Open Source License Violation Check for SPDX Files

  • Georgia M. Kapitsaki
  • Frederik Kramer
Conference paper

DOI: 10.1007/978-3-319-14130-5_7

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8919)
Cite this paper as:
Kapitsaki G.M., Kramer F. (2014) Open Source License Violation Check for SPDX Files. In: Schaefer I., Stamelos I. (eds) Software Reuse for Dynamic Systems in the Cloud and Beyond. ICSR 2015. Lecture Notes in Computer Science, vol 8919. Springer, Cham


The Open Source Software development model has gained a lot of momentum in the latest years providing organizations and software engineers with a variety of software, components and libraries that can be exploited in the construction of larger application systems. Open Source Software is accompanied by licenses that state the conditions under which the intellectual property can be used. Since not all licenses are governed by the same conditions of use, the correct combination of licenses is vital, when different libraries are exploited in newly developed application systems. If this is not adequately handled, license violations might be a consequence of incompatibilities. In this paper we present our work on license violation checking in the framework of Software Package Data Exchange (SPDX). Starting from the modelling of license compatibilities our approach examines potential violations in software package information formatted using the SPDX specification. At the same time alternative solutions in the form of applicable licenses for the software package are proposed. This approach can be a valuable asset for Open Source practitioners in the license decision process assisting in detecting possible violations and in making suggestions on license use.


Free Open Source Software Licensing License compatibility Software Package Data Exchange 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Georgia M. Kapitsaki
    • 1
  • Frederik Kramer
    • 2
  1. 1.Department of Computer ScienceUniversity of CyprusNicosiaCyprus
  2. 2.Otto von Guericke UniversityMagdeburgGermany

Personalised recommendations