In this Whitepaper:
We’re really excited to release the first 100% Open OSS Knowledge Base to the Open Source Community.
Most Open Source projects continuously release new versions or updates for their project. Each individual version becomes a unique “component”. Open Source components are usually composed of a series of different files, and each file is then composed of a series of code snippets.
There are millions of OSS-components available today, and getting all that information in a single & up to date database is challenging. Moreover, storing all source code in a single repository will most likely cause conflicts with their respective license conditions.
We named this Knowledge Base “OSSKB”, which stands for Open Source Software Knowledge Base. In order to satisfy the OSSKB’s requirements of such a vast amount of data, while delivering the fastest possible response times, we were forced to develop a specific database engine. This engine is called LDB and we released it as Open Source.
The OSSKB does not store source code, but instead source code metadata, which is linked to its cryptographic hashes (unique identifiers).
“The viability and security of open-source packages are cited as top concerns by most of the respondents to a 2020 Gartner survey: Market Guide for Software Composition Analysis”