Open source development shops looking to tighten up license and copyright compliance in commercial deployment environments now have a new free source code scanner option in the form of JNinka from White Source.
Based on the Ninka algorithm and offered under the AGPL license, JNinka exists as a means of tracking open source components throughout software development lifecycles that may harbor open source code hidden within a team's own proprietary code.
NOTE: Ninka is a lightweight license identification tool for source code. It is sentence-based and provides a simple way to identify open source licenses in a source code file. It is capable of identifying several dozen different licenses (and their variations).
Scans are run locally for security reasons and the results can be imported into the company's own cloud-based open source lifecycle management service, to be managed alongside other open source components. Its makers say that the JNinka scanner is ideal for searching for open source code components that were cut and pasted into proprietary code, but were "inadvertently not reported" in the longer term.
White Source explains that since JNinka is based on common texts, the scanner does not require access to a huge up-to-date database, so hence it can be run offline very quickly in private. The scanner produces XML-based output that can optionally be consumed by White Source's open source lifecycle management service.
"Some licenses permit copying source code text, but require notification and proper management. The JNinka tool reveals these open source licenses," said White Source CEO Rami Sass. "The JNinka scanner represents another step in White Source's mission to help software developers manage their usage of Open Source".
