OpenChain

Automating OpenChain with an open source CI pipeline

From code selection through container images to distribution
D.openchain
James Curtis
In this talk, James Curtis, lead developer at OpusVL, will explain the complex compliance challenge faced when working on a variety of projects for different customers, each having overlapping and separate areas of Open Source code. He will explain the approach taken to automating the process by connecting up the software release pipeline through Continuous Integration (CI) tooling to deliver OpenChain compliance reporting. This will cover the path from developer and version control through testing and finally to the hosted container image. The tools and processes will be shared as well as the current state - this is a new subject area so it is constantly being developed, and all based on freely available Open Source components. The development of this process was funded by Innovate UK through the (DITO project (https://dito.tech).

Additional information

Type devroom

More sessions

2/6/21
OpenChain
Jan Thielscher
D.openchain
A short overview of the OpenChain project, its purpose, goals and the current state
2/6/21
OpenChain
Carlo Piana
D.openchain
OpenHarmony is a new operating system stewarded by Huawei's Open Source Technology Center, with Array as advisor. Having prioritized compliance, governance and transparency, OpenChain was the natural backdrop for it. Rather than embracing open source only to exploit it, having transparency and compliance as a last minute afterthought, OSTC has made them central pillars from the very beginning. We seek the opportunity to present you how the goal of OpenChain conformance helped.
2/6/21
OpenChain
Jan Thielscher
D.openchain
Openchain is a comprehensive set of requirements allowing to cope with the open source compliance challenge. Recently it even has been accepted as ISO standard. However, compliance in todays world is not possible without tool support. To get a grip on the different tools, understand what they can do and where their limitations are, the OC tooling workgroup decided to develop a capability model. This model outlines all required capabilities to cope with the open source challenge and allows to map ...
2/6/21
OpenChain
Marcel Kurzmann
D.openchain
Open Compliance Reference Tooling in action. The talk will show the most important building blocks of a working automated Open Source Management pipeline based on Open Source Tools as well as the necessary processes and workflows around the tooling to leverage open component metadata from the community.
2/6/21
OpenChain
Max Mehl
D.openchain
Why is it so hard to detect the licensing and copyright information of source code? Because it is a tedious and often confusing task for developers to provide this information. The REUSE project changes that! With three simple steps, it makes adding and reading licensing and copyright information easy for both humans and machines. This presentation will guide you through the REUSE best practices and presents how to make clear licensing simple.