Comment Re:How did they miss that? (Score 2, Informative) 364
The main tool out there to do that is from Black Duck, and it's an unmitigated piece of trash that is designed for the sole purpose of scamming stupid CTOs and CEOs.
Their piece of crap database isn't even audited, so it attributes tons of code to people who stole it themselves and lists it under the wrong license. Then, if that wasn't enough, it produces so many false positives that anybody tasked with running it sets it up just enough to appease their incompetent boss while routing the results directly to