Session
FOSDEM Schedule 2021
Software Composition

SCANOSS Update

Open source scanning designed for modern development (DevOps) environments
D.composition
Remco de Vries
<p>Software Composition Analysis (SCA) tools perform source-code analysis, comparison and identification of Open Source components. Sadly, none of the SCA vendors have embraced Open Source themselves, most of their tooling consists of proprietary code and their OSS Knowledge Bases are also closed.</p>

Software Composition Analysis (SCA) tools perform source-code analysis, comparison and identification of Open Source components. Sadly, none of the SCA vendors have embraced Open Source themselves, most of their tooling consists of proprietary code and their OSS Knowledge Bases are also closed.

Most SCA vendors target large organizations, are expensive, and generally not economically viable for smaller companies who might be a critical part of larger software distribution chains. Smaller companies for these reasons can’t get access to proper SCA tooling, and large organizations will have to carry the expense of auditing their suppliers.

Leading to a higher cost of OSS governance, no ability to compare results, exclusion of the OSS community behind a license-fee and a reliance on external auditing. With this proposal we aim to contribute a free, standardized and 100% open alternative.

Additional information

Type devroom

More sessions

2/7/21
Software Composition
Philippe Ombredanne
D.composition
<p>Welcome to the Software Composition Analysis Devroom</p>
2/7/21
Software Composition
Thomas Steenbergen
D.composition
<p>In this session we will provide an update on OSS Review Toolkit (ORT) - which features have been recently added and what they ORT team is currently working on.</p>
2/7/21
Software Composition
Philippe Ombredanne
D.composition
<p>This is a presentation of the latest features and updates in ScanCode toolkit.</p>
2/7/21
Software Composition
D.composition
<p>FOSSology focusses on license compliance analyses. Recently, a number of new features have been published by the community to integrate better with software composition analysis. The presentation shows an introduction of the main and relevant development here.</p>
2/7/21
Software Composition
Philippe Ombredanne
D.composition
<p>Container and VM images contain many packages and are quite a challenge for composition analysis.</p>
2/7/21
Software Composition
D.composition
<p>The very short time is some placeholder between presentation groups to have questions being asked and answered or just simple to have a break.</p>
2/7/21
Software Composition
Kate Stewart
D.composition
<p>What is a software bill of materials, and why is there all the interest about it? In this session, a quick overview of the minimum viable fields to represent an SBOM, and efforts to help with automation of them.</p>