Software Composition
FOSSology SCA integration
February 7, 2021
2:35 PM – 2:50 PM Add to calendar
2:35 PM – 2:50 PM Add to calendar
D.composition
FOSSology focusses on license compliance analyses. Recently, a number of new features have been published by the community to integrate better with software composition analysis. The presentation shows an introduction of the main and relevant development here.
FOSSology is considered as one of the leading Open Source tools when it comes to license compliance. There are various ways with which someone can analyze a package in FOSSology. One can either do it manually or can do it programmatically. As the industry is heading towards automation, programmatic approach based on software composition analysis is more preferred and becomes more advantageous. Currently, FOSSology provides 3 different ways to integration with software composition approaches: utilizing FOSSology CLI tools, use one of the client libraries and from the REST API.
The presentation will help by providing different strategies which can be used to automate analysis of software components in an automated environment. We will see how one can use the CLI tools of FOSSology or other FOSS projects built on FOSSology's REST API to push packages for analysis. We will also see how the enhanced API can provide much more information about a package and how analysis can be triggered on-demand. Finally, we will touch upon how one can gather the package information in a neat report for auditing.
Additional information
| Type | devroom |
|---|
More sessions
| 2/7/21 |
Welcome to the Software Composition Analysis Devroom
|
| 2/7/21 |
In this session we will provide an update on OSS Review Toolkit (ORT) - which features have been recently added and what they ORT team is currently working on.
|
| 2/7/21 |
This is a presentation of the latest features and updates in ScanCode toolkit and its companion projects.
|
| 2/7/21 |
Software Composition Analysis (SCA) tools perform source-code analysis, comparison and identification of Open Source components. Sadly, none of the SCA vendors have embraced Open Source themselves, most of their tooling consists of proprietary code and their OSS Knowledge Bases are also closed.
|
| 2/7/21 |
Container and VM images contain many packages and are quite a challenge for composition analysis.
|
| 2/7/21 |
The very short time is some placeholder between presentation groups to have questions being asked and answered or just simple to have a break.
|
| 2/7/21 |
What is a software bill of materials, and why is there all the interest about it? In this session, a quick overview of the minimum viable fields to represent an SBOM, and efforts to help with automation of them.
|
