Online / 5 & 6 February 2022


Generating SBOM for your code using OSS Review Toolkit

In this talk Thomas will present how one can use OSS Review Toolkit (ORT) to build a CI/CD workflow to do license/security compliance and generate SBOMs. The talk will include a demonstration of OSS Review Toolkit and how its various features in combination with GitLab-based process can be used to automated FOSS reviews requirements (incl. SPDX SBOM generation) and use crowdsourcing within an organization and the FOSS community to overcome challenges such as large amounts of scan results or missing/incorrect FOSS package metadata.


Photo of Thomas Steenbergen Thomas Steenbergen