What is Osler Code Detect?
Osler Code Detect is a web-based application that locally scans source code to identify open source licenses that pose the highest risk and presents results in an easy-to-understand, visualized format. View a demo of Osler Code Detect.
Why use Osler Code Detect?
Undisciplined use of open source software can significantly diminish the value of software and related patents, potentially putting your projects, future profits and even your reputation at risk. Osler Code Detect scans your source code to look for software that has been included pursuant to an open source license. Use Osler Code Detect to
- monitor your dev team’s use of open source software
- perform acceptance testing of code developed for you by a service provider
- perform due diligence when acquiring ownership of software developed by someone else
- prepare for a financing or sale of your business
- perform due diligence on open source usage (without taking possession of the source code)
- ensure that companies you own or invest in use open source software responsibly
How much does it cost to use this tool?
What browsers are supported?
The latest desktop versions of Firefox and Opera are supported, as is Chrome version 72 and below.
Can I save my results?
You can export your scan results into a Microsoft Excel file (.xlsx).
Can I print my results?
You can print the scan results page. However, for best quality, use Google Chrome and enable the option to include background colours and images. For large repositories, printing to pdf provides better results than printing to paper.
Are scanned files uploaded to your servers?
No. Osler Code Detect scans all files locally on your own computer.
What do the scan results display?
Osler Code Detect delivers the results in four categories.
- License Distribution: This at-a-glance pie chart shows the distribution of the licenses identified by the scan.
- License Considerations: This is a list of the licenses that are found to require careful consideration regarding their use.
- License View: This list categorizes the files scanned by the licenses under which they are governed.
- File Structure: This list contains the file structure of the files scanned, with each file labelled with the licenses that govern such files. To see if a license is “found in the file” or “inherited by convention,” hover over the license title bubble.
How does Osler Code Detect work and how does it differ from the tools offered by professional open source software audit firms?
Osler Code Detect scans your local source code to identify software that has been included pursuant to an open source software license. Osler Code Detect then lists licenses that pose the highest risk.
Osler Code Detect does not compare source code to a database of known open source code (something that some open source audit firms do). Instead, it reviews the source code in the same manner a software developer would — by checking how the licenses are applied based on conventions adopted by the open source community.
Osler Code Detect scans for full licenses or references to licenses in the first 700 lines or 75,000 bytes of a file (English language only).
Licenses are identified as “found in a file” or “implied by convention”— as having an impact on a file through the rules of inheritance.
Rules of inheritance
- Only source files (e.g., a file named .cpp) can inherit licenses (see below for a list of source files).
- If no licenses are found in the source file, it “inherits” its open source attributes from non-source files that contain the full license text. To be detected, non-source files must be in the same folder path as the source file.
- Only full licenses in a non-source file (e.g., a filed named LICENSE) will apply to all files/folders in the same directory.
- Any licenses detected in a source file will apply to that file and will override any inheriting licenses on that file.
What are some of the limitations of Osler Code Detect?
Osler Code Detect has the same limitations (and follows conventional coding standards) as any parsing software:
- Only files that conventionally may contain a license will be checked.
- For full licenses to be detected, the license files must be word-for-word identical to the official licenses found on their official home page, within some tolerance of varying non-digit and non-letter characters.
- Certain files that are designed to describe how licenses apply (e.g., .inc and .bb) require the actual reading of the file as the tool does not provide the interpretation.
- If a file identifies other files under a certain license, the first file will be considered under those licenses, not the other files.
- Licenses considered must be in the file contents and not the filename.
- Only text is considered. Images, audio and video are not checked.
- Only plain text is supported; documents such as html will be parsed as plain text and not in its rendered state.
Need legal support to interpret your scan results (or other legal advice)?
Whether you develop software, or are looking to acquire a company that does, we offer open source legal support packages designed to meet your needs. For more information, contact Sam Ip or another member of our technology law team.