Binary Analysis

Source code and Dependency analysis makes it difficult to check Open Source for software in the binary form. In order to compensate for this, we are checking the Open Source License through the following Binary Analysis process.

How to analysis Binary

1. Run Binary Scanner

FOSSLight Binary Scanner is a tool that finds binary files and extracts the binary file list, and automatically outputs open source information if there is open source information of the detected binary in the database.

When running FOSSLight Binary Scanner in the directory where the production build output is located, the binary lists are extracted and, fosslight_binary_[datetime].txt and OSS report with open source information for each binary is generated.

Install and run it according to the FOSSLight Binary Scanner guide.

2. Supplement Open Source and License information

Since FOSSLight Binary Scanner is not a way to analyze binaries itself, the more database information you have, the more OSS information can be automatically filled.

Therefore, if OSS information is not automatically filled with binaries not yet stored in the database, it It is necessary to supplement an OSS report by referring to the following.

  • A binary that open source is used, but OSS information is not automatically filled

    • Fill in the open source name, version, license with open source information contained in each binary.

    • alt text (Tip) When analyzing binary, how to check Open Source License

      1. Check the result of Source Code Analysis of the corresponding binary.

      2. In the case of a binary received from 3rd parties, check the open source used through the 3rd party open source list obtained from the 3rd Party.

      3. If it is a binary downloaded from a specific website, check the license specified on the website.

        ※ Reference: For Linux models, you can refer to a site that provides a package search function.

  • A binary that does not use Open Source at all

    • Fill in "-" in the OSS Name field and select "LGE Proprietary License" for the License ("Other Proprietary License" for the file obtained from the 3rd Party).