Session
FOSDEM Schedule 2021
Software Composition

Eclipse SW360

Web application for managing software Bill-Of-Material
D.composition
Smruti Prakash Sahoo
SW360 is a Web application for managing the software bill-of-material ("SBOM") of software projects and products. It is an Eclipse project licensed under the EPL-2.0 and thus available for everybody as Open Source Software. The application has a Web UI and REST endpoints for entering or importing the SBOM from dependency or package management systems. In addition, the import of SBOM files using the SPDX spec is supported. Based on the imported SBOM or a software project, a number of functionality is possible, ref to management of vulnerabilities, license and trade compliance or statistics about component usage. The submitted talk introduces and presents SW360.
SW360 is an open source software project licensed under the EPL-2.0 that provides both a web application and a REST API to collect, organize and make available information about software components. It establishes a central hub for software components in an organization. SW360 allows for tracking components used by a project/product, assessing security vulnerabilities, maintaining license obligations, enforcing policies, and maintain statistics. For example, SW360 can trigger a license scan process in the open source compliance tool FOSSology and import the resulting clearing reporting. Data is either stored in SW360’s database or on the fly imported from external sources. In future we plan to have federations of SW360 instances that share selected information. Besides its web-based UI, all functionality of SW360 is available through an API that allows an integration into existing devops tools.

Additional information

Type devroom

More sessions

2/7/21
Software Composition
Philippe Ombredanne
D.composition
Welcome to the Software Composition Analysis Devroom
2/7/21
Software Composition
Thomas Steenbergen
D.composition
In this session we will provide an update on OSS Review Toolkit (ORT) - which features have been recently added and what they ORT team is currently working on.
2/7/21
Software Composition
Philippe Ombredanne
D.composition
This is a presentation of the latest features and updates in ScanCode toolkit.
2/7/21
Software Composition
D.composition
FOSSology focusses on license compliance analyses. Recently, a number of new features have been published by the community to integrate better with software composition analysis. The presentation shows an introduction of the main and relevant development here.
2/7/21
Software Composition
Alan Facey
D.composition
Software Composition Analysis (SCA) tools perform source-code analysis, comparison and identification of Open Source components. Sadly, none of the SCA vendors have embraced Open Source themselves, most of their tooling consists of proprietary code and their OSS Knowledge Bases are also closed.
2/7/21
Software Composition
Philippe Ombredanne
D.composition
Container and VM images contain many packages and are quite a challenge for composition analysis.
2/7/21
Software Composition
D.composition
The very short time is some placeholder between presentation groups to have questions being asked and answered or just simple to have a break.