the implementation process of the open source software, and whether the use condition of the open source software meets the requirement of the open source license in the open source software is monitored according to the first comparison result, so that the use condition of the open source software is monitored.
As another alternative embodiment of the present application, referring to fig. 2, a schematic flow chart of an embodiment 2 of a monitoring method for open source software provided by the present application is provided, where this embodiment is mainly an extension of the monitoring method for open source software described in the above embodiment 1, and as shown in fig. 2, the method may include, but is not limited to, the following steps:
and step S21, determining the type of the source license in the open source software.
Step S22, searching whether an open source license clause feature corresponding to the type of the open source license in the open source software exists in a preset open source license feature library.
If so, go to step S23.
And step S23, taking the found open source license clause characteristic as a first reference characteristic.
And step S24, collecting the open source license clause characteristics of the open source software in the implementation process.
Step S25, comparing the first reference feature with the open source license clause feature of the open source software in the implementation process to obtain a first comparison result.
Step S26, according to the first comparison result, monitoring whether the usage of the open source software meets the requirement of the open source license in the open source software.
The detailed procedures of steps S21-S26 can be found in the related descriptions of steps S11-S16 in embodiment 1, and are not repeated herein.
Step S27, if the types of the open source license in the open source software are multiple, respectively searching whether there are open source license features corresponding to the various types of the open source license in the open source software in a preset open source license feature library.
If so, go to step S28.
Step S28, comparing the open source license features corresponding to the various types of open source licenses in the open source software to obtain a second comparison result.
And step S29, monitoring whether different open source licenses in the open source software are compatible or not according to the second comparison result.
According to the second comparison result, whether different open source licenses in the open source software are compatible or not is monitored, which can be understood as:
if the second comparison result is uniform, determining that the different open-source licenses in the open-source software are compatible;
and if the second comparison result indicates that the characteristics of the open source licenses corresponding to at least one type are inconsistent with those of the open source licenses of other types, determining that the different open source licenses in the open source software are incompatible.
In this embodiment, it can be implemented to monitor whether the use request of the open source license in the open source software conforms to the requirement of the open source license in the open source element, and to monitor whether different open source licenses in the open source software are compatible with each other.
As another optional embodiment 3 of the present application, it is mainly an extension of the monitoring method of the open source software described in the above embodiment 2, and the method may include, but is not limited to, the following steps:
and A11, determining the type of the source license in the open source software.
A12, searching whether the open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library.
If so, step A13 is performed.
And A13, taking the found open source license term characteristic as a first benchmark characteristic.
A14, collecting the open source license clause characteristic of the open source software in the implementation process.
A15, comparing the first reference feature with the open source license clause feature of the open source software in the implementation process to obtain a first comparison result.
A16, according to the first comparison result, monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
And A17, if the types of the open source licenses in the open source software are multiple, respectively searching whether open source license features corresponding to the various types of the open source licenses in the open source software exist in a preset open source license feature library.
If so, step A18 is performed.
A18, comparing the open source license characteristics corresponding to the various types of open source licenses in the open source software to obtain a second comparison result.
And A19, monitoring whether different open source licenses in the open source software are compatible or not according to the second comparison result.
The detailed procedures of steps A11-A19 can be found in the related descriptions of steps S21-S29 in example 2, and are not repeated herein.
Steps a11-a19 implement monitoring whether the request for use of the open source license in the open source software conforms to the requirements of the open source license in the open source element, and monitoring whether the different open source licenses in the open source software are compatible.
And A110, determining the type of the open source license adopted by the open source item to which the open source software belongs.
And A111, searching whether the open source license clause characteristics corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exist in the preset open source license characteristic library.
If so, step A112 is performed.
And A112, taking the searched open source license term characteristic as a second benchmark characteristic.
And A113, comparing the first reference characteristic with the second reference characteristic to obtain a third comparison result.
And A114, monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
Steps a110-a114 implement monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs.
In this embodiment, it can be simultaneously achieved that whether the use request of the open source license in the open source software meets the requirement of the open source license in the open source element, whether different open source licenses in the open source software are compatible, and whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs.
As another optional embodiment 4 of the present application, it is mainly an extension of the monitoring method of the open source software described in the above embodiment 3, and the method may include, but is not limited to, the following steps:
and A21, determining the type of the source license in the open source software.
A22, searching whether the open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library.
If so, step A23 is performed.
And A23, taking the found open source license term characteristic as a first benchmark characteristic.
A24, collecting the open source license clause characteristic of the open source software in the implementation process.
A25, comparing the first reference feature with the open source license clause feature of the open source software in the implementation process to obtain a first comparison result.
A26, according to the first comparison result, monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
And A27, if the types of the open source licenses in the open source software are multiple, respectively searching whether open source license features corresponding to the various types of the open source licenses in the open source software exist in a preset open source license feature library.
If so, step A28 is performed.
A28, comparing the open source license characteristics corresponding to the various types of open source licenses in the open source software to obtain a second comparison result.
And A29, monitoring whether different open source licenses in the open source software are compatible or not according to the second comparison result.
The detailed procedures of the steps A21-A29 can be found in the related descriptions of the steps A11-A19 in example 3, and are not repeated herein.
Steps a21-a29 implement monitoring whether the request for use of the open source license in the open source software conforms to the requirements of the open source license in the open source element, and monitoring whether the different open source licenses in the open source software are compatible.
A210, determining the type of the open source license adopted by the open source item to which the open source software belongs.
And A211, searching whether the open source license clause characteristics corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exist in the preset open source license characteristic library.
If so, step A212 is performed.
And A212, taking the searched open source license term characteristic as a second benchmark characteristic.
And A213, determining the type of the open source license adopted by the open source item of the inheritance code in the open source item of the open source software.
And A214, searching whether the open source license clause characteristics corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs exist in the open source item to which the open source software belongs in the preset open source license characteristic library.
If so, step A215 is performed.
And A215, taking the found open source license term characteristic as a third benchmark characteristic.
And A216, comparing the second reference characteristic with the third reference characteristic to obtain a fourth comparison result.
And A217, monitoring whether the open source license adopted by the open source project to which the open source software belongs is compatible with the open source license adopted by the open source project to which the inheritance code belongs in the open source project to which the open source software belongs according to the fourth comparison result.
If yes, go to step A218.
Steps a213-a218 implement monitoring of whether the open source license adopted by the open source project to which the open source software belongs is compatible with the open source license adopted by the open source project related to the open source project to which the open source software belongs.
And A218, comparing the first reference feature with the second reference feature to obtain a third comparison result.
And A219, monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
In this embodiment, on the basis that the open source license adopted by the open source project to which the open source software belongs is compatible with the open source license adopted by the open source project related to the open source project to which the open source software belongs, whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs is further monitored, so that the monitoring comprehensiveness is ensured.
Next, a monitoring device of the open source software provided in the present application is described, and the following described monitoring device of the open source software and the above described monitoring method of the open source software may be referred to correspondingly.
Referring to fig. 3, the monitoring device of the open source software includes: the device comprises a first determination module 11, a first search module 12, a second determination module 13, a first acquisition module 14, a first comparison module 15 and a first monitoring module 16.
The first determining module 11 is configured to determine a type of an open source license in open source software;
a first searching module 12, configured to search, in a preset open source license feature library, whether an open source license clause feature corresponding to the type of the open source license in the open source software exists;
a second determining module 13, configured to determine that, in a preset open source license feature library, an open source license term feature corresponding to the type of the open source license in the open source software exists, and use the found open source license term feature as a first reference feature;
the first acquisition module 14 is used for acquiring the open source license clause characteristics of the open source software in the implementation process;
the first comparison module 15 is configured to compare the first reference feature with an open-source license clause feature of the open-source software in the implementation process to obtain a first comparison result;
the first monitoring module 16 is configured to monitor whether the usage of the open source software meets the requirement of the open source license in the open source software according to the first comparison result.
In this embodiment, another monitoring apparatus for open source software is introduced, please refer to fig. 4, and the monitoring apparatus for open source software shown in fig. 3 may further include:
a second searching module 17, configured to respectively search, if the types of the open-source licenses in the open-source software are multiple, whether open-source license features corresponding to the various types of the open-source licenses in the open-source software exist in a preset open-source license feature library;
a second comparison module 18, configured to, if open-source license features corresponding to various types of open-source licenses in the open-source software exist in a preset open-source license feature library, compare the open-source license features corresponding to the various types of open-source licenses in the open-source software to obtain a second comparison result;
and the second monitoring module 19 is configured to monitor whether different open-source licenses in the open-source software are compatible with each other according to the second comparison result.
In this embodiment, another monitoring apparatus for open source software is introduced, please refer to fig. 5, and the monitoring apparatus for open source software shown in fig. 4 may further include:
a third determining module 110, configured to determine a type of an open-source license used in an open-source project to which the open-source software belongs;
a third searching module 111, configured to search, in the preset open-source license feature library, whether an open-source license clause feature corresponding to the type of the open-source license used in the open-source project to which the open-source software belongs exists;
a fourth determining module 112, configured to, if an open source license term feature corresponding to the type of the open source license used in the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a second reference feature;
a third comparing module 113, configured to compare the first reference feature with the second reference feature to obtain a third comparison result;
a third monitoring module 114, configured to monitor, according to the third comparison result, whether the open-source license in the open-source software is compatible with the open-source license adopted by the open-source project to which the open-source software belongs.
In this embodiment, another monitoring apparatus for open source software is introduced, please refer to fig. 6, and the monitoring apparatus for open source software shown in fig. 5 may further include:
a fifth determining module 115, configured to determine a type of an open source license used in an open source item to which the inheritance code belongs in the open source item to which the open source software belongs;
a fourth searching module 116, configured to search, in the preset open source license feature library, whether an open source license clause feature corresponding to a type of an open source license adopted by an open source item to which the inheritance code belongs exists in the open source item to which the open source software belongs;
a sixth determining module 117, configured to, if an open source license term feature corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs in the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a third reference feature;
a fourth comparing module 118, configured to compare the second reference feature with the third reference feature to obtain a fourth comparison result;
a fourth monitoring module 119, configured to monitor, according to the fourth comparison result, whether the open source license used in the open source project to which the open source software belongs is compatible with the open source license used in the open source project to which the inheritance code belongs in the open source project to which the open source software belongs;
the third comparing module 113 is specifically configured to compare the first reference feature with the second reference feature if the open source license used in the open source project to which the open source software belongs is compatible with the open source license used in the open source project to which the inheritance code belongs in the open source project to which the open source software belongs.
In this embodiment, the open source license in the open source software may include: one or more of an item level open source license, a file level open source license, and a code level open source license.
The first acquisition module 14 may specifically be configured to:
collecting the direct open source license clause characteristics of the open source software in the implementation process;
or, collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process;
under the condition of collecting the direct open-source license clause feature and the indirect open-source license clause feature of the open-source software in the implementation process, the first comparison module 15 may be specifically configured to:
comparing the first reference characteristic with the direct open source license clause characteristic to obtain a first comparison pair result, wherein the first comparison pair result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software;
if the first comparison sub-result is that the first reference feature is matched with the direct open source license provision feature, comparing the first reference feature with the indirect open source license provision feature to obtain a second comparison sub-result, wherein the second comparison sub-result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
It should be noted that each embodiment is mainly described as a difference from the other embodiments, and the same and similar parts between the embodiments may be referred to each other. For the device-like embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The method and the device for monitoring open source software provided by the application are described in detail above, a specific example is applied in the description to explain the principle and the implementation of the application, and the description of the above embodiment is only used to help understand the method and the core idea of the application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (10)

1. A method for monitoring open source software is characterized by comprising the following steps:
determining the type of an open source license in open source software;
searching whether an open source license clause characteristic corresponding to the type of the open source license in the open source software exists in a preset open source license characteristic library;
if yes, the found open source license clause feature is used as a first reference feature;
collecting open source license clause characteristics of the open source software in the implementation process;
comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result;
and monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software or not according to the first comparison result.
2. The method of claim 1, further comprising:
if the types of the open source licenses in the open source software are multiple, respectively searching whether open source license features corresponding to the various types of the open source licenses in the open source software exist in a preset open source license feature library;
if yes, comparing the open source license characteristics corresponding to various types of open source licenses in the open source software to obtain a second comparison result;
and monitoring whether different open source licenses in the open source software are compatible or not according to the second comparison result.
3. The method of claim 2, further comprising:
determining the type of an open source license adopted by an open source project to which the open source software belongs;
searching whether an open source license clause characteristic corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exists in the preset open source license characteristic library;
if yes, the found open source license clause feature is used as a second reference feature;
comparing the first reference characteristic with the second reference characteristic to obtain a third comparison result;
and monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
4. The method according to claim 3, wherein after said using the found open source license terms feature as a second benchmark feature, before said comparing the first benchmark feature with the second benchmark feature, further comprising:
determining the type of an open source license adopted by an open source project to which inheritance codes belong in the open source project to which the open source software belongs;
searching whether an open source license clause characteristic corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs exists in the open source item to which the open source software belongs in the preset open source license characteristic library;
if yes, the found open source license clause feature is used as a third reference feature;
comparing the second reference characteristic with the third reference characteristic to obtain a fourth comparison result;
monitoring whether the open source license adopted by the open source project to which the open source software belongs is compatible with the open source license adopted by the open source project to which the inheritance code belongs in the open source project to which the open source software belongs according to the fourth comparison result;
if yes, the step of comparing the first reference feature with the second reference feature is executed.
5. The method of any of claims 1-4, wherein opening a source license in the source software comprises: any one or more of an item level open source license, a file level open source license, and a code level open source license.
6. The method according to any one of claims 1-4, wherein the collecting open source license terms of the open source software during implementation comprises:
collecting the direct open source license clause characteristics of the open source software in the implementation process;
or, collecting the direct open source license clause characteristic and the indirect open source license clause characteristic of the open source software in the implementation process;
under the condition of collecting the direct open source license terms characteristic and the indirect open source license terms characteristic of the open source software in the implementation process, the comparing the first reference characteristic with the open source license terms characteristic of the open source software in the implementation process to obtain a first comparison result, which includes:
comparing the first reference characteristic with the direct open source license clause characteristic to obtain a first comparison pair result, wherein the first comparison pair result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software;
if the first comparison sub-result is that the first reference feature is matched with the direct open source license provision feature, comparing the first reference feature with the indirect open source license provision feature to obtain a second comparison sub-result, wherein the second comparison sub-result is used as a basis for monitoring whether the use condition of the open source software meets the requirement of the open source license in the open source software.
7. An open source software monitoring device, comprising:
the first determining module is used for determining the type of the open source license in the open source software;
the first searching module is used for searching whether open source license clause characteristics corresponding to the type of the open source license in the open source software exist in a preset open source license characteristic library;
a second determining module, configured to use the found open source license clause feature as a first reference feature if an open source license clause feature corresponding to the type of the open source license in the open source software exists in a preset open source license feature library;
the first acquisition module is used for acquiring the open source license clause characteristics of the open source software in the implementation process;
the first comparison module is used for comparing the first reference characteristic with the open source license clause characteristic of the open source software in the implementation process to obtain a first comparison result;
and the first monitoring module is used for monitoring whether the service condition of the open source software meets the requirement of the open source license in the open source software according to the first comparison result.
8. The apparatus of claim 7, further comprising:
the second searching module is used for respectively searching whether open source license features corresponding to various types of open source licenses in the open source software exist in a preset open source license feature library if the types of the open source licenses in the open source software are various;
the second comparison module is used for comparing the open source license features corresponding to the various types of open source licenses in the open source software to obtain a second comparison result if the open source license features corresponding to the various types of open source licenses in the open source software exist in a preset open source license feature library;
and the second monitoring module is used for monitoring whether different open-source licenses in the open-source software are compatible or not according to the second comparison result.
9. The apparatus of claim 8, further comprising:
the third determining module is used for determining the type of the open source license adopted by the open source item to which the open source software belongs;
a third searching module, configured to search, in the preset open source license feature library, whether an open source license clause feature corresponding to a type of an open source license used by an open source project to which the open source software belongs exists;
a fourth determining module, configured to, if an open source license term feature corresponding to the type of the open source license adopted by the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a second reference feature;
the third comparison module is used for comparing the first reference characteristic with the second reference characteristic to obtain a third comparison result;
and the third monitoring module is used for monitoring whether the open source license in the open source software is compatible with the open source license adopted by the open source project to which the open source software belongs according to the third comparison result.
10. The apparatus of claim 9, further comprising:
a fifth determining module, configured to determine a type of an open source license used by an open source item to which an inheritance code belongs in the open source item to which the open source software belongs;
a fourth searching module, configured to search, in the preset open source license feature library, whether an open source license clause feature corresponding to a type of an open source license adopted by an open source item to which the inheritance code belongs exists in the open source item to which the open source software belongs;
a sixth determining module, configured to, if an open source license term feature corresponding to the type of the open source license adopted by the open source item to which the inheritance code belongs in the open source item to which the open source software belongs exists in the preset open source license feature library, use the found open source license term feature as a third reference feature;
the fourth comparison module is used for comparing the second reference characteristic with the third reference characteristic to obtain a fourth comparison result;
a fourth monitoring module, configured to monitor, according to the fourth comparison result, whether the open source license used in the open source project to which the open source software belongs is compatible with the open source license used in the open source project to which the inheritance code belongs in the open source project to which the open source software belongs;
the third comparison module is specifically configured to compare the first reference feature with the second reference feature if an open source license adopted by an open source project to which the open source software belongs is compatible with an open source license adopted by an open source project to which an inheritance code belongs in the open source project to which the open source software belongs.
CN202010191433.5A 2020-03-18 2020-03-18 Open source software monitoring method and device Pending CN111400672A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010191433.5A CN111400672A (en) 2020-03-18 2020-03-18 Open source software monitoring method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010191433.5A CN111400672A (en) 2020-03-18 2020-03-18 Open source software monitoring method and device

Publications (1)

Publication Number Publication Date
CN111400672A true CN111400672A (en) 2020-07-10

Family

ID=71434270

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010191433.5A Pending CN111400672A (en) 2020-03-18 2020-03-18 Open source software monitoring method and device

Country Status (1)

Country Link
CN (1) CN111400672A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106934254A (en) * 2017-02-15 2017-07-07 ***股份有限公司 The analysis method and device of a kind of licensing of increasing income
CN109063421A (en) * 2018-06-28 2018-12-21 东南大学 A kind of analysis of open source licensing compliance and conflicting detection method
WO2019135425A1 (en) * 2018-01-04 2019-07-11 라인플러스 주식회사 Open source software license verification method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106934254A (en) * 2017-02-15 2017-07-07 ***股份有限公司 The analysis method and device of a kind of licensing of increasing income
WO2019135425A1 (en) * 2018-01-04 2019-07-11 라인플러스 주식회사 Open source software license verification method and system
CN109063421A (en) * 2018-06-28 2018-12-21 东南大学 A kind of analysis of open source licensing compliance and conflicting detection method

Similar Documents

Publication Publication Date Title
US8881131B2 (en) Method and apparatus for populating a software catalogue with software knowledge gathering
JP5298117B2 (en) Data merging in distributed computing
US20230195728A1 (en) Column lineage and metadata propagation
CN109543891B (en) Method and apparatus for establishing capacity prediction model, and computer-readable storage medium
CN108197306A (en) SQL statement processing method, device, computer equipment and storage medium
CN109241014B (en) Data processing method and device and server
WO2020199384A1 (en) Audio recognition method, apparatus and device, and storage medium
CN104572085A (en) Method and device for analyzing application program
CN114297283B (en) Metadata-driven data security management method and system
CN107491558B (en) Metadata updating method and device
Bouillet et al. Processing 6 billion CDRs/day: from research to production (experience report)
CN112328631A (en) Production fault analysis method and device, electronic equipment and storage medium
CN114880405A (en) Data lake-based data processing method and system
CN111414410A (en) Data processing method, device, equipment and storage medium
CN110688305A (en) Test environment synchronization method, device, medium and electronic equipment
CN114201736A (en) Block chain-based APP privacy compliance management method, device and system
CN111400672A (en) Open source software monitoring method and device
CN111177239B (en) Unified log processing method and system based on HDP big data cluster
Cordy et al. Debcheck: Efficient checking for open source code clones in software systems
CN111125226A (en) Configuration data acquisition method and device
CN108038233B (en) Method and device for collecting articles, electronic equipment and storage medium
CN116501733A (en) Data product generation method, device, equipment and storage medium
CN110570902B (en) Copy number variation analysis method, system and computer readable storage medium
CN114090514A (en) Log retrieval method and device for distributed system
CN112860250A (en) Front-end material issuing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination