OpenChain
Open Compliance Reference Tooling
Leveraging Open Source Tools for Open Source Management
Open Compliance Reference Tooling in action. The talk will show the most important building blocks of a working automated Open Source Management pipeline based on Open Source Tools as well as the necessary processes and workflows around the tooling to leverage open component metadata from the community.
Based on the OSS Review Toolkit as orchestrator, several Open Source tools (like ScanCode, FOSSology, ...) as well as Open Standards like SPDX and open data-sources like Clearly-Defined may be used to provide an automated end-to-end Open Source Compliance pipeline. From the process side, there are different ways to implement this in different organizational contexts. The talk will provide one reference process for continuous integration and continuous deployment. A short demo will be given to illustrate the advantages and challenges of the approach.
As everything is based on Open Source, this approach shall help to support the Open Chain idea to provide a state of the art reference tooling for everyone in the supply chain and thus raise the overall Open Source Management maturity.
Additional information
| Type | devroom |
|---|
More sessions
| 2/6/21 |
A short overview of the OpenChain project, its purpose, goals and the current state
|
| 2/6/21 |
OpenHarmony is a new operating system stewarded by Huawei's Open Source Technology Center, with Array as advisor. Having prioritized compliance, governance and transparency, OpenChain was the natural backdrop for it. Rather than embracing open source only to exploit it, having transparency and compliance as a last minute afterthought, OSTC has made them central pillars from the very beginning. We seek the opportunity to present you how the goal of OpenChain conformance helped.
|
| 2/6/21 |
Openchain is a comprehensive set of requirements allowing to cope with the open source compliance challenge. Recently it even has been accepted as ISO standard. However, compliance in todays world is not possible without tool support. To get a grip on the different tools, understand what they can do and where their limitations are, the OC tooling workgroup decided to develop a capability model. This model outlines all required capabilities to cope with the open source challenge and allows to map ...
|
| 2/6/21 |
Why is it so hard to detect the licensing and copyright information of source code? Because it is a tedious and often confusing task for developers to provide this information. The REUSE project changes that! With three simple steps, it makes adding and reading licensing and copyright information easy for both humans and machines. This presentation will guide you through the REUSE best practices and presents how to make clear licensing simple.
|
| 2/6/21 |
In this talk, James Curtis, lead developer at OpusVL, will explain the complex compliance challenge faced when working on a variety of projects for different customers, each having overlapping and separate areas of Open Source code. He will explain the approach taken to automating the process by connecting up the software release pipeline through Continuous Integration (CI) tooling to deliver OpenChain compliance reporting. This will cover the path from developer and version control through ...
|
