OpossumUI is a tool to
- explore open-source software components used in applications
- review open-source licenses contained in codebases
- generate reports from an open-source code scan
- combine findings from multiple scanners (open-source and/or proprietary)
- integration with OSS Review Toolkit, ScanCode and others
- unified interface for browsing scanner evidence
- simple navigation through the codebase's file tree
- create attributions for individual files or groups
- Performing audits for open-source license compliance to detect license conflicts, false positives, or incorrect attributions that need to be remediated
- Producing legal docs such as bills of materials (SBOM)
- During merger and acquisition activities, performing blind audits of intellectual property where only compliance-relevant metadata is exposed in the app without the need to ever share the source code
OpossumUI can be used with reports generated by different analysis tools and also supports exporting review results in various different formats.
OpossumUI works on files with the .opossum file extension. These files contain license compliance data of a project which can be visualized and edited through OpossumUI.
For details of the file format, see file formats.
The following additional file types can be directly imported from inside OpossumUI:
- ScanCode JSON files (
.json) - more to come
Result files (yaml/json) from the OSS Review Toolkit can be converted into opossum files via a reporter and then imported as described above. The implementation of this reporter can be found in the official OSS Review Toolkit repository.
Check out our short getting started video:
Download the latest release for your OS from GitHub.
Run the executable OpossumUI-for-linux.AppImage.
Note that for ubuntu versions 22.04+ you will run into a sandboxing issue with app images (see this electron github issue for details). This can be circumvented by opening the application with the --no-sandbox flag:
./OpossumUI-for-linux.AppImage --no-sandboxInstall the snap file locally using
snap install ./OpossumUI-for-linux.snap --dangerousOpen OpossumUI via the start menu of your distribution (should be in the development category) or by running
opossum-uifrom the command line
Run OpossumUI in OpossumUI-for-mac.zip.
Run OpossumUI-for-win.exe to install the OpossumUI. Then open OpossumUI from the start menu.
Check out our short video, which presents a basic workflow.
For an in-depth explanation, please read the User Guide.
In addition to the default output file, OpossumUI provides the following export options.
An SPDX document can be exported in the json and the yaml format through the Export ⟶ SPDX (yaml) and SPDX (json) option in the File menu.
These can be exported through the Export ⟶ Compact / Detailed component list option in the File menu. Both component list files contain a list of all attributions that are present in the project, including package name, version, copyright, license name and URL. In addition, the detailed component list is more comprehensive and includes the PURL and its subcomponents, as well as the license texts.
This can be exported through the Export ⟶ Follow-Up option in the File menu. Similar to the component list, it contains attributions with licenses flagged for legal review through the Follow-Up checkbox in the UI.
SPDX License Expressions are only partially supported at the moment. Currently, a license expression can only be entered as license name of a package. The full license text of the different licenses (e.g. GPL-2.0-only OR BSD-2-Clause) that apply should also be entered in the license text field.
Contributions to the project are welcome. See Contributing.
OpossumUI is licensed under Apache-2.0, documentation is licensed under CC0-1.0. For contributions, we use the Developer Certificate of Origin (DCO) process via sign-offs in every commit, to help ensure licensing criteria are met.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=64&v=4){kind=small}
