Closed sschuberth closed 4 months ago
Another tool that might come into use here is https://github.com/Microsoft/ApplicationInspector.
Edit: Also from MS is https://github.com/microsoft/OSSGadget/wiki/OSS-Detect-Cryptography.
Also see @tsteenbe's comment from here, and https://www.openchainproject.org/news/2024/03/12/webinar-scanoss-export-control.
Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this.
Usage of cryptography might be liable to export control checks. Maybe ORT (or more specifically, its Analyzer) could be leveraged to semi-automate those checks on dependencies with the help of a tool like CogniCrypt that is able to detect the use of cryptographic APIs (at least in some programming languages).