Open Compliance Reference Tooling
Leveraging Open Source Tools for Open Source Management
- Track: OpenChain devroom
- Room: D.openchain
- Day: Saturday
- Start: 14:55
- End: 15:40
- Video with Q&A: D.openchain
- Video only: D.openchain
- Chat: Join the conversation!
Open Compliance Reference Tooling in action. The talk will show the most important building blocks of a working automated Open Source Management pipeline based on Open Source Tools as well as the necessary processes and workflows around the tooling to leverage open component metadata from the community.
Based on the OSS Review Toolkit as orchestrator, several Open Source tools (like ScanCode, FOSSology, ...) as well as Open Standards like SPDX and open data-sources like Clearly-Defined may be used to provide an automated end-to-end Open Source Compliance pipeline. From the process side, there are different ways to implement this in different organizational contexts. The talk will provide one reference process for continuous integration and continuous deployment. A short demo will be given to illustrate the advantages and challenges of the approach. As everything is based on Open Source, this approach shall help to support the Open Chain idea to provide a state of the art reference tooling for everyone in the supply chain and thus raise the overall Open Source Management maturity.
Speakers
Marcel Kurzmann |