XMonkey Curator - Automated DESCAM tooling
==========================================
Summary
-------
XMonkey Curator is a tool that performs DESCAM (Decompose, Enumerate,
Scanning, Catalog, Analysis, Merge) review to software for Open Source
License Compliance.
The tool can extract (DECOMPOSE) archive files like Jar, ZIP, Tarballs,
RPM, Debian, etc., to recursively obtain the list of assets (Enumerate)
contained.
XMonkey Curator also performs a basic review (Scanning) of the assets to
extract information as “features” for OSLC assessments. Scan types
supported:
Alpha Version:
* Literal Strings
* Symbols Matching using predefined signatures.
* License detection (using OSLiLi)
* Regex Patterns
Beta Version:
* FuzzyHashing (using LSH or SSDeep)
* Generate OSS Notices
* Improve external rules for automatic classification
The results of the review can be automatically processed (Catalog) using predefined rules and workflows (Analysis).
Current support: ELF, Mach-OS, Objective-C, Python, PHP, Java, Ruby, Rust, Perl, C++
Usage
-----
::
$ pip install xmonkey-curator
$ xmonkey-curator scan --help
Usage: xmonkey-curator scan [OPTIONS] PATH
Scan target files using selected options
Options:
-t, --force-text Force using StringExtract for all files.
-u, --unpack Unpack archives files.
-s, --export-symbols Include words in the final report.
-m, --match-symbols Match symbols against signatures.
-r, --rule TEXT Add optional rules to execute.
-n, --notes TEXT Add optional notes to the report.
-o, --output TEXT Export results to filename with specific name.
-l, --licenses Identify SPDX licenses.
-p, --print-report Print the report to screen.
--help Show this message and exit.
Scanning to identify files
~~~~~~~~~~~~~~~~~~~~~~~~~~
In order to perform a full scan, you must select the option “unpack”
that will export the content of any archive file.
::
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json
Scanning to export symbols and match with signatures
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Using the option “match”, will attempt to identify packages by matching
symbols with signatures.
::
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -m -p
Generating signatures
~~~~~~~~~~~~~~~~~~~~~
You can create signatures by performing scans to source code and binary
of a package, looking for signifcative symbols.
Then you can use the included script to check what symbols from the
source code has survived the compilation.
::
$ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json
$ xmonkey-curator scan ffmpeg-4.4.1-linux-64.zip -u -s -o ffmpeg-binary.json
$ ./scripts/signature_generator.py ffmpeg-source.json ffmpeg-binary.json
Raw data
{
"_id": null,
"home_page": "https://github.com/Xpertians/xmonkey-curator",
"name": "xmonkey-curator",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "Oscar Valenzuela",
"author_email": "oscar.valenzuela.b@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/7c/ee/7c08347c0aea67df656d27779483bd9adc5f46a19f54d88ae07d7b08b842/xmonkey_curator-0.1.18.tar.gz",
"platform": null,
"description": "XMonkey Curator - Automated DESCAM tooling\n==========================================\n\nSummary\n-------\n\nXMonkey Curator is a tool that performs DESCAM (Decompose, Enumerate,\nScanning, Catalog, Analysis, Merge) review to software for Open Source\nLicense Compliance.\n\nThe tool can extract (DECOMPOSE) archive files like Jar, ZIP, Tarballs,\nRPM, Debian, etc., to recursively obtain the list of assets (Enumerate)\ncontained.\n\nXMonkey Curator also performs a basic review (Scanning) of the assets to\nextract information as \u201cfeatures\u201d for OSLC assessments. Scan types\nsupported: \n\nAlpha Version:\n* Literal Strings\n* Symbols Matching using predefined signatures.\n* License detection (using OSLiLi)\n* Regex Patterns\n\nBeta Version:\n* FuzzyHashing (using LSH or SSDeep)\n* Generate OSS Notices\n* Improve external rules for automatic classification\n\nThe results of the review can be automatically processed (Catalog) using predefined rules and workflows (Analysis).\n\nCurrent support: ELF, Mach-OS, Objective-C, Python, PHP, Java, Ruby, Rust, Perl, C++\n\nUsage\n-----\n\n::\n\n $ pip install xmonkey-curator\n $ xmonkey-curator scan --help\n Usage: xmonkey-curator scan [OPTIONS] PATH\n\n Scan target files using selected options\n\n Options:\n -t, --force-text Force using StringExtract for all files.\n -u, --unpack Unpack archives files.\n -s, --export-symbols Include words in the final report.\n -m, --match-symbols Match symbols against signatures.\n -r, --rule TEXT Add optional rules to execute.\n -n, --notes TEXT Add optional notes to the report.\n -o, --output TEXT Export results to filename with specific name.\n -l, --licenses Identify SPDX licenses.\n -p, --print-report Print the report to screen.\n --help Show this message and exit.\n\nScanning to identify files\n~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nIn order to perform a full scan, you must select the option \u201cunpack\u201d\nthat will export the content of any archive file.\n\n::\n\n $ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json\n\nScanning to export symbols and match with signatures\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nUsing the option \u201cmatch\u201d, will attempt to identify packages by matching\nsymbols with signatures.\n\n::\n\n $ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -m -p\n\nGenerating signatures\n~~~~~~~~~~~~~~~~~~~~~\n\nYou can create signatures by performing scans to source code and binary\nof a package, looking for signifcative symbols.\n\nThen you can use the included script to check what symbols from the\nsource code has survived the compilation.\n\n::\n\n $ xmonkey-curator scan ffmpeg-6.0.tar.xz -u -s -o ffmpeg-source.json\n $ xmonkey-curator scan ffmpeg-4.4.1-linux-64.zip -u -s -o ffmpeg-binary.json\n $ ./scripts/signature_generator.py ffmpeg-source.json ffmpeg-binary.json\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "Automated OSS curation scanner",
"version": "0.1.18",
"project_urls": {
"Homepage": "https://github.com/Xpertians/xmonkey-curator"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6bd8a2503a60deec651c41a4982ad4e1bce54d515adfb316c10d773ea1dba83d",
"md5": "96621fe80842a4cafbdf98dd12394a00",
"sha256": "89d7d735894dd789516a121019de50f6e3e604188683cec9d793d9fdebecd48f"
},
"downloads": -1,
"filename": "xmonkey_curator-0.1.18-py3-none-any.whl",
"has_sig": false,
"md5_digest": "96621fe80842a4cafbdf98dd12394a00",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 70997,
"upload_time": "2024-06-30T19:35:37",
"upload_time_iso_8601": "2024-06-30T19:35:37.827909Z",
"url": "https://files.pythonhosted.org/packages/6b/d8/a2503a60deec651c41a4982ad4e1bce54d515adfb316c10d773ea1dba83d/xmonkey_curator-0.1.18-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7cee7c08347c0aea67df656d27779483bd9adc5f46a19f54d88ae07d7b08b842",
"md5": "156b494c0a41ea34f36c80cac54c9398",
"sha256": "ee4f778bf3e7ff2861f76a529a54a134af08928bdff290cd88bc1c94f0194dfc"
},
"downloads": -1,
"filename": "xmonkey_curator-0.1.18.tar.gz",
"has_sig": false,
"md5_digest": "156b494c0a41ea34f36c80cac54c9398",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 59617,
"upload_time": "2024-06-30T19:35:39",
"upload_time_iso_8601": "2024-06-30T19:35:39.357753Z",
"url": "https://files.pythonhosted.org/packages/7c/ee/7c08347c0aea67df656d27779483bd9adc5f46a19f54d88ae07d7b08b842/xmonkey_curator-0.1.18.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-30 19:35:39",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "Xpertians",
"github_project": "xmonkey-curator",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "xmonkey-curator"
}
JSON
