US 12,282,766 B2
Software composition analysis on target source code
Jon Aldama, Malmö (SE); and Daniel Åkerud, Staffanstorp (SE)
Assigned to Snyk Sweded AB, Stockholm (SE)
Appl. No. 18/282,486
Filed by Snyk Sweden AB, Stockholm (SE)
PCT Filed Mar. 18, 2022, PCT No. PCT/EP2022/057228
§ 371(c)(1), (2) Date Sep. 15, 2023,
PCT Pub. No. WO2022/195103, PCT Pub. Date Sep. 22, 2022.
Application 18/282,486 is a continuation of application No. 17/207,238, filed on Mar. 19, 2021, abandoned.
Prior Publication US 2024/0134636 A1, Apr. 25, 2024
Prior Publication US 2024/0231808 A9, Jul. 11, 2024
Int. Cl. G06F 8/71 (2018.01); G06F 8/51 (2018.01); G06F 21/57 (2013.01)
CPC G06F 8/71 (2013.01) [G06F 8/51 (2013.01); G06F 21/577 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A computer-implemented method for performing software composition analysis of a target source code for a computer program or a part thereof to determine an origin associated with the target source code, the method involving:
performing a first exploration process, comprising:
searching a plurality of first software archives to find first occurrences of the target source code among source code files in the plurality of first software archives, wherein the plurality of first software archives are open source code archives originating from different sources in a global computer network, and
for every found first occurrence of the target source code, collecting a first set of key information about matching source code files or snippets therein; performing a second exploration process, comprising:
searching a plurality of second software archives originating from one or more sources in the global computer network, the plurality of second software archives being (i) different from the plurality of first software archives and (ii) Internet-based community-driven platform archives, to find second occurrences of the target source code among source code snippets in the second software archives, and
for every found second occurrence of the target source code, collecting a second set of key information about matching source code snippets;
mapping each matching source code snippet among the matching source code snippets as collected in the second set of key information to the matching source code files or snippets therein as collected in the first set of key information, wherein the mapping indicates whether an earlier version of said each matching source code snippet exists in the first set of key information; and
based on the mapped first set of key information and second set of key information, determining a software composition of the target source code, where the determined software composition indicates the origin associated with the target source code.