Generating SBOM for your code using OSS Review Toolkit
- Track: Software composition and dependency management devroom
- Room: D.dependency
- Day: Sunday
- Start: 14:20
- End: 14:40
- Video with Q&A: D.dependency
- Video only: D.dependency
- Chat: Join the conversation!
In this talk Thomas will present how one can use OSS Review Toolkit (ORT) to build a CI/CD workflow to do license/security compliance and generate SBOMs. The talk will include a demonstration of OSS Review Toolkit and how its various features in combination with GitLab-based process can be used to automated FOSS reviews requirements (incl. SPDX SBOM generation) and use crowdsourcing within an organization and the FOSS community to overcome challenges such as large amounts of scan results or missing/incorrect FOSS package metadata.
Speakers
Thomas Steenbergen |