The primary function of COTSAQ is to identify the list of third party components in each version of each product. In the screenshot below for example, Apache 2.2.14 has been added as a distributed part to the product named Product_4 version V2.1. For each version of each component, a comprehensive record is stored, including license, name, web site, authors, local policy, comments, ECCN, etc.
From this data, COTSAQ can help you keep track of the active components (distributed in active products) or to search what products are using a given component, as shown below where the user is looking for products using any version of component spring.
COTSAQ provides other types of reporting, such as the comparison of the list of third party components in two versions of a given product. The screenshot below shows such a report, where Product_2 has switched from jre 1.6.0_27 in version V1.0 to jre 1.7.0_55 in version V2.0, and stopped distributing Felix although it remains a dependency. Most reports can be exported to a variety of document formats including PDF, DOC and XLS. The software package also provides support to import data such as lists of third party components from XLS files.
COTSAQ is a web application deployed on familiar frameworks using Linux or Windows with an Apache web server, a MySQL database (could be a variety of others) and written in PHP. While not Eclipse based, it aims at keeping its philosophy in term of architecture. It provides extension points for simplifying its customization using plug-ins and scripts. Typical extension points may include:
- Additional fields in all records.
- Document generators.
- Data extractors.
- Connectors to external tools.
- Notification technology.
- Others to be determined.
The server application is organized around the Model-View-Controller (MVC) paradigm and uses the PHP framework Laravel. Binaries, source code and any other artifacts like patches, documents, etc. of each component are usually stored on an autonomous repository (SMB, FTP, HTTP server) and are only referenced by COTSAQ using URLs.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
Member companies supporting this project over the last three months.