Tool Support for Open Source Software License Compliance: The First Two Decades of the Millennium

Abstract

Open source software reuse enables developers to leverage past accomplishments while facilitating improvements in software productivity and quality. However, licenses of the reused software need to be considered to be compliant with the license terms, thus mitigating intellectual property right risks related to such reuse. Identifying under which license(s) an open source software is provided and understanding the terms of these licenses is not trivial, especially when dealing with substantial reuse, which is common in modern software development. As reused software is often large, automated license analysis is needed to address these issues and to support users in the license compliant reuse of open source software. This study aims to provide a comprehensive view on the automated features and methods that assist in open source license compliance. It describes the automated tools and methods of license compliance, here spanning two decades of research. The empirical study consists of two cycles: In the design cycle, we identifed the critical user needs for automated license compliance, such as the license identifcation of source fles and license compatibility analysis, and created a novel approach ASLA (Automated Software License Analyzer) that supports these needs. In the review cycle, which consisted of a systematic literature review, we describe how automated license compliance software has evolved since the introduction of ASLA. We identifed new user needs from the included literature, such as an identifcation of the origin of the OSS and needs related to comprehension of OSS licenses. Also, we list the features that were introduced after the design cycle. As a conclusion, there is a clear need for automated OSS license compliance tools since the amount and reuse of OSS has increased signifcantly over the past 10 years. Based on the information of these two cycles, we merged and listed a set of user needs, which are composed of 16 individual needs. It became evident that no tool is available that would support all of these needs. Whereas license identifcation and compatibility analysis are felds that have the most mature solutions in the license compliance process, future research is needed to improve features related to copyright extraction and the integration of existing features as part of development process. Keywords: Open source software, License compliance, Compliance analysis, Tool support