오픈소스 버전 및 라이선스 탐지 도구에 관한 연구

Software is expensive, labor-intensive, and time-consuming to develop. To solve this problem, many organizations turn to publiclyavailable open source, but they often do so without knowing exactly what they're getting into. Older versions of open source have varioussecurity vulnerabilities, and even when newer versions are released, many users are still using them, exposing themselves to security threats. Additionally, compliance with licenses is essential when using open source, but many users overlook this, leading to copyright issues. To solve this problem, you need a tool that analyzes open source versions, vulnerabilities, and license information. Traditional Blackduckprovide a wealth of open source information when you request the source code, but it's a heavy lift to build the environment. In addition,Fossology extracts the licenses of open source, but does not provide detailed information such as versions because it does not haveits own database. To solve these problems, this paper proposes a version and license detection tool that identifies the open source ofa user's source code by measuring the source code similarity, and then detects the version and license. The proposed method improvesthe accuracy of similarity over existing source code similarity measurement programs such as MOSS, and provides users with informationabout licenses, versions, and vulnerabilities by analyzing each file in the corresponding open source in a web-based lightweight platformenvironment. This solves capacity issues such as BlackDuck and the lack of open source details such as Fossology.