Hewlett-Packard has launched the FOSSology Project, a tool for tracking and monitoring the use of free and open-source software within an IT environment.
The project stems from governance work done in-house at HP, according to the [website] set up for the project.
"We needed a tool that would quickly and accurately describe how a given open source project was licensed," a statement on the site reads. "Rather than simply collecting a project's advertised license (as given at their website or in their documentation), this tool needed to analyse all of the source code for a given project and intelligently report all of the licenses being used, based on the license declarations and tell-tale phrases that identify software licensing."
FOSSology is available under the terms of the GNU General Public License (GPL) version 2, and currently has support on most GNU/Linux platforms, according to the site.
It is not clear from the site how HP plans to make money through the initiative. A company spokeswoman declined comment and said Friday that more details will be announced this week.
Companies such as Black Duck Software are already in the FOSS-tracking business.
HP's entry brought a warm welcome from Black Duck CEO, Doug Levin. Levin may feel HP's involvement will help the market expand overall. "We can now officially welcome HP to our market," Levin [wrote on his blog]. "FOSSology is a nice tool for developers. It will result in software developers being better informed about their use of GPL. That makes it a very worthy tool."
Right now, the FOSSology project has modules for license analysis, MIME type identification and for extracting metadata, according to the site.
The site said the tool already generates detailed results: "More than simply reporting, 'Package X uses license Y,' the FOSSology tool attempts to analyse every file within the package to determine its license. The license report is thus an aggregate of all of the different licenses found to be in use by a package."
FOSSology's analyses aren't foolproof, however, a statement on the site concedes: "In general, the analysis results are very good guesses, but should not be considered authoritative. (Or to say it simply: we're not lawyers. The code tries its best, but leave the legal decisions up to your own attorneys.)"
Over time, FOSSology is meant to be far more than an open-source license tracker, according to the site. Future capabilities could address bug fixes and patches, security alerts and code reuse, as well as analysis of all types of software.
The effort prompted praise on Friday from Michael Cote, an analyst with Redmonk. "It's free and open source, which is nice," Cote said. "So if the data is reliable and well-fed, it could be of help for people who don't want to work with Black Duck ... and others who have commercial ways to scan for open-source licenses."
"The interesting thing will be to see how open the resulting data is and how much reporting people do with it," he added. "There's a sort of cloudy idea of how much open source is used in the enterprise, and having more accurate, free numbers would be great for the community, and more importantly, enterprises that want to get a feel for how widely used open source software is."
The availability of free open-source usage data "will help people make much better -- and affordable -- decisions about what open source to use and not use," Cote said.