You will talk about Fossology, and FOSS code auditing tool. Which needs does it fill?
FOSS code auditing tools, and more precisely the ones dedicated to license audits, are a cornerstone of FOSS governance.
FOSS production methods rely principally on the advantages of knowledge sharing. As new ideas produce new code, various developers, organizations and companies share this production by allowing others to use it. Indeed, the way these authorizations are granted differs depending on the licensing scheme chosen to manage them.
Troubles arise when developers focus on the technical benefits of a given code without taking into account the license which applies to this code. As many of licenses include various sets of rights and obligations that can lead to interoperability issues when creating derivatives or larger works. Various codes might be used, some of which might be ruled under licenses which are not compatible with each others. A license should be selected accordingly to an exploitation plan. This implies that the exploitation strategy drives the licensing choice of the finished product. Therefore, all the components of a final product need to use compatible licenses.
This issue of governance is therefore the main need which is filled by such tools.
Who are the typical users of this software?
As an ICT valorisation unit among a public research centre (CRP Henri Tudor, Luxembourg), we rely mostly on FOSSology for FOSS code audit. We believe, that although any users might benefit from using this software, some very strong technical and legal knowledge is needed for high level analysis.
What are the limits of the software?
There are multiples ways of creating derivative and larger works. Some licensing interoperability limitations can be bypassed with coding tricks, which implies an extra layer of complexity to create a simple interoperability matrix. This is one of the main limits of this software: it creates a list of the various licenses used, but it still needs a heavy human treatment to identify blocking issues based on the results.
The software is also of limited use in a situation where a developer removes, voluntarily or not, some or all of the licensing indications of a given code. In such a situation, FOSSology would not identify the issue.