Dalarna University's logo and link to the university's website

du.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Handling Third-Party Component Licenses:A Case Study in a Swedish Company: How well do existing license management tools detect potentially unsafe third-party component licenses?
Dalarna University, School of Information and Engineering, Informatics.
Dalarna University, School of Information and Engineering, Informatics.
2023 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Modern software development relies heavily on third-party components, which are pre-built software modules developed by other organisations and can be either open-source or commercial. These components serve as building blocks for developers to create complex applications more efficiently. What many do not know or realise is that all these third-party components come with licenses that might restrict the software, and it can become a challenge for companies that develop software to manage all the licenses that come with the used third-party components.This thesis investigates three third-party component license management tools: OWASP Dependency-Check, Snyk, and Debricked. The research question was:“How well can the three chosen third-party component license management tools, OWASP Dependency-Check, Snyk and Debricked detect potentially unsafe licenses within software projects?” To answer this question, controlled experiments were conducted to compare the functionality of these tools in two different projects: one advanced project, and one simple project. A comprehensive literature review was conducted to identify the lack of previous research, this provided a theoretical background for the study. The results of the controlled experiments proved that the three chosen tools can help developers in different ways as they satisfy different needs. For users looking to manage their dependencies, OWASP Dependency-Checkis a preferable option. Debricked has demonstrated its ability to detect potentially unsafe licenses in software projects and offers identification of license families. This feature can be valuable to developers as it simplifies the comprehension of the project’s licenses. Snyk, on the other hand, provided warnings about risks associated with licenses. While Debricked out-performed Snyk in license detection, Snyk still proved to be useful in identifying potentially unsafe licenses in software projects, specifically in this case. The findings of this thesis can benefit software developers, project managers, and organisations that rely on third-party components for their software development. The results of this study may be used to guide the selection and use of third-party components and the appropriate license management tools. Overall, this thesis adds to the body of knowledge on managing third-party component licenses and offers practical insights for methods of software development practices.

Place, publisher, year, edition, pages
2023.
Keywords [en]
Third-party components, software licenses, component analysis tools
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:du-46360OAI: oai:DiVA.org:du-46360DiVA, id: diva2:1779085
Subject / course
Informatics
Available from: 2023-07-03 Created: 2023-07-03

Open Access in DiVA

fulltext(764 kB)191 downloads
File information
File name FULLTEXT01.pdfFile size 764 kBChecksum SHA-512
66a06f3389bc0733c4ac7009dcb0d14398099e4a527626e0ca7a48d3b8136ad6ae2c7f14e39af13f792326a94eac8e6f535f03ccaba86bd142c7458870c670f2
Type fulltextMimetype application/pdf

By organisation
Informatics
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 191 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 385 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • chicago-author-date
  • chicago-note-bibliography
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf