Metadata-Version: 2.4
Name: ossval
Version: 1.0.1
Summary: Open Source Software Valuation - Calculate development cost savings from OSS dependencies
Author-email: "Oscar Valenzuela B." <oscar.valenzuela.b@gmail.com>
License: Apache-2.0
Project-URL: Homepage, https://github.com/SemClone/ossval
Project-URL: Repository, https://github.com/SemClone/ossval
Project-URL: Documentation, https://github.com/SemClone/ossval#readme
Project-URL: Bug Tracker, https://github.com/SemClone/ossval/issues
Project-URL: Source Code, https://github.com/SemClone/ossval
Keywords: oss,sbom,valuation,cost,cocomo,dependencies
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: click>=8.1.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: httpx>=0.25.0
Requires-Dist: rich>=13.0.0
Requires-Dist: gitpython>=3.1.0
Requires-Dist: pygount>=1.6.0
Requires-Dist: radon>=6.0.0
Requires-Dist: diskcache>=5.6.0
Requires-Dist: tomli>=2.0.0; python_version < "3.11"
Requires-Dist: aiofiles>=23.0.0
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
Requires-Dist: ruff>=0.1.0; extra == "dev"
Requires-Dist: mypy>=1.0.0; extra == "dev"
Requires-Dist: types-toml; extra == "dev"
Requires-Dist: types-aiofiles; extra == "dev"
Dynamic: license-file

# OSSVAL - Open Source Software Valuation

[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Python](https://img.shields.io/badge/Python-3.10%2B-blue.svg)](https://www.python.org/downloads/)
[![PyPI version](https://badge.fury.io/py/ossval.svg)](https://badge.fury.io/py/ossval)

Calculate the development cost savings from using open source software by analyzing SBOMs or package lists. Provides comprehensive cost estimation using COCOMO II and SLOCCount models with regional salary data, project type detection, and comprehensive source code analysis.

## Features

* **Multi-Ecosystem Support**: PyPI, npm, Cargo, Maven, Go, RubyGems, and more
* **Cost Estimation Models**: COCOMO II and SLOCCount with configurable parameters
* **Regional Salary Data**: 18+ regions with accurate cost calculations
* **Project Type Detection**: Automatic classification with appropriate multipliers
* **Source Code Analysis**: SLOC counting, complexity analysis, and health metrics
* **Multiple Input Formats**: SBOMs (CycloneDX, SPDX) and lockfiles (requirements.txt, package.json, etc.)
* **Comprehensive Output**: Text, JSON, and CSV formats with detailed breakdowns

## Installation

```bash
pip install ossval
```

## Quick Start

```bash
# Analyze an SBOM file
ossval analyze sbom.json

# Specify region for salary calculations
ossval analyze sbom.json --region us_sf

# Output to JSON
ossval analyze sbom.json --format json --output results.json

# Quick estimate from SLOC
ossval estimate --sloc 50000 --region us_sf --type compiler
```

## Usage

### CLI Usage

```bash
# Analyze an SBOM or lockfile
ossval analyze pyproject.toml

# With specific region
ossval analyze package.json --region us_sf

# Output formats
ossval analyze sbom.json --format json --output results.json

# Skip repository cloning (faster, but no SLOC analysis)
ossval analyze sbom.json --no-clone

# List supported formats and configurations
ossval formats list              # Show all supported input formats
ossval formats project-types     # Show project types with cost multipliers
ossval formats methodologies     # Show available cost estimation models

# Cache management
ossval cache clear
ossval cache info
```


## Examples

### Analyze Python Project

```bash
ossval analyze pyproject.toml --region global_average
```

### Analyze npm Project

```bash
ossval analyze package-lock.json --format json --output npm-analysis.json
```

### Compare Regions

```bash
ossval analyze sbom.json --region us_sf > us_sf_results.txt
ossval analyze sbom.json --region global_average > global_results.txt
```

### Quick Cost Estimate

```bash
ossval estimate --sloc 100000 --region us_sf --type framework
# Output:
# Estimated cost: $16,754,251
#   Range: $11,727,975 - $25,131,376
#   Effort: 22.1 person-years
#   Methodology: COCOMO II
```

## Integration with SEMCL.ONE

OSSVAL is a core component of the SEMCL.ONE ecosystem, enabling comprehensive OSS valuation and cost analysis:

* Works with **purl2src** for repository URL discovery from Package URLs
* Integrates with **purl2notices** for complete legal compliance workflows
* Supports **SBOM** analysis from CycloneDX and SPDX formats
* Complements **osslili** for license analysis and compliance checking

## Methodology

### Cost Estimation Models

#### COCOMO II (Primary)
The most sophisticated model, based on Barry Boehm's COCOMO II:
- **Effort Formula**: `Effort = a × (KSLOC)^b × EAF × Complexity × Project_Type`
- **Cost Formula**: `Cost = Effort × Monthly_Salary × Region_Multiplier`
- **Default Parameters**: a=2.94, b=1.0997, EAF=1.0
- **Confidence Range**: 70%-150% of estimate
- **Accounts for**: Project type, complexity, team experience

#### SLOCCount (Alternative)
Simpler model based on David Wheeler's SLOCCount:
- **Effort Formula**: `Effort = a × (KSLOC)^b`
- **Default Parameters**: a=2.4, b=1.05
- **Faster but less sophisticated**
- **Lower confidence scores**

### Project Types and Multipliers

OSSVAL automatically detects project types and applies appropriate cost multipliers:

| Project Type | Salary Multiplier | Effort Multiplier | Examples |
|--------------|-------------------|-------------------|----------|
| Cryptography | 1.60x | 1.26x | openssl, libsodium, bcrypt |
| Operating System | 1.50x | 1.22x | kernel, drivers, firmware |
| Compiler | 1.50x | 1.22x | gcc, llvm, babel, typescript |
| Database | 1.40x | 1.18x | postgres, mysql, redis, mongo |
| Machine Learning | 1.40x | 1.18x | tensorflow, pytorch, sklearn |
| Graphics | 1.30x | 1.14x | opengl, vulkan, game engines |
| Embedded | 1.25x | 1.12x | firmware, rtos, iot, arduino |
| Networking | 1.20x | 1.10x | http, grpc, websocket, proxy |
| Scientific | 1.20x | 1.10x | scipy, numpy, pandas, matplotlib |
| Framework | 1.15x | 1.07x | react, django, rails, spring |
| DevTools | 1.10x | 1.05x | linters, formatters, bundlers |
| Library | 1.00x | 1.00x | (baseline) |
| Script | 0.70x | 0.84x | utilities, helpers, cli tools |

### Complexity Levels

Code complexity affects cost estimates:
- **Trivial**: 0.7x multiplier
- **Simple**: 0.9x multiplier
- **Moderate**: 1.0x multiplier (baseline)
- **Complex**: 1.3x multiplier
- **Very Complex**: 1.7x multiplier

---

## Contributing

We welcome contributions! Please see the repository for details on:

* Development setup
* Submitting pull requests
* Reporting issues

## Support

For support and questions:

- [GitHub Issues](https://github.com/SemClone/ossval/issues) - Bug reports and feature requests
- [SEMCL.ONE Community](https://semcl.one) - Ecosystem support and discussions

## License

Apache License 2.0 - see [LICENSE](LICENSE) file for details.

---

_Part of the SEMCL.ONE ecosystem for comprehensive OSS compliance and code analysis._
