Abstract: In today’s software development landscape, managing licenses across various projects is a complex task, especially with recent cybersecurity regulations necessitating accurate SBOM. This research addresses the problem of mapping arbitrary license strings to canonical identifiers, a crucial step for automated license compliance. Previous solutions, such as FOSSology and LDBcollector, have made strides in license identification but lack
integration and ease of use in code. This thesis introduces LicenseLynx, an open source tool designed to fill this gap by providing deterministic mappings of license strings to canonical identifiers. Utilizing data from SPDX, ScanCode LicenseDB, and OSI, the tool aims to enhance accuracy and reduce errors in automated license compliance
processes. The methodology involves data collection, validation, and the development of programming libraries and a web API for license mapping. Key findings include the successful integration of major data sources, resulting in over 8500 mappings for 2300 licenses. The implications of this thesis are significant for improving license
compliance and cybersecurity in software development, offering a robust solution for accurate license identification.
Keywords: None
PDF: Master Thesis
Reference: Leo Reinmann. LicenseLynx: Towards mapping licenses to canonical identifiers. Master Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2025.
Discover more from Professorship for Open-Source Software
Subscribe to get the latest posts sent to your email.