Hewlett-Packard has launched the FOSSology Project, a tool for tracking and monitoring the use of free and open-source software within an IT environment.
The project stems from governance work done in-house at HP, according to the website set up for the project.
"We needed a tool that would quickly and accurately describe how a given open source project was licensed," a statement on the site reads. "Rather than simply collecting a project's advertised licence (as given at their website or in their documentation), this tool needed to analyse all of the source code for a given project and intelligently report all of the licences being used, based on the licence declarations and tell-tale phrases that identify software licensing."
FOSSology is available under the terms of the GNU General Public License (GPL) version 2, and currently has support on most GNU/Linux platforms, according to the site.
Companies such as Black Duck Software are already in the FOSS-tracking business, and HP's entry brought a warm welcome from Black Duck CEO Doug Levin, who possibly feels HP's involvement will help the market expand overall. "We can now officially welcome HP to our market," Levin wrote on his blog. "FOSSology is a nice tool for developers. It will result in software developers being better informed about their use of GPL. That makes it a very worthy tool."
Right now, the FOSSology project has modules for licence analysis, MIME type identification and for extracting metadata, according to the site.
The tool already generates detailed results, according to the site: "More than simply reporting, 'Package X uses license Y,' the FOSSology tool attempts to analyse every file within the package to determine its licence. The licence report is thus an aggregate of all of the different licences found to be in use by a package."
FOSSology's analyses aren't foolproof, however, a statement on the site concedes: "In general, the analysis results are very good guesses, but should not be considered authoritative. (Or to say it simply: we're not lawyers. The code tries its best, but leave the legal decisions up to your own attorneys)."
Over time, FOSSology is meant to be far more than an open-source licence tracker, according to the site. Future capabilities could address bug fixes and patches, security alerts and code reuse, as well as analysis of all types of software.
The effort has prompted praise from Michael Cote, an analyst with Redmonk. "It's free and open source, which is nice," Cote says. "So if the data is reliable and well-fed, it could be of help for people who don't want to work with Black Duck ... and others who have commercial ways to scan for open-source licences.
"The interesting thing will be to see how open the resulting data is and how much reporting people do with it," he says. "There's a sort of cloudy idea of how much open source is used in the enterprise, and having more accurate, free numbers would be great for the community, and more importantly, enterprises that want to get a feel for how widely used open source software is."
The availability of free open-source usage data "will help people make much better — and affordable — decisions about what open source to use and not use," Cote says.