If you're playing Final Fantasy 16 or have finished playing it, have you noticed its license file in the settings? What if you can reproduce the notice file automatically? Here's how I did it by using FOSSA, which is an open source management product that can actually generate copyright notices files and SBOMs.
How did I start
I scraped the list of open source packages by hand:
As mentioned, I used FOSSA, which is a SCA scanning tool that can basically scan for open source dependencies for compliance and security. FOSSA has a way to map open source packages to a custom dependencies file called fossa-deps, which can either be a yaml or json. In a fossa-deps file, dependencies can be specified as a referenced-dependency, among other formats. Since these open source packages were scraped and not necessarily parsed by FOSSA's strategies, I've setup a fossa-deps.json to map these out! This is what it looks like:
{
"referenced-dependencies": [
{
"type": "git",
"name": "https://github.com/ben-strasser/fast-cpp-csv-parser"
},
{
"type": "git",
"name": "https://github.com/google/flatbuffers"
},
{
"type": "git",
"name": "https://github.com/harfbuzz/harfbuzz"
},
{
"type": "git",
"name": "https://github.com/microsoft/Directxtex"
},
{
"type": "git",
"name": "https://github.com/khronosgroup/vulkan-headers"
},
{
"type": "git",
"name": "https://github.com/libigl/eigen"
}
]
}
How to run a FOSSA scan
To run a FOSSA scan, you'll need to sign up for a free acount and generate an access token via your account settings. From there, I followed these steps:
- Export FOSSA access token in shell environment.
-
cdto root of project, wherefossa-deps.jsonshould be. - Run
fossa analyze. - Wait for a FOSSA report link to appear in the output.
- Access the report link and review the results.
This is what the dependencies list looks like in FOSSA. Do note that vulnerability results come with a premium subscription to FOSSA.
Generating a FOSSA attribution report
In order to generate a FOSSA attribution report, click on the Reports tab and pick your export format. Here's what that would look like in the UI:
You can actually customise the information in the report. If the report looks good to you (after any customisations), you can generate a report by clicking on the Download Report button.
Here's a live compliance report that can be generated from the Summary tab:
https://app.fossa.com/reports/cf26a84d-fd9a-41ed-8f7f-1728a97b92e3
Thoughts
This was a pretty cool side project to do, where the OSS License file can be regenerated by using FOSSA. The FOSSA report actually has some similarities to Square Enix's version (obivously!), but there are some discovered licenses that are interesting to look into, provided that FOSSA did a thorough license detection on the supplied packages. The GitHub repository linked below displays the exact reproduction steps in a playful way, for those that want a fun way to delve into the FFXVI world again while we wait for paid DLCs and extra content from Square Enix's Creative Business Unit III!
Feel free to comment below on any questions/feedback!
Reference
Here's the GitHub repository where you can try it out yourself!
Top comments (0)