Investigate means to leverage ORT for export control checks (ECC)

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.

https://oss-review-toolkit.org

Apache License 2.0

1.57k stars 308 forks source link

Investigate means to leverage ORT for export control checks (ECC) #2879

Closed sschuberth closed 4 months ago

sschuberth commented 4 years ago

Usage of cryptography might be liable to export control checks. Maybe ORT (or more specifically, its Analyzer) could be leveraged to semi-automate those checks on dependencies with the help of a tool like CogniCrypt that is able to detect the use of cryptographic APIs (at least in some programming languages).

sschuberth commented 4 years ago

Another tool that might come into use here is https://github.com/Microsoft/ApplicationInspector.

Edit: Also from MS is https://github.com/microsoft/OSSGadget/wiki/OSS-Detect-Cryptography.

sschuberth commented 6 months ago

Also see @tsteenbe's comment from here, and https://www.openchainproject.org/news/2024/03/12/webinar-scanoss-export-control.

sschuberth commented 4 months ago

Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.